Commit 20a50124 authored by Albert Astals Cid's avatar Albert Astals Cid

Make sure the size of the byte array we just dumped into the struct is big...

Make sure the size of the byte array we just dumped into the struct is big enough before calculating the targetInfo, otherwise we're accessing memory that doesn't belong to us

Fix out of bounds memory access https://build.kde.org/job/kio%20master%20kf5-qt5/PLATFORM=Linux,compiler=gcc/102/testReport/junit/%28root%29/TestSuite/kioslave_httpauthenticationtest/

Also remove a cast to quint32 that is not necessary since the member is already a quint32

Valgrind doesn't complain anymore.
parent 3e3c3594
......@@ -224,7 +224,7 @@ bool KNTLM::getAuth (QByteArray &auth, const QByteArray &challenge,
QByteArray rbuf (sizeof (Auth), 0);
Challenge *ch = (Challenge *) challenge.data();
QByteArray response;
uint chsize = challenge.size();
const uint chsize = challenge.size();
bool unicode = false;
QString dom;
......@@ -244,8 +244,10 @@ bool KNTLM::getAuth (QByteArray &auth, const QByteArray &challenge,
memcpy (rbuf.data(), NTLM_SIGNATURE, sizeof (NTLM_SIGNATURE));
((Auth *) rbuf.data())->msgType = qToLittleEndian ( (quint32) 3);
((Auth *) rbuf.data())->flags = ch->flags;
QByteArray targetInfo = getBuf (challenge, ch->targetInfo);
QByteArray targetInfo;
if (chsize >= sizeof(Challenge)) {
targetInfo = getBuf(challenge, ch->targetInfo);
}
if (!(authflags & Force_V1) &&
((authflags & Force_V2) ||
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment