buffer overflow in ne_ntlm.c
basic
basic at mozdev.org
Thu Dec 3 23:54:35 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On 12/03/2009 05:23 AM, Joe Orton wrote:
> On Tue, Dec 01, 2009 at 10:21:39AM +0800, basic wrote:
>> hi,
>> found a buffer overflow in ne_ntlm.c mkhash() function. memset() in line 359 should set
>> 5 bytes rather than 8 (the same as line 338). Here's a patch to fix it.
>
> Hi! Thanks for the patch, I've applied this. I guess this doesn't have
> any security impact since at worst it's just going to crash - is that
> what it did for you?
Hi! Yes, it was crashing in glibc's memset function.
- --
basic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEAREDAAYFAksYlgsACgkQYVsDDPtA2PTvrwCffYhTQhpcxV1yj3e7RX4OzNZ8
qwsAnjwk9yoIMorLBLQ6YzdmpQyXPRdZ
=rB8c
-----END PGP SIGNATURE-----
More information about the neon
mailing list