heap-buffer-overflow in soup_ntlm_parse_challenge()gnome-3-22

https://bugzilla.gnome.org/show_bug.cgi?id=788037
author: Milan Crha <mcrha@redhat.com> 2017-11-14 09:36:46 +0100
committer: Milan Crha <mcrha@redhat.com> 2017-11-14 09:48:48 +0100
commit: 1a05e68aab1c0f8fd59f02bd0239515ea6520b49 (patch)
tree: e3a1ab6618bdd4fa1ffe5340bcd165711e5f41c0
parent: 9f33a39f649e658e2d938f4f7decabc4e47db484 (diff)
download: libsoup-gnome-3-22.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index 68029aee..992b2588 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -332,6 +332,11 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
 	if (conn->state == SOUP_NTLM_NEW && !auth_header[4])
 		return TRUE;
 
+	if (!auth_header[4] || !auth_header[5]) {
+		conn->state = SOUP_NTLM_FAILED;
+		return FALSE;
+	}
+
 	if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce,
 					priv->domain ? NULL : &priv->domain,
 					&conn->ntlmv2_session)) {
author	Milan Crha <mcrha@redhat.com>	2017-11-14 09:36:46 +0100
committer	Milan Crha <mcrha@redhat.com>	2017-11-14 09:48:48 +0100
commit	1a05e68aab1c0f8fd59f02bd0239515ea6520b49 (patch)
tree	e3a1ab6618bdd4fa1ffe5340bcd165711e5f41c0
parent	9f33a39f649e658e2d938f4f7decabc4e47db484 (diff)
download	libsoup-gnome-3-22.tar.gz