[svn] Added Daniel's fix for remotely exploitable buffer overflow vulnerability in...

[wget] / src / http-ntlm.c

diff --git a/src/http-ntlm.c b/src/http-ntlm.c
index 5e45c0dba0ce0d2ebb61aa4bc57ee94f98f38072..63827caac64990c1856715fea8c11924ddce391c 100644 (file)
--- a/src/http-ntlm.c
+++ b/src/http-ntlm.c
@@ -524,6 +524,11 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
     size=64;
     ntlmbuf[62]=ntlmbuf[63]=0;
 
+    /* Make sure that the user and domain strings fit in the target buffer
+       before we copy them there. */
+    if(size + userlen + domlen >= sizeof(ntlmbuf))
+      return NULL;
+    
     memcpy(&ntlmbuf[size], domain, domlen);
     size += domlen;