[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntl
From: |
Simon Josefsson |
Subject: |
Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request) |
Date: |
Sun, 19 Apr 2020 10:02:48 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Cedric Buissart <address@hidden> writes:
> Hi,
>
> This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
> been opened for some time without a fix.
>
> So here is a quick fix proposal : fixing the AddBytes macro by forcing
> it to check the remaining buffer available before copying the data.
> The advantage of doing it here is that it _should (hopefully)_ fix all
> the possibly affected code paths (i.e.: all calls to AddBytes,
> AddString, AddUnicodeStringLen, AddUnicodeString),
> buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.
Hi Cedric! Thank you for looking at this, and the patch! Thanks also
to Kirin for initial report. I have pushed your patch now, together
with a somewhat improved regression check that can be used to detect
buggy libntlm's. I will release version 1.6 shortly.
Thanks,
Simon
signature.asc
Description: PGP signature
- Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request),
Simon Josefsson <=