git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c6fe5a) | patch
CVE-2022-2127: ntlm_auth: cap lanman response length value
authorRalph Boehme <slow@samba.org>
Fri, 16 Jun 2023 10:28:47 +0000 (12:28 +0200)
committerJule Anger <janger@samba.org>
Fri, 14 Jul 2023 13:16:16 +0000 (15:16 +0200)
commit2eabbe31f64a8456813a502afb05907beb46ffad
tree903789fd25b78d0ab2abde62bf9b345b9e4a112atree
parent5c6fe5a491b16bb658c191cfafb5edc0beb5fab2commit | diff
CVE-2022-2127: ntlm_auth: cap lanman response length value

We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
lm_resp buffer, but we don't cap the length indicator.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072

Signed-off-by: Ralph Boehme <slow@samba.org>
source3/utils/ntlm_auth.c diff | blob | history
Samba Shared Repository