[libsoup/gnome-3-32] NTLM: Avoid a potential heap buffer overflow in v2 authentication

[Claudio Saavedra <csaavedra src gnome org>]

commit 060aa98c0810ed0c3860bda00293a97ae9d86cfe
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Mon Oct 7 16:32:15 2019 +0300

    NTLM: Avoid a potential heap buffer overflow in v2 authentication
    
    Check the length of the decoded v2 challenge before attempting to
    parse it, to avoid reading past it.
    
    Fixes #173

 libsoup/soup-auth-ntlm.c | 6 ++++++
 1 file changed, 6 insertions(+)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index 7c6a4b0e..61ff93cf 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -730,6 +730,12 @@ soup_ntlm_parse_challenge (const char *challenge,
        *ntlmv2_session = (flags & NTLM_FLAGS_NEGOTIATE_NTLMV2) ? TRUE : FALSE;
        /* To know if NTLMv2 responses should be calculated */
        *negotiate_target = (flags & NTLM_FLAGS_NEGOTIATE_TARGET_INFORMATION ) ? TRUE : FALSE;
+        if (*negotiate_target) {
+            if (clen < NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET + sizeof (target)) {
+                g_free (chall);
+                return FALSE;
+            }
+        }
 
        if (default_domain) {
                memcpy (&domain, chall + NTLM_CHALLENGE_DOMAIN_STRING_OFFSET, sizeof (domain));