Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
/curlPublic

Commitf3a24d7

Browse files
committed
Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839Reported-by: Harry SintonenBug:https://curl.haxx.se/docs/CVE-2018-16839.html
1 parent81d135d commitf3a24d7

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

‎lib/vauth/cleartext.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
7474
plen=strlen(passwdp);
7575

7676
/* Compute binary message length. Check for overflows. */
77-
if((ulen>SIZE_T_MAX/2)|| (plen> (SIZE_T_MAX/2-2)))
77+
if((ulen>SIZE_T_MAX/4)|| (plen> (SIZE_T_MAX/2-2)))
7878
returnCURLE_OUT_OF_MEMORY;
7979
plainlen=2*ulen+plen+2;
8080

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp