[libsoup/ntlm-v2-heap-buffer-overflow] NTLM: Avoid a potential heap buffer overflow in v2 authentication
- From: Claudio Saavedra <csaavedra src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsoup/ntlm-v2-heap-buffer-overflow] NTLM: Avoid a potential heap buffer overflow in v2 authentication
- Date: Mon, 7 Oct 2019 13:36:33 +0000 (UTC)
commit 88b7dff4467f4151afae244ea7d1223753cd05ab
Author: Claudio Saavedra <csaavedra igalia com>
Date: Mon Oct 7 16:32:15 2019 +0300
NTLM: Avoid a potential heap buffer overflow in v2 authentication
Check the length of the decoded v2 challenge before attempting to
parse it, to avoid reading past it.
Fixes #173
libsoup/soup-auth-ntlm.c | 6 ++++++
1 file changed, 6 insertions(+)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index ce0b0f5c..2985e740 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -731,6 +731,12 @@ soup_ntlm_parse_challenge (const char *challenge,
*ntlmv2_session = (flags & NTLM_FLAGS_NEGOTIATE_NTLMV2) ? TRUE : FALSE;
/* To know if NTLMv2 responses should be calculated */
*negotiate_target = (flags & NTLM_FLAGS_NEGOTIATE_TARGET_INFORMATION ) ? TRUE : FALSE;
+ if (*negotiate_target && target_info) {
+ if (clen < NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET + sizeof (target)) {
+ g_free (chall);
+ return FALSE;
+ }
+ }
if (default_domain) {
memcpy (&domain, chall + NTLM_CHALLENGE_DOMAIN_STRING_OFFSET, sizeof (domain));
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]