From 0c2fcb0f60c699a3faa09ffb29e2c1db16e0a13b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 22 Mar 2023 13:31:11 +0100 Subject: [PATCH] ntlm: clear lm and nt response buffers before use To avoid the risk of MemorySanitizer: use-of-uninitialized-value Closes #10814 --- lib/vauth/ntlm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index 2a5d4a4908fcb3..5aa7e6ec0058f0 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -511,6 +511,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, size_t userlen = 0; size_t domlen = 0; + memset(lmresp, 0, sizeof(lmresp)); + memset(ntresp, 0, sizeof(ntresp)); user = strchr(userp, '\\'); if(!user) user = strchr(userp, '/');