Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm ge

libntlm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm ge

From:	Cedric Buissart
Subject:	Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Date:	Mon, 9 Mar 2020 15:51:32 +0100

Hi,

This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
been opened for some time without a fix.

So here is a quick fix proposal : fixing the AddBytes macro by forcing
it to check the remaining buffer available before copying the data.
The advantage of doing it here is that it _should (hopefully)_ fix all
the possibly affected code paths (i.e.: all calls to AddBytes,
AddString, AddUnicodeStringLen, AddUnicodeString),
buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.

*WARNING* : I didn't really test it with more than a few partial test
cases (e.g.: I didn't even check if it also works for
tSmbNtlmAuthResponse).

Please let me know if it looks good

Thanks!
-- 
Cedric Buissart,
Red Hat Product Security

libntlm-CVE-2019-17455.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request), Cedric Buissart <=

Index(es):
- Date
- Thread