[gnurl] 383/411: ntlm: avoid malloc(0) on zero length user and domain

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 383/411: ntlm: avoid malloc(0) on zero length user and domain

From:	gnunet
Subject:	[gnurl] 383/411: ntlm: avoid malloc(0) on zero length user and domain
Date:	Wed, 13 Jan 2021 01:23:18 +0100

This is an automated email from the git hooks/post-receive script.

nikita pushed a commit to branch master
in repository gnurl.

commit 65d2f563fd908fcb53652339ade81b0869db1fd9
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Sat Nov 28 22:29:59 2020 +0100

    ntlm: avoid malloc(0) on zero length user and domain
    
    ... and simplify the too-long checks somewhat.
    
    Detected by OSS-Fuzz
    
    Closes #6264
---
 lib/curl_ntlm_core.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 9245c1d10..9a075ac90 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -580,15 +580,11 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, 
size_t userlen,
   unsigned char *identity;
   CURLcode result = CURLE_OK;
 
-  /* we do the length checks below separately to avoid integer overflow risk
-     on extreme data lengths */
-  if((userlen > SIZE_T_MAX/2) ||
-     (domlen > SIZE_T_MAX/2) ||
-     ((userlen + domlen) > SIZE_T_MAX/2))
+  if((userlen > CURL_MAX_INPUT_LENGTH) || (domlen > CURL_MAX_INPUT_LENGTH))
     return CURLE_OUT_OF_MEMORY;
 
   identity_len = (userlen + domlen) * 2;
-  identity = malloc(identity_len);
+  identity = malloc(identity_len + 1);
 
   if(!identity)
     return CURLE_OUT_OF_MEMORY;

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnurl] 280/411: mailmap: set Viktor Szakats's email, (continued)
- [gnurl] 280/411: mailmap: set Viktor Szakats's email, gnunet, 2021/01/12
- [gnurl] 269/411: CI/appveyor: disable test 571 in two cmake builds, gnunet, 2021/01/12
- [gnurl] 326/411: ngtcp2: adapt to recent nghttp3 updates, gnunet, 2021/01/12
- [gnurl] 411/411: add lowercase curl, gnunet, 2021/01/12
- [gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone, gnunet, 2021/01/12
- [gnurl] 385/411: openssl: free mem_buf in error path, gnunet, 2021/01/12
- [gnurl] 397/411: ftp: retry getpeername for FTP with TCP_FASTOPEN, gnunet, 2021/01/12
- [gnurl] 406/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 398/411: Revert "multi: implement wait using winsock events", gnunet, 2021/01/12
- [gnurl] 387/411: NEW-PROTOCOL: document what needs to be done to add one, gnunet, 2021/01/12
- [gnurl] 383/411: ntlm: avoid malloc(0) on zero length user and domain, gnunet <=
- [gnurl] 355/411: cmake: use libcurl.rc in all Windows builds, gnunet, 2021/01/12
- [gnurl] 360/411: curl: add compatibility for Amiga and GCC 6.5, gnunet, 2021/01/12
- [gnurl] 345/411: KNOWN_BUGS: make a new section for cmake topics, gnunet, 2021/01/12
- [gnurl] 274/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 330/411: THANKS-filter: ignore autobuild links, gnunet, 2021/01/12
- [gnurl] 368/411: asyn: use 'struct thread_data *' instead of 'void *', gnunet, 2021/01/12
- [gnurl] 305/411: rtsp: fixed the RTST Session ID mismatch in test 570, gnunet, 2021/01/12
- [gnurl] 371/411: infof/failf calls: fix format specifiers, gnunet, 2021/01/12
- [gnurl] 339/411: curl: only warn not fail, if not finding the home dir, gnunet, 2021/01/12
- [gnurl] 319/411: tool_operate: set HSTS with CURLOPT_HSTS to pass on filename, gnunet, 2021/01/12

Prev by Date: [gnurl] 387/411: NEW-PROTOCOL: document what needs to be done to add one
Next by Date: [gnurl] 355/411: cmake: use libcurl.rc in all Windows builds
Previous by thread: [gnurl] 387/411: NEW-PROTOCOL: document what needs to be done to add one
Next by thread: [gnurl] 355/411: cmake: use libcurl.rc in all Windows builds
Index(es):
- Date
- Thread