diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-09-28 16:08:16 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-10-29 08:05:23 +0100 |
commit | f3a24d7916b9173c69a3e0ee790102993833d6c5 (patch) | |
tree | 0afe7e6109cea8552010f318bbaf0b078ae0b637 /lib/vauth | |
parent | 81d135d67155c5295b1033679c606165d4e28f3f (diff) |
Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
Diffstat (limited to 'lib/vauth')
-rw-r--r-- | lib/vauth/cleartext.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c index a10edbdc7..be6d6111e 100644 --- a/lib/vauth/cleartext.c +++ b/lib/vauth/cleartext.c @@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, plen = strlen(passwdp); /* Compute binary message length. Check for overflows. */ - if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) + if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2))) return CURLE_OUT_OF_MEMORY; plainlen = 2 * ulen + plen + 2; |