diff options
| -rw-r--r-- | lib/http_ntlm.c | 7 | 
1 files changed, 7 insertions, 0 deletions
| diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c index 3e993cbf5..a64f61170 100644 --- a/lib/http_ntlm.c +++ b/lib/http_ntlm.c @@ -713,6 +713,13 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,      size=64;      ntlmbuf[62]=ntlmbuf[63]=0; +    /* Make sure that the user and domain strings fit in the target buffer +       before we copy them there. */ +    if(size + userlen + domlen >= sizeof(ntlmbuf)) { +      failf(conn->data, "user + domain name too big"); +      return CURLE_OUT_OF_MEMORY; +    } +      memcpy(&ntlmbuf[size], domain, domlen);      size += domlen; | 
