diff options
| author | Brad King <brad.king@kitware.com> | 2018-10-31 13:46:23 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2018-10-31 13:46:23 (GMT) |
| commit | 636bcefeab3b386e65efe03b199b9b2614d8a78d (patch) | |
| tree | 7198834e3a8ff6ce1facc9d14efcd1160e7681bd /Utilities/cmcurl/lib/curl_ntlm_wb.c | |
| parent | 9c6574795c404417939c889d8cb45095c4175474 (diff) | |
| parent | 9835e9075037db3d23ade0ef865c562b08cf6023 (diff) | |
| download | CMake-636bcefeab3b386e65efe03b199b9b2614d8a78d.zip CMake-636bcefeab3b386e65efe03b199b9b2614d8a78d.tar.gz CMake-636bcefeab3b386e65efe03b199b9b2614d8a78d.tar.bz2 | |
Merge branch 'upstream-curl' into update-curl
* upstream-curl:
curl 2018-10-30 (19667715)
Diffstat (limited to 'Utilities/cmcurl/lib/curl_ntlm_wb.c')
| -rw-r--r-- | Utilities/cmcurl/lib/curl_ntlm_wb.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/Utilities/cmcurl/lib/curl_ntlm_wb.c b/Utilities/cmcurl/lib/curl_ntlm_wb.c index 353a656..a4791eb 100644 --- a/Utilities/cmcurl/lib/curl_ntlm_wb.c +++ b/Utilities/cmcurl/lib/curl_ntlm_wb.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -249,6 +249,9 @@ done: return CURLE_REMOTE_ACCESS_DENIED; } +/* if larger than this, something is seriously wrong */ +#define MAX_NTLM_WB_RESPONSE 100000 + static CURLcode ntlm_wb_response(struct connectdata *conn, const char *input, curlntlm state) { @@ -289,6 +292,13 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, buf[len_out - 1] = '\0'; break; } + + if(len_out > MAX_NTLM_WB_RESPONSE) { + failf(conn->data, "too large ntlm_wb response!"); + free(buf); + return CURLE_OUT_OF_MEMORY; + } + newbuf = Curl_saferealloc(buf, len_out + NTLM_BUFSIZE); if(!newbuf) return CURLE_OUT_OF_MEMORY; @@ -314,6 +324,8 @@ static CURLcode ntlm_wb_response(struct connectdata *conn, conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3); free(buf); + if(!conn->response_header) + return CURLE_OUT_OF_MEMORY; return CURLE_OK; done: free(buf); @@ -389,6 +401,8 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, conn->response_header); DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd)); free(conn->response_header); + if(!*allocuserpwd) + return CURLE_OUT_OF_MEMORY; conn->response_header = NULL; break; case NTLMSTATE_TYPE2: @@ -409,6 +423,8 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ authp->done = TRUE; Curl_ntlm_wb_cleanup(conn); + if(!*allocuserpwd) + return CURLE_OUT_OF_MEMORY; break; case NTLMSTATE_TYPE3: /* connection is already authenticated, |