mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed oob read in ntlm_read_ntlm_v2_response

Browse Source
This commit is contained in:
akallabeth 2020-04-15 17:02:33 +02:00
parent 8fa3835963
commit afdffac4b5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winpr/libwinpr/sspi/NTLM/ntlm_compute.c
View File

@ -124,6 +124,9 @@ void ntlm_print_version_info(NTLM_VERSION_INFO* versionInfo)
static int ntlm_read_ntlm_v2_client_challenge(wStream* s, NTLMv2_CLIENT_CHALLENGE* challenge)
{
size_t size;
if (Stream_GetRemainingLength(s) < 28)
return -1;
Stream_Read_UINT8(s, challenge->RespType);
Stream_Read_UINT8(s, challenge->HiRespType);
Stream_Read_UINT16(s, challenge->Reserved1);
@ -163,6 +166,8 @@ static int ntlm_write_ntlm_v2_client_challenge(wStream* s, NTLMv2_CLIENT_CHALLEN
int ntlm_read_ntlm_v2_response(wStream* s, NTLMv2_RESPONSE* response)
{
if (Stream_GetRemainingLength(s) < 16)
return -1;
Stream_Read(s, response->Response, 16);
return ntlm_read_ntlm_v2_client_challenge(s, &(response->Challenge));
}