[PATCH 3/6] Enable a padding when sending password, to avoid leakage of password length.

[Nikos Mavrogiannopoulos]

Signed-off-by: Nikos Mavrogiannopoulos <nmav at gnutls.org>
---
 http.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/http.c b/http.c
index 5adacaa..c713f27 100644
--- a/http.c
+++ b/http.c
@@ -865,6 +865,7 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
 	struct oc_text_buf *buf;
 	int result, buflen;
 	int rq_retry;
+	int rlen, pad;
 
  redirected:
 	vpninfo->redirect_type = REDIR_TYPE_NONE;
@@ -888,8 +889,15 @@ static int do_https_request(struct openconnect_info *vpninfo, const char *method
 	add_common_headers(vpninfo, buf);
 
 	if (request_body_type) {
+		rlen = strlen(request_body);
+		
+		/* force body length to be a multiple of 64, to avoid leaking
+		 * password length. */
+		pad = 64*(1+rlen/64) - rlen;
+		buf_append(buf, "X-Pad: %0*d\r\n", pad, 0);
+
 		buf_append(buf, "Content-Type: %s\r\n", request_body_type);
-		buf_append(buf, "Content-Length: %zd\r\n", strlen(request_body));
+		buf_append(buf, "Content-Length: %zd\r\n", rlen);
 	}
 	buf_append(buf, "\r\n");