krb4 fixed

2 files changed, 13 insertions, 11 deletions

diff --git a/lib/krb4.c b/lib/krb4.c
index 7b04828ab..e5ecabffa 100644
--- a/lib/krb4.c
+++ b/lib/krb4.c
@@ -200,7 +200,7 @@ krb4_auth(void *app_data, struct connectdata *conn)
   int ret;
   char *p;
   unsigned char *ptr;
-  int len;
+  size_t len;
   KTEXT_ST adat;
   MSG_DAT msg_data;
   int checksum;
@@ -324,7 +324,7 @@ CURLcode Curl_krb_kauth(struct connectdata *conn)
   char *name;
   char *p;
   char passwd[100];
-  int tmp;
+  size_t tmp;
   ssize_t nread;
   int save;
   CURLcode result;
@@ -355,11 +355,11 @@ CURLcode Curl_krb_kauth(struct connectdata *conn)
 
   p += 2;
   tmp = Curl_base64_decode(p, &ptr);
-  if(len > sizeof(tkt.dat)-1) {
+  if(tmp >= sizeof(tkt.dat)) {
     free(ptr);
-    len=0;
+    tmp=0;
   }
-  if(!len || !ptr) {
+  if(!tmp || !ptr) {
     Curl_failf(conn->data, "Failed to decode base64 in reply.\n");
     Curl_set_command_prot(conn, save);
     return CURLE_FTP_WEIRD_SERVER_REPLY;
diff --git a/lib/security.c b/lib/security.c
index 64c55b3ba..c1df26c05 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -297,13 +297,15 @@ int
 Curl_sec_read_msg(struct connectdata *conn, char *s, int level)
 {
   int len;
-  char *buf;
+  unsigned char *buf;
   int code;
 
-  buf = malloc(strlen(s));
-  len = Curl_base64_decode(s + 4, buf); /* XXX */
+  len = Curl_base64_decode(s + 4, &buf); /* XXX */
+  if(len > 0)
+    len = (conn->mech->decode)(conn->app_data, buf, len, level, conn);
+  else
+    return -1;
 
-  len = (conn->mech->decode)(conn->app_data, buf, len, level, conn);
   if(len < 0) {
     free(buf);
     return -1;
@@ -314,10 +316,10 @@ Curl_sec_read_msg(struct connectdata *conn, char *s, int level)
   if(buf[3] == '-')
     code = 0;
   else
-    sscanf(buf, "%d", &code);
+    sscanf((char *)buf, "%d", &code);
   if(buf[len-1] == '\n')
     buf[len-1] = '\0';
-  strcpy(s, buf);
+  strcpy(s, (char *)buf);
   free(buf);
   return code;
 }