From fa05fbd1aa141984703e5184b1e983500f19b599 Mon Sep 17 00:00:00 2001
From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com>
Date: Mon, 12 Jun 2023 20:51:12 +0200
Subject: [PATCH] Fix CVE-2018-16890

Merge: curl/curl@b780b30d1377adb10bbe77
---
 r5dev/thirdparty/curl/vauth/ntlm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/r5dev/thirdparty/curl/vauth/ntlm.c b/r5dev/thirdparty/curl/vauth/ntlm.c
index e3e7fbdf..971aad41 100644
--- a/r5dev/thirdparty/curl/vauth/ntlm.c
+++ b/r5dev/thirdparty/curl/vauth/ntlm.c
@@ -180,10 +180,11 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
     target_info_len = Curl_read16_le(&buffer[40]);
     target_info_offset = Curl_read32_le(&buffer[44]);
     if(target_info_len > 0) {
-      if(((target_info_offset + target_info_len) > size) ||
+      if((target_info_offset >= size) ||
+         ((target_info_offset + target_info_len) > size) ||
          (target_info_offset < 48)) {
         infof(data, "NTLM handshake failure (bad type-2 message). "
-                    "Target Info Offset Len is set incorrect by the peer\n");
+              "Target Info Offset Len is set incorrect by the peer\n");
         return CURLE_BAD_CONTENT_ENCODING;
       }