[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 143/153: Curl_ntlm_core_mk_nt_hash: return error on
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 143/153: Curl_ntlm_core_mk_nt_hash: return error on too long password |
Date: |
Tue, 11 Sep 2018 12:53:34 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 57d299a499155d4b327e341c6024e293b0418243
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Aug 13 10:35:52 2018 +0200
Curl_ntlm_core_mk_nt_hash: return error on too long password
... since it would cause an integer overflow if longer than (max size_t
/ 2).
This is CVE-2018-14618
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
---
lib/curl_ntlm_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index e27cab353..922e85a92 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
unsigned char *ntbuffer /* 21 bytes */)
{
size_t len = strlen(password);
- unsigned char *pw = len ? malloc(len * 2) : strdup("");
+ unsigned char *pw;
CURLcode result;
+ if(len > SIZE_T_MAX/2) /* avoid integer overflow */
+ return CURLE_OUT_OF_MEMORY;
+ pw = len ? malloc(len * 2) : strdup("");
if(!pw)
return CURLE_OUT_OF_MEMORY;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 14/153: header output: switch off all styles, not just unbold, (continued)
- [GNUnet-SVN] [gnurl] 14/153: header output: switch off all styles, not just unbold, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 149/153: Curl_getoff_all_pipelines: ignore unused return values, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 132/153: CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip], gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 144/153: openssl: Fix setting TLS 1.3 cipher suites, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 153/153: guix.scm: adjust to version., gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 150/153: RELEASE-NOTES: 7.61.1, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 151/153: THANKS: 7.61.1 status, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 148/153: sftp: fix indentation, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 145/153: tool_operate: Add http code 408 to transient list for --retry, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 146/153: url, vtls: make CURLOPT{, _PROXY}_TLS13_CIPHERS work, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 143/153: Curl_ntlm_core_mk_nt_hash: return error on too long password,
gnunet <=
- [GNUnet-SVN] [gnurl] 138/153: tool_operate: Fix setting proxy TLS 1.3 ciphers, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 133/153: RELEASE-NOTES: synced, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 137/153: cookies: support creation-time attribute for cookies, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 134/153: THANKS-filter: dedup Daniel JeliĆski, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 152/153: Merge tag 'curl-7_61_1', gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 141/153: test1148: fix precheck output, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 127/153: lib1522: fix curl_easy_setopt argument type, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 135/153: CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 129/153: cmdline-opts/page-footer: fix edit mistake, gnunet, 2018/09/11
- [GNUnet-SVN] [gnurl] 140/153: all: s/int/size_t cleanup, gnunet, 2018/09/11