Skip to content

Commit f3a24d7

Browse files
committed
Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839 Reported-by: Harry Sintonen Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
1 parent 81d135d commit f3a24d7

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: lib/vauth/cleartext.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
7474
plen = strlen(passwdp);
7575

7676
/* Compute binary message length. Check for overflows. */
77-
if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
77+
if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
7878
return CURLE_OUT_OF_MEMORY;
7979
plainlen = 2 * ulen + plen + 2;
8080

0 commit comments

Comments
 (0)