r24796: Add bounds checking to ntlm_auth, increase initial buffer size to 300 to...

author Kai Blin <kai@samba.org>

Thu, 30 Aug 2007 09:02:40 +0000 (09:02 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 20:03:11 +0000 (15:03 -0500)
author Kai Blin <kai@samba.org>
Thu, 30 Aug 2007 09:02:40 +0000 (09:02 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 20:03:11 +0000 (15:03 -0500)
diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c

index 162470dd95ee031a24811e17d1897989a7b0aef2..f999995dafb0f70d2e157b724c8f07ff10093302 100644 (file)
--- a/source/utils/ntlm_auth.c
+++ b/source/utils/ntlm_auth.c
@@ -38,7 +38,8 @@
  #include "lib/messaging/irpc.h"
  #include "auth/ntlmssp/ntlmssp.h"
  
-#define INITIAL_BUFFER_SIZE 200
+#define INITIAL_BUFFER_SIZE 300
+#define MAX_BUFFER_SIZE 63000
  
  enum stdio_helper_mode {
         SQUID_2_4_BASIC,
@@ -871,7 +872,7 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode,
         char *buf;
         char tmp[INITIAL_BUFFER_SIZE+1];
         unsigned int mux_id = 0;
-       int length;
+       int length, buf_size = 0;
         char *c;
         struct mux_private {
                 unsigned int max_mux;
@@ -907,6 +908,15 @@ static void manage_squid_request(enum stdio_helper_mode helper_mode,
                 }
  
                 buf = talloc_append_string(buf, buf, tmp);
+               buf_size += INITIAL_BUFFER_SIZE;
+
+               if (buf_size > MAX_BUFFER_SIZE) {
+                       DEBUG(0, ("Invalid Request (too large)\n"));
+                       x_fprintf(x_stdout, "ERR\n");
+                       talloc_free(buf);
+                       return;
+               }
+
                 c = strchr(buf, '\n');
         } while (c == NULL);
author	Kai Blin <kai@samba.org>
	Thu, 30 Aug 2007 09:02:40 +0000 (09:02 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 20:03:11 +0000 (15:03 -0500)