Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where

libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. I edited the fix to make it less likely to occur again (and added a comment explaining the reason to the buffer size).
author: Daniel Stenberg <daniel@haxx.se> 2004-12-07 23:09:41 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2004-12-07 23:09:41 +0000
commit: 80a324386b0d6653a19da6e3eeb28530e2478e5d (patch)
tree: 2197e3cf03a1b37b61f29bdb85afd70036889763 /CHANGES
parent: 163518778c9d59256ab59dd7fb99d21f8a0e9ae7 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 3f68e041d..bdac7b113 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel (8 December 2004)
+- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
+  libcurl always and unconditionally overwrote a stack-based array with 3 zero
+  bytes. This is not an exploitable buffer overflow. No need to get alarmed.
+
 Daniel (7 December 2004)
 - Fixed so that the final error message is sent to the verbose info "stream"
   even if no errorbuffer is set.
author	Daniel Stenberg <daniel@haxx.se>	2004-12-07 23:09:41 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2004-12-07 23:09:41 +0000
commit	80a324386b0d6653a19da6e3eeb28530e2478e5d (patch)
tree	2197e3cf03a1b37b61f29bdb85afd70036889763 /CHANGES
parent	163518778c9d59256ab59dd7fb99d21f8a0e9ae7 (diff)