mirror of
https://github.com/moparisthebest/curl
synced 2025-01-11 05:58:01 -05:00
ntlm_wb: bail out if the response gets overly large
Exit the realloc() loop if the response turns out ridiculously large to avoid worse problems. Reported-by: Harry Sintonen Closes #2959
This commit is contained in:
parent
6e4b8c5073
commit
37da149670
@ -5,7 +5,7 @@
|
|||||||
* | (__| |_| | _ <| |___
|
* | (__| |_| | _ <| |___
|
||||||
* \___|\___/|_| \_\_____|
|
* \___|\___/|_| \_\_____|
|
||||||
*
|
*
|
||||||
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
*
|
*
|
||||||
* This software is licensed as described in the file COPYING, which
|
* This software is licensed as described in the file COPYING, which
|
||||||
* you should have received as part of this distribution. The terms
|
* you should have received as part of this distribution. The terms
|
||||||
@ -249,6 +249,9 @@ done:
|
|||||||
return CURLE_REMOTE_ACCESS_DENIED;
|
return CURLE_REMOTE_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* if larger than this, something is seriously wrong */
|
||||||
|
#define MAX_NTLM_WB_RESPONSE 100000
|
||||||
|
|
||||||
static CURLcode ntlm_wb_response(struct connectdata *conn,
|
static CURLcode ntlm_wb_response(struct connectdata *conn,
|
||||||
const char *input, curlntlm state)
|
const char *input, curlntlm state)
|
||||||
{
|
{
|
||||||
@ -289,6 +292,12 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
|
|||||||
buf[len_out - 1] = '\0';
|
buf[len_out - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(len_out > MAX_NTLM_WB_RESPONSE) {
|
||||||
|
failf(conn->data, "too large ntlm_wb response!");
|
||||||
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
newbuf = Curl_saferealloc(buf, len_out + NTLM_BUFSIZE);
|
newbuf = Curl_saferealloc(buf, len_out + NTLM_BUFSIZE);
|
||||||
if(!newbuf)
|
if(!newbuf)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
|
Loading…
Reference in New Issue
Block a user