blob: 8c763fa391b86f0e2e6b6ff1a36712ad0b1a207f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From e17b8b0f19b25a223b0cc41933b881c3a1073e61 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 11 May 2023 19:31:54 +0100
Subject: [PATCH 3/4] Auths: fix possible OOB write in SPA authenticator. Bug
3000
---
doc/doc-txt/ChangeLog | 3 +++
src/src/auths/auth-spa.c | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/src/auths/auth-spa.c
+++ b/src/auths/auth-spa.c
@@ -1214,7 +1214,9 @@ char versionString[] = "libntlm version
#define spa_bytes_add(ptr, header, buf, count) \
{ \
-if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \
+if ( buf && (count) != 0 /* we hate -Wint-in-bool-contex */ \
+ && ptr->bufIndex + count < sizeof(ptr->buffer) \
+ ) \
{ \
SSVAL(&ptr->header.len,0,count); \
SSVAL(&ptr->header.maxlen,0,count); \
|
