[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm ge
From: |
Cedric Buissart |
Subject: |
Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request) |
Date: |
Mon, 9 Mar 2020 15:51:32 +0100 |
Hi,
This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
been opened for some time without a fix.
So here is a quick fix proposal : fixing the AddBytes macro by forcing
it to check the remaining buffer available before copying the data.
The advantage of doing it here is that it _should (hopefully)_ fix all
the possibly affected code paths (i.e.: all calls to AddBytes,
AddString, AddUnicodeStringLen, AddUnicodeString),
buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.
*WARNING* : I didn't really test it with more than a few partial test
cases (e.g.: I didn't even check if it also works for
tSmbNtlmAuthResponse).
Please let me know if it looks good
Thanks!
--
Cedric Buissart,
Red Hat Product Security
libntlm-CVE-2019-17455.patch
Description: Text Data
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request),
Cedric Buissart <=