mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
ntlm: avoid malloc(0) on zero length user and domain
... and simplify the too-long checks somewhat. Detected by OSS-Fuzz Closes #6264
This commit is contained in:
parent
732398561b
commit
65d2f563fd
@ -580,15 +580,11 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
|
||||
unsigned char *identity;
|
||||
CURLcode result = CURLE_OK;
|
||||
|
||||
/* we do the length checks below separately to avoid integer overflow risk
|
||||
on extreme data lengths */
|
||||
if((userlen > SIZE_T_MAX/2) ||
|
||||
(domlen > SIZE_T_MAX/2) ||
|
||||
((userlen + domlen) > SIZE_T_MAX/2))
|
||||
if((userlen > CURL_MAX_INPUT_LENGTH) || (domlen > CURL_MAX_INPUT_LENGTH))
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
identity_len = (userlen + domlen) * 2;
|
||||
identity = malloc(identity_len);
|
||||
identity = malloc(identity_len + 1);
|
||||
|
||||
if(!identity)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
Loading…
Reference in New Issue
Block a user