Unverified Commit f3a24d79 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Curl_auth_create_plain_message: fix too-large-input-check 

CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
parent 81d135d6

lib/vauth/cleartext.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, 
  plen = strlen(passwdp);

  plen = strlen(passwdp);





  /* Compute binary message length. Check for overflows. */

  /* Compute binary message length. Check for overflows. */

  if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))

  if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))

    return CURLE_OUT_OF_MEMORY;

    return CURLE_OUT_OF_MEMORY;

  plainlen = 2 * ulen + plen + 2;

  plainlen = 2 * ulen + plen + 2;