Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
Reported-by: David Woodhouse
  • Loading branch information
captain-caveman2k committed Jul 12, 2014
1 parent 8a12071 commit aaaf9e5
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions lib/curl_ntlm_wb.c
Expand Up @@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
Expand Down Expand Up @@ -43,6 +43,7 @@
#include "urldata.h"
#include "sendf.h"
#include "select.h"
#include "curl_ntlm_msgs.h"
#include "curl_ntlm_wb.h"
#include "url.h"
#include "strerror.h"
Expand Down Expand Up @@ -227,9 +228,10 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
const char *input, curlntlm state)
{
ssize_t size;
char buf[200]; /* enough, type 1, 3 message length is less then 200 */
char buf[NTLM_BUFSIZE];
char *tmpbuf = buf;
size_t len_in = strlen(input), len_out = sizeof(buf);
size_t len_in = strlen(input);
size_t len_out = sizeof(buf);

while(len_in > 0) {
ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
Expand Down

0 comments on commit aaaf9e5

Please sign in to comment.