generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure

Browse Source 
got no notification, no mail, no nothing.

You didn't even bother to mail us when you went public with this. Cool.

NTLM buffer overflow fix, as reported here:

http://www.securityfocus.com/archive/1/391042
This commit is contained in:
Daniel Stenberg 2005-02-22 07:44:14 +00:00
parent b7721deb02
commit 19f66c7575
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/http_ntlm.c
View File

@ -103,7 +103,6 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
header++;
if(checkprefix("NTLM", header)) {
unsigned char buffer[256];
header += strlen("NTLM");
while(*header && isspace((int)*header))
@ -123,8 +122,12 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
(40) Target Information (optional) security buffer(*)
32 (48) start of data block
*/
size_t size;
unsigned char *buffer = (unsigned char *)malloc(strlen(header));
if (buffer == NULL)
return CURLNTLM_BAD;
size_t size = Curl_base64_decode(header, (char *)buffer);
size = Curl_base64_decode(header, (char *)buffer);
ntlm->state = NTLMSTATE_TYPE2; /* we got a type-2 */
@ -134,6 +137,7 @@ CURLntlm Curl_input_ntlm(struct connectdata *conn,
/* at index decimal 20, there's a 32bit NTLM flag field */
free(buffer);
}
else {
if(ntlm->state >= NTLMSTATE_TYPE1)