[gnurl] 23/222: smb: check for full size message before reading message

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 23/222: smb: check for full size message before reading message

From:	gnunet
Subject:	[gnurl] 23/222: smb: check for full size message before reading message details
Date:	Thu, 07 Nov 2019 00:08:39 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 6de10536928d212387cc22fbf6e9793f260fc390
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Sep 16 10:15:05 2019 +0200

    smb: check for full size message before reading message details
    
    To avoid reading of uninitialized data.
    
    Assisted-by: Max Dymond
    Bug: https://crbug.com/oss-fuzz/16907
    Closes #4363
---
 lib/smb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/smb.c b/lib/smb.c
index f66c05ca4..12f99257f 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -682,7 +682,8 @@ static CURLcode smb_connection_state(struct connectdata 
*conn, bool *done)
 
   switch(smbc->state) {
   case SMB_NEGOTIATE:
-    if(h->status || smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) {
+    if((smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) ||
+       h->status) {
       connclose(conn, "SMB: negotiation failed");
       return CURLE_COULDNT_CONNECT;
     }

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnurl] 08/222: docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag, (continued)
- [gnurl] 08/222: docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag, gnunet, 2019/11/06
- [gnurl] 06/222: curlver: bump to 7.66.1, gnunet, 2019/11/06
- [gnurl] 05/222: setopt: make it easier to add new enum values, gnunet, 2019/11/06
- [gnurl] 11/222: parsedate: still provide the name arrays when disabled, gnunet, 2019/11/06
- [gnurl] 12/222: curl: fix memory leaked by parse_metalink(), gnunet, 2019/11/06
- [gnurl] 07/222: RELEASE-NOTES: synced, gnunet, 2019/11/06
- [gnurl] 13/222: FTP: skip CWD to entry dir when target is absolute, gnunet, 2019/11/06
- [gnurl] 10/222: curl:file2string: load large files much faster, gnunet, 2019/11/06
- [gnurl] 09/222: openssl: close_notify on the FTP data connection doesn't mean closure, gnunet, 2019/11/06
- [gnurl] 15/222: appveyor: add a winbuild, gnunet, 2019/11/06
- [gnurl] 23/222: smb: check for full size message before reading message details, gnunet <=
- [gnurl] 17/222: docs: fix typo in CURLOPT_HTTP_VERSION man, gnunet, 2019/11/06
- [gnurl] 18/222: docs: remove trailing ':' from section names in CURLOPT_TRAILER* man, gnunet, 2019/11/06
- [gnurl] 25/222: doh: clean up dangling DOH handles and memory on easy close, gnunet, 2019/11/06
- [gnurl] 14/222: FTP: allow "rubbish" prepended to the SIZE response, gnunet, 2019/11/06
- [gnurl] 22/222: quiche: persist connection details, gnunet, 2019/11/06
- [gnurl] 19/222: doh: fix (harmless) buffer overrun, gnunet, 2019/11/06
- [gnurl] 24/222: unit1655: make it C90 compliant, gnunet, 2019/11/06
- [gnurl] 21/222: openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version, gnunet, 2019/11/06
- [gnurl] 16/222: CI: inintial github action job, gnunet, 2019/11/06
- [gnurl] 20/222: doh: fix undefined behaviour and open up for gcc and clang optimization, gnunet, 2019/11/06

Prev by Date: [gnurl] 15/222: appveyor: add a winbuild
Next by Date: [gnurl] 17/222: docs: fix typo in CURLOPT_HTTP_VERSION man
Previous by thread: [gnurl] 15/222: appveyor: add a winbuild
Next by thread: [gnurl] 17/222: docs: fix typo in CURLOPT_HTTP_VERSION man
Index(es):
- Date
- Thread