ntlm: clear lm and nt response buffers before use

To avoid the risk of MemorySanitizer: use-of-uninitialized-value Closes #10814
curl · Mar 23, 2023 · 0c2fcb0 · 0c2fcb0
1 parent 955e276
commit 0c2fcb0
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
@@ -511,6 +511,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
   size_t userlen = 0;
   size_t domlen = 0;
 
+  memset(lmresp, 0, sizeof(lmresp));
+  memset(ntresp, 0, sizeof(ntresp));
   user = strchr(userp, '\\');
   if(!user)
     user = strchr(userp, '/');