Curl_auth_create_plain_message: fix too-large-input-check

CVE-2018-16839 Reported-by: Harry Sintonen Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2024-08-13 17:03:50 -04:00 · 2018-09-28 16:08:16 +02:00 · 2018-09-28 16:08:16 +02:00 · f3a24d7916
commit f3a24d7916
parent 81d135d671
1 changed files with 1 additions and 1 deletions
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
  plen = strlen(passwdp);

  /* Compute binary message length. Check for overflows. */
-  if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+  if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
    return CURLE_OUT_OF_MEMORY;
  plainlen = 2 * ulen + plen + 2;