ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-16 07:30:31 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
openwrt/package/network/utils/curl/patches/402-CVE-2018-16839.patch

24 lines
795 B
Diff
Raw Normal View History

curl: Fix multiple security problems This fixes the following security problems: * CVE-2018-14618: NTLM password overflow via integer overflow * CVE-2018-16839: SASL password overflow via integer overflow * CVE-2018-16840: use-after-free in handle close * CVE-2018-16842: warning message out-of-buffer read * CVE-2019-3823: SMTP end-of-response out-of-bounds read * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:40:26 +02:00
From f3a24d7916b9173c69a3e0ee790102993833d6c5 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Sep 2018 16:08:16 +0200
Subject: [PATCH] Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
---
lib/vauth/cleartext.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(
plen = strlen(passwdp);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+ if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
plainlen = 2 * ulen + plen + 2;
Reference in New Issue Copy Permalink