1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

[svn] Added Daniel's fix for remotely exploitable buffer overflow vulnerability in NTML code.

This commit is contained in:
mtortonesi 2005-10-13 02:04:16 -07:00
parent 02e8aa3ac4
commit 4950b4f441
2 changed files with 9 additions and 0 deletions

View File

@ -1,3 +1,7 @@
2005-10-13 Daniel Stenberg <daniel@haxx.se>
* http-ntlm.c (ntlm_output): Fixed buffer overflow vulnerability.
2005-10-09 Russ Allbery <rra@stanford.edu> 2005-10-09 Russ Allbery <rra@stanford.edu>
* snprintf.c: Remove round to round_int and pow10 to pow10_int, to * snprintf.c: Remove round to round_int and pow10 to pow10_int, to

View File

@ -524,6 +524,11 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
size=64; size=64;
ntlmbuf[62]=ntlmbuf[63]=0; ntlmbuf[62]=ntlmbuf[63]=0;
/* Make sure that the user and domain strings fit in the target buffer
before we copy them there. */
if(size + userlen + domlen >= sizeof(ntlmbuf))
return NULL;
memcpy(&ntlmbuf[size], domain, domlen); memcpy(&ntlmbuf[size], domain, domlen);
size += domlen; size += domlen;