Commit f8a54ac8 authored by Claudio Saavedra's avatar Claudio Saavedra

NTLM: Avoid a potential heap buffer overflow in v2 authentication

Check the length of the decoded v2 challenge before attempting to
parse it, to avoid reading past it.

Fixes #173
parent e7dee067
Pipeline #122038 passed with stage
in 2 minutes and 29 seconds
......@@ -731,6 +731,12 @@ soup_ntlm_parse_challenge (const char *challenge,
*ntlmv2_session = (flags & NTLM_FLAGS_NEGOTIATE_NTLMV2) ? TRUE : FALSE;
/* To know if NTLMv2 responses should be calculated */
*negotiate_target = (flags & NTLM_FLAGS_NEGOTIATE_TARGET_INFORMATION ) ? TRUE : FALSE;
if (*negotiate_target) {
if (clen < NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET + sizeof (target)) {
g_free (chall);
return FALSE;
}
}
if (default_domain) {
memcpy (&domain, chall + NTLM_CHALLENGE_DOMAIN_STRING_OFFSET, sizeof (domain));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment