Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Out-of-bounds read in multiple decode functions
These were reported as: - Out-of-bounds read in ntlm_decode_oem_str (GHSL-2023-019) - Out-of-bounds read in ntlm_decode_u16l_str_hdr (GHSL-2023-020) - Out-of-bounds read in ntlm_decode_field (GHSL-2023-021) These are lall basically the same identical error replicated in 3 separate functions. Fixes defects GHSL-2023-019, GHSL-2023-020, GHSL-2023-021 found by the GitHub Security Lab team via oss-fuzz. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. This leads to a DoS as the service may end up reading from unmapped memory and crashing. Although most applications will error out before accepting a singe input buffer of 4GB in lenght this could theoretically happen, and therefore we fix it. Fixes CVE-2023-25563 Signed-off-by: Simo Sorce <simo@redhat.com>
- Loading branch information