[libsoup/gnome-3-26] heap-buffer-overflow in soup_ntlm_parse_challenge()

From: Milan Crha <mcrha src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup/gnome-3-26] heap-buffer-overflow in soup_ntlm_parse_challenge()
Date: Tue, 14 Nov 2017 08:44:50 +0000 (UTC)

commit b79689833ba302b603b527e590cce8ddf54d70cd
Author: Milan Crha <mcrha redhat com>
Date:   Tue Nov 14 09:36:46 2017 +0100

    heap-buffer-overflow in soup_ntlm_parse_challenge()
    
    https://bugzilla.gnome.org/show_bug.cgi?id=788037

 libsoup/soup-auth-ntlm.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index 723c8ca..19a551e 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -332,6 +332,11 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
        if (conn->state == SOUP_NTLM_NEW && !auth_header[4])
                return TRUE;
 
+       if (!auth_header[4] || !auth_header[5]) {
+               conn->state = SOUP_NTLM_FAILED;
+               return FALSE;
+       }
+
        if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce,
                                        priv->domain ? NULL : &priv->domain,
                                        &conn->ntlmv2_session)) {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]