diff options
author | Milan Crha <mcrha@redhat.com> | 2017-11-14 09:36:46 +0100 |
---|---|---|
committer | Milan Crha <mcrha@redhat.com> | 2017-11-14 09:48:48 +0100 |
commit | 1a05e68aab1c0f8fd59f02bd0239515ea6520b49 (patch) | |
tree | e3a1ab6618bdd4fa1ffe5340bcd165711e5f41c0 | |
parent | 9f33a39f649e658e2d938f4f7decabc4e47db484 (diff) | |
download | libsoup-gnome-3-22.tar.gz |
heap-buffer-overflow in soup_ntlm_parse_challenge()gnome-3-22
https://bugzilla.gnome.org/show_bug.cgi?id=788037
-rw-r--r-- | libsoup/soup-auth-ntlm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c index 68029aee..992b2588 100644 --- a/libsoup/soup-auth-ntlm.c +++ b/libsoup/soup-auth-ntlm.c @@ -332,6 +332,11 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg, if (conn->state == SOUP_NTLM_NEW && !auth_header[4]) return TRUE; + if (!auth_header[4] || !auth_header[5]) { + conn->state = SOUP_NTLM_FAILED; + return FALSE; + } + if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce, priv->domain ? NULL : &priv->domain, &conn->ntlmv2_session)) { |