R5Reloaded/r5sdk
1
0
Fork 0
mirror of https://github.com/Mauler125/r5sdk.git synced 2025-02-09 19:15:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2019-3822

Browse Source 
Merge: curl/curl@50c9484278
This commit is contained in:
Kawe Mazidjatari 2023-06-12 20:48:21 +02:00
parent 46f11218c6
commit 52d8ef5719
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
r5dev/thirdparty/curl/vauth/ntlm.c vendored
View File

@ -769,11 +769,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
}); });
#ifdef USE_NTRESPONSES #ifdef USE_NTRESPONSES
if(size < (NTLM_BUFSIZE - ntresplen)) { /* ntresplen + size should not be risking an integer overflow here */
DEBUGASSERT(size == (size_t)ntrespoff); if(ntresplen + size > sizeof(ntlmbuf)) {
memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen); failf(data, "incoming NTLM message too big");
size += ntresplen; return CURLE_OUT_OF_MEMORY;
} }
DEBUGASSERT(size == (size_t)ntrespoff);
memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
size += ntresplen;
DEBUG_OUT({ DEBUG_OUT({
fprintf(stderr, "\n ntresp="); fprintf(stderr, "\n ntresp=");