git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2de717) | patch
CVE-2022-2127: ntlm_auth: cap lanman response length value
authorRalph Boehme <slow@samba.org>
Fri, 16 Jun 2023 10:28:47 +0000 (12:28 +0200)
committerJule Anger <janger@samba.org>
Fri, 21 Jul 2023 12:05:35 +0000 (12:05 +0000)
commite067c523b17951a93b6daafd349e9371f8f81e56
tree6ddf5250b5c23855c363ecc460f61af20fab6f10tree
parentb2de71734f09ee4eb80cf70de8a66f628246f2bacommit | diff
CVE-2022-2127: ntlm_auth: cap lanman response length value

We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
lm_resp buffer, but we don't cap the length indicator.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072

Signed-off-by: Ralph Boehme <slow@samba.org>
source3/utils/ntlm_auth.c diff | blob | history
Samba Shared Repository