aboutsummaryrefslogtreecommitdiff
path: root/lib/vauth/cram.c
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2019-05-13 20:27:50 +0200
committerDaniel Gustafsson <daniel@yesql.se>2019-05-13 20:27:50 +0200
commitb4bb920405a6eb045f9e1fc3b5e05715bca2b0b4 (patch)
treec999bd16f22f3c87d52134008b82876dbfdeb231 /lib/vauth/cram.c
parentae3f838b9a8b185d98b2a5442a3d220ac9a3a11d (diff)
vtls: fix potential ssl_buffer stack overflow
In Curl_multissl_version() it was possible to overflow the passed in buffer if the generated version string exceeded the size of the buffer. Fix by inverting the logic, and also make sure to not exceed the local buffer during the string generation. Closes #3863 Reported-by: nevv on HackerOne/curl Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg
Diffstat (limited to 'lib/vauth/cram.c')
0 files changed, 0 insertions, 0 deletions