Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntl

libntlm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntl

From:	Cedric Buissart
Subject:	Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Date:	Tue, 21 Apr 2020 14:27:50 +0200

:) Excellent, thanks!

On Sun, Apr 19, 2020 at 10:05 AM Simon Josefsson <address@hidden> wrote:
>
> Cedric Buissart <address@hidden> writes:
>
> > Hi,
> >
> > This vulnerability (https://gitlab.com/jas/libntlm/-/issues/2) has
> > been opened for some time without a fix.
> >
> > So here is a quick fix proposal : fixing the AddBytes macro by forcing
> > it to check the remaining buffer available before copying the data.
> > The advantage of doing it here is that it _should (hopefully)_ fix all
> > the possibly affected code paths (i.e.: all calls to AddBytes,
> > AddString, AddUnicodeStringLen, AddUnicodeString),
> > buildSmbNtlmAuthRequest & also work for tSmbNtlmAuthResponse.
>
> Hi Cedric!  Thank you for looking at this, and the patch!  Thanks also
> to Kirin for initial report.  I have pushed your patch now, together
> with a somewhat improved regression check that can be used to detect
> buggy libntlm's.  I will release version 1.6 shortly.
>
> Thanks,
> Simon



-- 
Cedric Buissart,
Product Security

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request), Simon Josefsson, 2020/04/19
- Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request), Cedric Buissart <=

Prev by Date: Libntlm 1.6
Previous by thread: Re: Patch proposal for CVE-2019-17455 (Buffer Overflow Write when libntlm generates NTLM request)
Next by thread: Libntlm 1.6
Index(es):
- Date
- Thread