[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 50/116: ntlm: avoid malloc(0) for zero length passw
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 50/116: ntlm: avoid malloc(0) for zero length passwords |
|
Date: |
Tue, 05 Dec 2017 14:51:20 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 685ef130575cdcf63fe9547757d88a49a40ef281
Author: Daniel Stenberg <address@hidden>
AuthorDate: Sat Nov 4 16:42:21 2017 +0100
ntlm: avoid malloc(0) for zero length passwords
It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.
Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054
Assisted-by: Max Dymond
Closes #2054
---
lib/curl_ntlm_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 5154949e6..1309bf0d9 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -557,7 +557,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
unsigned char *ntbuffer /* 21 bytes */)
{
size_t len = strlen(password);
- unsigned char *pw = malloc(len * 2);
+ unsigned char *pw = len ? malloc(len * 2) : strdup("");
CURLcode result;
if(!pw)
return CURLE_OUT_OF_MEMORY;
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 95/116: url: reject ASCII control characters and space in host names, (continued)
- [GNUnet-SVN] [gnurl] 95/116: url: reject ASCII control characters and space in host names, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 78/116: zlib/brotli: only include header files in modules needing them, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 103/116: URL: update "file:" URL handling, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 83/116: openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 70/116: RELEASE-NOTES: synced with 32828cc4f, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 98/116: connect: improve the bind error message, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 99/116: RELEASE-NOTES: synced with 31f18d272, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 108/116: wildcardmatch: fix heap buffer overflow in setcharset, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 85/116: resolve: allow IP address within [] brackets, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 71/116: cmake: Correctly include curl.rc in Windows builds (#2064), gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 50/116: ntlm: avoid malloc(0) for zero length passwords,
gnunet <=
- [GNUnet-SVN] [gnurl] 91/116: openssl: fix "Value stored to 'rc' is never read" scan-build error, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 57/116: src/Makefile.m32: fix typo in brotli lib customization, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 81/116: RELEASE-NOTES: synced with ae7369b6d, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 60/116: content_encoding: do not write 0 length data, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 40/116: url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 86/116: examples/curlx: Fix code style, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 65/116: share: add support for sharing the connection cache, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 25/116: auth: add support for RFC7616 - HTTP Digest access authentication, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 87/116: BUGS: spellchecked, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 76/116: connect.c: remove executable bit on file, gnunet, 2017/12/05