Skip to content
Permalink
Browse files Browse the repository at this point in the history
GHSL-2023-012: Incorrect free when decoding target
Incorrect free when decoding target information (GHSL-2023-012)

Fixes defect GHSL-2023-012 found by the GitHub Security Lab team via
oss-fuzz.

The error condition incorrectly assumed the cb and sh buffers would
contain a copy of the data that needed to freed. However that is not the
case.

This will generally cause an assertion when trying to free a pointer
that was never allocated, and potentially memory corruption depending on
the contents fo the target_info buffer.

This may cause a DoS condition.

Signed-off-by: Simo Sorce <simo@redhat.com>
  • Loading branch information
simo5 committed Feb 12, 2023
1 parent c753000 commit c16100f
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions src/ntlm.c
Expand Up @@ -731,8 +731,6 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer,

done:
if (ret) {
ntlm_free_buffer_data(&sh);
ntlm_free_buffer_data(&cb);
safefree(nb_computer);
safefree(nb_domain);
safefree(dns_computer);
Expand Down

0 comments on commit c16100f

Please sign in to comment.