[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntl
From: |
Cedric Buissart |
Subject: |
Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request) |
Date: |
Tue, 21 Apr 2020 14:27:50 +0200 |
:) Excellent, thanks!
On Sun, Apr 19, 2020 at 10:05 AM Simon Josefsson <address@hidden> wrote:
>
> Cedric Buissart <address@hidden> writes:
>
> > Hi,
> >
> > This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
> > been opened for some time without a fix.
> >
> > So here is a quick fix proposal : fixing the AddBytes macro by forcing
> > it to check the remaining buffer available before copying the data.
> > The advantage of doing it here is that it _should (hopefully)_ fix all
> > the possibly affected code paths (i.e.: all calls to AddBytes,
> > AddString, AddUnicodeStringLen, AddUnicodeString),
> > buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.
>
> Hi Cedric! Thank you for looking at this, and the patch! Thanks also
> to Kirin for initial report. I have pushed your patch now, together
> with a somewhat improved regression check that can be used to detect
> buggy libntlm's. I will release version 1.6 shortly.
>
> Thanks,
> Simon
--
Cedric Buissart,
Product Security