buffer overflow in ne_ntlm.c
basic at mozdev.org
Thu Dec 3 23:54:35 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
On 12/03/2009 05:23 AM, Joe Orton wrote:
> On Tue, Dec 01, 2009 at 10:21:39AM +0800, basic wrote:
>> found a buffer overflow in ne_ntlm.c mkhash() function. memset() in line 359 should set
>> 5 bytes rather than 8 (the same as line 338). Here's a patch to fix it.
> Hi! Thanks for the patch, I've applied this. I guess this doesn't have
> any security impact since at worst it's just going to crash - is that
> what it did for you?
Hi! Yes, it was crashing in glibc's memset function.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the neon