diff options
author | Milan Crha <mcrha@redhat.com> | 2017-11-14 09:36:46 +0100 |
---|---|---|
committer | Milan Crha <mcrha@redhat.com> | 2017-11-14 09:44:05 +0100 |
commit | b79689833ba302b603b527e590cce8ddf54d70cd (patch) | |
tree | bb1b829b4498b967f8e21aa2a60816fb4da5b02d | |
parent | 2a6368154fc324ecbb2d165636608a5362904862 (diff) | |
download | libsoup-b79689833ba302b603b527e590cce8ddf54d70cd.tar.gz |
heap-buffer-overflow in soup_ntlm_parse_challenge()
https://bugzilla.gnome.org/show_bug.cgi?id=788037
-rw-r--r-- | libsoup/soup-auth-ntlm.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c index 723c8ca8..19a551ee 100644 --- a/libsoup/soup-auth-ntlm.c +++ b/libsoup/soup-auth-ntlm.c @@ -332,6 +332,11 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg, if (conn->state == SOUP_NTLM_NEW && !auth_header[4]) return TRUE; + if (!auth_header[4] || !auth_header[5]) { + conn->state = SOUP_NTLM_FAILED; + return FALSE; + } + if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce, priv->domain ? NULL : &priv->domain, &conn->ntlmv2_session)) { |