projects / platform / upstream / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 17bd33b) | patch
Curl_ntlm_core_mk_nt_hash: return error on too long password 56/191056/1
authorDaniel Stenberg <daniel@haxx.se>
Mon, 13 Aug 2018 08:35:52 +0000 (10:35 +0200)
committerNishant Chaprana <n.chaprana@samsung.com>
Thu, 11 Oct 2018 05:40:39 +0000 (11:10 +0530)
commitba96fa38870e04e258260c48722421692dcc8482
treee8ef636e4d1945a738f49ea58830d920ebbcc2dftree | snapshot
parent17bd33bb4d935e491856bd99c1cd7176f49c76c8commit | diff
Curl_ntlm_core_mk_nt_hash: return error on too long password

... since it would cause an integer overflow if longer than (max size_t
/ 2).

This is CVE-2018-14618

Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
Backported patch details:-

Link: https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch
Change-Id: I9a2cdc3aca86291721b508dae173dca30b6126f9
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
lib/curl_ntlm_core.c diff | blob | history
Domain: Network & Connectivity / Data Network;