On Tue, 2004-07-13 at 19:55, Henrik Nordstrom wrote: > On Tue, 13 Jul 2004, Andrew Bartlett wrote: > > > While I've been trying to code up the 'Negotiate' (SPNEGO) support for > > Squid, I have seen a lot of: > > > > ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ > > + 5); > > As robert already said, there is no reason xstrdup should not be used > here, and I also suspect many of these copies should go away completely > when we get rid of the challenge/response cache.
Good. > > These worry me - not only are these packets not fixed size, Squid has no > > way of knowing what they should be! > > Correct. Squid has no business trying to guess the properties of the > exchanged blobs. It seems a pattern to avoid xstrdup(), so as to avoid the client allocating 50MB of memory in headers. Are there other checks on this, or do we just need to define a (larger) constant? Thanks, Andrew Bartlett
signature.asc
Description: This is a digitally signed message part
