1 files changed, 15 insertions, 10 deletions

diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c
index 858a797d8b..ffa6906b74 100644
--- a/libs/libcurl/src/http_negotiate.c
+++ b/libs/libcurl/src/http_negotiate.c
@@ -27,10 +27,12 @@
 #if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)

 

 #include "urldata.h"

+#include "cfilters.h"

 #include "sendf.h"

 #include "http_negotiate.h"

 #include "vauth/vauth.h"

 #include "vtls/vtls.h"

+#include "curlx/strparse.h"

 

 /* The last 3 #include files should be in this order */

 #include "curl_printf.h"

@@ -85,8 +87,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
 

   /* Obtain the input token, if any */

   header += strlen("Negotiate");

-  while(*header && ISBLANK(*header))

-    header++;

+  curlx_str_passblanks(&header);

 

   len = strlen(header);

   neg_ctx->havenegdata = len != 0;

@@ -108,9 +109,10 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
   neg_ctx->sslContext = conn->sslContext;

 #endif

   /* Check if the connection is using SSL and get the channel binding data */

-#if defined(USE_SSL) && defined(HAVE_GSSAPI)

-  if(conn->handler->flags & PROTOPT_SSL) {

-    Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE);

+#ifdef HAVE_GSSAPI

+#ifdef USE_SSL

+  curlx_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);

+  if(Curl_conn_is_ssl(conn, FIRSTSOCKET)) {

     result = Curl_ssl_get_channel_binding(

       data, FIRSTSOCKET, &neg_ctx->channel_binding_data);

     if(result) {

@@ -118,14 +120,17 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn,
       return result;

     }

   }

-#endif

+#else

+  curlx_dyn_init(&neg_ctx->channel_binding_data, 1);

+#endif /* USE_SSL */

+#endif /* HAVE_GSSAPI */

 

   /* Initialize the security context and decode our challenge */

   result = Curl_auth_decode_spnego_message(data, userp, passwdp, service,

                                            host, header, neg_ctx);

 

-#if defined(USE_SSL) && defined(HAVE_GSSAPI)

-  Curl_dyn_free(&neg_ctx->channel_binding_data);

+#ifdef HAVE_GSSAPI

+  curlx_dyn_free(&neg_ctx->channel_binding_data);

 #endif

 

   if(result)

@@ -202,12 +207,12 @@ CURLcode Curl_output_negotiate(struct Curl_easy *data,
 

     if(proxy) {

 #ifndef CURL_DISABLE_PROXY

-      Curl_safefree(data->state.aptr.proxyuserpwd);

+      free(data->state.aptr.proxyuserpwd);

       data->state.aptr.proxyuserpwd = userp;

 #endif

     }

     else {

-      Curl_safefree(data->state.aptr.userpwd);

+      free(data->state.aptr.userpwd);

       data->state.aptr.userpwd = userp;

     }