[libsoup/gnome-3-22] heap-buffer-overflow in soup_ntlm_parse_challenge()

[Milan Crha <mcrha src gnome org>]

commit 1a05e68aab1c0f8fd59f02bd0239515ea6520b49
Author: Milan Crha <mcrha redhat com>
Date:   Tue Nov 14 09:36:46 2017 +0100

    heap-buffer-overflow in soup_ntlm_parse_challenge()
    
    https://bugzilla.gnome.org/show_bug.cgi?id=788037

 libsoup/soup-auth-ntlm.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index 68029ae..992b258 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -332,6 +332,11 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
        if (conn->state == SOUP_NTLM_NEW && !auth_header[4])
                return TRUE;
 
+       if (!auth_header[4] || !auth_header[5]) {
+               conn->state = SOUP_NTLM_FAILED;
+               return FALSE;
+       }
+
        if (!soup_ntlm_parse_challenge (auth_header + 5, &conn->nonce,
                                        priv->domain ? NULL : &priv->domain,
                                        &conn->ntlmv2_session)) {