Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. I edited the fix to make it less likely to occur again (and added a comment explaining the reason to the buffer size).
This commit is contained in:
Daniel Stenberg
@@ -25,6 +25,7 @@ This release includes the following changes:
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o bad memory access in the NTLM code
|
||||
o EPSV on multi-homed servers now works correctly
|
||||
o chunked-encoded transfers could get closed pre-maturely without error
|
||||
o proxy CONNECT now default timeouts after 3600 seconds
|
||||
@@ -61,6 +62,6 @@ advice from friends like these:
|
||||
Tomas Pospisek, Gisle Vanem, Dan Fandrich, Paul Nolan, Andres Garcia,
|
||||
Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
|
||||
Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
|
||||
Richard Atterer
|
||||
Richard Atterer, Rene Bernhardt
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
||||
Reference in New Issue
Block a user