Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. I edited the fix to make it less likely to occur again (and added a comment explaining the reason to the buffer size).
This commit is contained in:
Daniel Stenberg
5
CHANGES
5
CHANGES
@@ -6,6 +6,11 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Daniel (8 December 2004)
|
||||
- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
|
||||
libcurl always and unconditionally overwrote a stack-based array with 3 zero
|
||||
bytes. This is not an exploitable buffer overflow. No need to get alarmed.
|
||||
|
||||
Daniel (7 December 2004)
|
||||
- Fixed so that the final error message is sent to the verbose info "stream"
|
||||
even if no errorbuffer is set.
|
||||
|
||||
Reference in New Issue
Block a user