Commit 685ef130 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

ntlm: avoid malloc(0) for zero length passwords 

It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.

Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054

Assisted-by: Max Dymond
Closes #2054
parent d2146c59

lib/curl_ntlm_core.c

+1 −1
Original line number Diff line number Diff line
@@ -557,7 +557,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, 
                                   unsigned char *ntbuffer /* 21 bytes */)

{

  size_t len = strlen(password);

  unsigned char *pw = malloc(len * 2);

  unsigned char *pw = len ? malloc(len * 2) : strdup("");

  CURLcode result;

  if(!pw)

    return CURLE_OUT_OF_MEMORY;