From 80a324386b0d6653a19da6e3eeb28530e2478e5d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 7 Dec 2004 23:09:41 +0000
Subject: Rene Bernhardt found and fixed a buffer overrun in the NTLM code,
 where libcurl always and unconditionally overwrote a stack-based array with 3
 zero bytes. I edited the fix to make it less likely to occur again (and added
 a comment explaining the reason to the buffer size).

---
 CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 3f68e041d..bdac7b113 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel (8 December 2004)
+- Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where
+  libcurl always and unconditionally overwrote a stack-based array with 3 zero
+  bytes. This is not an exploitable buffer overflow. No need to get alarmed.
+
 Daniel (7 December 2004)
 - Fixed so that the final error message is sent to the verbose info "stream"
   even if no errorbuffer is set.
-- 
cgit v1.2.3