]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 81d135d)
Curl_auth_create_plain_message: fix too-large-input-check
authorDaniel Stenberg <daniel@haxx.se>
Fri, 28 Sep 2018 14:08:16 +0000 (16:08 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 29 Oct 2018 07:05:23 +0000 (08:05 +0100)
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html

lib/vauth/cleartext.c patch | blob | history

diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index a10edbdc742bcaccdd6ae2878e36a41a8a46919a..be6d6111e22e20f0eed3c67e4e1e865654186459 100644 (file)
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
   plen = strlen(passwdp);
 
   /* Compute binary message length. Check for overflows. */
-  if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+  if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
     return CURLE_OUT_OF_MEMORY;
   plainlen = 2 * ulen + plen + 2;
 
Unnamed repository; edit this file 'description' to name the repository.