[svn] Added Daniel's fix for remotely exploitable buffer overflow vulnerability in...

[wget] / src / http-ntlm.c

diff --git a/src/http-ntlm.c b/src/http-ntlm.c
index a58d2581c11724d0ea62f910bc8e96ef73419f54..63827caac64990c1856715fea8c11924ddce391c 100644 (file)
--- a/src/http-ntlm.c
+++ b/src/http-ntlm.c
@@ -37,7 +37,6 @@ so, delete this exception statement from your version.  */
 
 */
 
-/* -- WIN32 approved -- */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
@@ -525,6 +524,11 @@ ntlm_output (struct ntlmdata *ntlm, const char *user, const char *passwd,
     size=64;
     ntlmbuf[62]=ntlmbuf[63]=0;
 
+    /* Make sure that the user and domain strings fit in the target buffer
+       before we copy them there. */
+    if(size + userlen + domlen >= sizeof(ntlmbuf))
+      return NULL;
+    
     memcpy(&ntlmbuf[size], domain, domlen);
     size += domlen;