moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 05:58:01 -05:00
Code Issues Releases Wiki Activity

Curl_ntlm_core_mk_nt_hash: return error on too long password

Browse Source 
... since it would cause an integer overflow if longer than (max size_t
/ 2).

This is CVE-2018-14618

Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
This commit is contained in:
Daniel Stenberg 2018-08-13 10:35:52 +02:00
parent 19ebc28217
commit 57d299a499
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/curl_ntlm_core.c
View File

@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
unsigned char *ntbuffer /* 21 bytes */)
{
size_t len = strlen(password);
unsigned char *pw = len ? malloc(len * 2) : strdup("");
unsigned char *pw;
CURLcode result;
if(len > SIZE_T_MAX/2) /* avoid integer overflow */
return CURLE_OUT_OF_MEMORY;
pw = len ? malloc(len * 2) : strdup("");
if(!pw)
return CURLE_OUT_OF_MEMORY;