1 files changed, 19 insertions, 43 deletions

diff --git a/Utilities/cmcurl/lib/vauth/digest.c b/Utilities/cmcurl/lib/vauth/digest.c
index 559852fcba..a04ffab6fb 100644
--- a/Utilities/cmcurl/lib/vauth/digest.c
+++ b/Utilities/cmcurl/lib/vauth/digest.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -254,7 +254,7 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value)
  *
  * Parameters:
  *
- * chlg64  [in]     - The base64 encoded challenge message.
+ * chlgref [in]     - The challenge message.
  * nonce   [in/out] - The buffer where the nonce will be stored.
  * nlen    [in]     - The length of the nonce buffer.
  * realm   [in/out] - The buffer where the realm will be stored.
@@ -266,55 +266,35 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value)
  *
  * Returns CURLE_OK on success.
  */
-static CURLcode auth_decode_digest_md5_message(const char *chlg64,
+static CURLcode auth_decode_digest_md5_message(const struct bufref *chlgref,
                                                char *nonce, size_t nlen,
                                                char *realm, size_t rlen,
                                                char *alg, size_t alen,
                                                char *qop, size_t qlen)
 {
-  CURLcode result = CURLE_OK;
-  unsigned char *chlg = NULL;
-  size_t chlglen = 0;
-  size_t chlg64len = strlen(chlg64);
-
-  /* Decode the base-64 encoded challenge message */
-  if(chlg64len && *chlg64 != '=') {
-    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
-    if(result)
-      return result;
-  }
+  const char *chlg = (const char *) Curl_bufref_ptr(chlgref);
 
   /* Ensure we have a valid challenge message */
-  if(!chlg)
+  if(!Curl_bufref_len(chlgref))
     return CURLE_BAD_CONTENT_ENCODING;
 
   /* Retrieve nonce string from the challenge */
-  if(!auth_digest_get_key_value((char *) chlg, "nonce=\"", nonce, nlen,
-                                '\"')) {
-    free(chlg);
+  if(!auth_digest_get_key_value(chlg, "nonce=\"", nonce, nlen, '\"'))
     return CURLE_BAD_CONTENT_ENCODING;
-  }
 
   /* Retrieve realm string from the challenge */
-  if(!auth_digest_get_key_value((char *) chlg, "realm=\"", realm, rlen,
-                                '\"')) {
+  if(!auth_digest_get_key_value(chlg, "realm=\"", realm, rlen, '\"')) {
     /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
     strcpy(realm, "");
   }
 
   /* Retrieve algorithm string from the challenge */
-  if(!auth_digest_get_key_value((char *) chlg, "algorithm=", alg, alen, ',')) {
-    free(chlg);
+  if(!auth_digest_get_key_value(chlg, "algorithm=", alg, alen, ','))
     return CURLE_BAD_CONTENT_ENCODING;
-  }
 
   /* Retrieve qop-options string from the challenge */
-  if(!auth_digest_get_key_value((char *) chlg, "qop=\"", qop, qlen, '\"')) {
-    free(chlg);
+  if(!auth_digest_get_key_value(chlg, "qop=\"", qop, qlen, '\"'))
     return CURLE_BAD_CONTENT_ENCODING;
-  }
-
-  free(chlg);
 
   return CURLE_OK;
 }
@@ -342,22 +322,20 @@ bool Curl_auth_is_digest_supported(void)
  * Parameters:
  *
  * data    [in]     - The session handle.
- * chlg64  [in]     - The base64 encoded challenge message.
+ * chlg    [in]     - The challenge message.
  * userp   [in]     - The user name.
  * passwdp [in]     - The user's password.
  * service [in]     - The service type such as http, smtp, pop or imap.
- * outptr  [in/out] - The address where a pointer to newly allocated memory
- *                    holding the result will be stored upon completion.
- * outlen  [out]    - The length of the output message.
+ * out     [out]    - The result storage.
  *
  * Returns CURLE_OK on success.
  */
 CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
-                                             const char *chlg64,
+                                             const struct bufref *chlg,
                                              const char *userp,
                                              const char *passwdp,
                                              const char *service,
-                                             char **outptr, size_t *outlen)
+                                             struct bufref *out)
 {
   size_t i;
   struct MD5_context *ctxt;
@@ -378,9 +356,10 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
   char *spn         = NULL;
 
   /* Decode the challenge message */
-  CURLcode result = auth_decode_digest_md5_message(chlg64, nonce,
-                                                   sizeof(nonce), realm,
-                                                   sizeof(realm), algorithm,
+  CURLcode result = auth_decode_digest_md5_message(chlg,
+                                                   nonce, sizeof(nonce),
+                                                   realm, sizeof(realm),
+                                                   algorithm,
                                                    sizeof(algorithm),
                                                    qop_options,
                                                    sizeof(qop_options));
@@ -500,11 +479,8 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
   if(!response)
     return CURLE_OUT_OF_MEMORY;
 
-  /* Base64 encode the response */
-  result = Curl_base64_encode(data, response, 0, outptr, outlen);
-
-  free(response);
-
+  /* Return the response. */
+  Curl_bufref_set(out, response, strlen(response), curl_free);
   return result;
 }