[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm ge
Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Mon, 9 Mar 2020 15:51:32 +0100
This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
been opened for some time without a fix.
So here is a quick fix proposal : fixing the AddBytes macro by forcing
it to check the remaining buffer available before copying the data.
The advantage of doing it here is that it _should (hopefully)_ fix all
the possibly affected code paths (i.e.: all calls to AddBytes,
AddString, AddUnicodeStringLen, AddUnicodeString),
buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.
*WARNING* : I didn't really test it with more than a few partial test
cases (e.g.: I didn't even check if it also works for
Please let me know if it looks good
Red Hat Product Security
Description: Text Data
|[Prev in Thread]
||[Next in Thread]|
- Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request),
Cedric Buissart <=