From 80a324386b0d6653a19da6e3eeb28530e2478e5d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 7 Dec 2004 23:09:41 +0000
Subject: Rene Bernhardt found and fixed a buffer overrun in the NTLM code,
 where libcurl always and unconditionally overwrote a stack-based array with 3
 zero bytes. I edited the fix to make it less likely to occur again (and added
 a comment explaining the reason to the buffer size).

---
 RELEASE-NOTES | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'RELEASE-NOTES')

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 79d741d01..503514aa0 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -25,6 +25,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o bad memory access in the NTLM code
  o EPSV on multi-homed servers now works correctly
  o chunked-encoded transfers could get closed pre-maturely without error
  o proxy CONNECT now default timeouts after 3600 seconds
@@ -61,6 +62,6 @@ advice from friends like these:
  Tomas Pospisek, Gisle Vanem, Dan Fandrich, Paul Nolan, Andres Garcia,
  Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
  Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
- Richard Atterer
+ Richard Atterer, Rene Bernhardt
 
         Thanks! (and sorry if I forgot to mention someone)
-- 
cgit v1.2.3