Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntl

libntlm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntl

From:	Simon Josefsson
Subject:	Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Date:	Sun, 19 Apr 2020 10:02:48 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Cedric Buissart <address@hidden> writes:

> Hi,
>
> This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
> been opened for some time without a fix.
>
> So here is a quick fix proposal : fixing the AddBytes macro by forcing
> it to check the remaining buffer available before copying the data.
> The advantage of doing it here is that it _should (hopefully)_ fix all
> the possibly affected code paths (i.e.: all calls to AddBytes,
> AddString, AddUnicodeStringLen, AddUnicodeString),
> buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.

Hi Cedric!  Thank you for looking at this, and the patch!  Thanks also
to Kirin for initial report.  I have pushed your patch now, together
with a somewhat improved regression check that can be used to detect
buggy libntlm's.  I will release version 1.6 shortly.

Thanks,
Simon

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request), Simon Josefsson <=
- Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request), Cedric Buissart, 2020/04/21

Next by Date: Libntlm 1.6
Next by thread: Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Index(es):
- Date
- Thread