From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 22 Mar 2023 12:31:11 +0000 (+0100)
Subject: ntlm: clear lm and nt response buffers before use
X-Git-Tag: curl-8_1_0~313
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c2fcb0f60c699a3faa09ffb29e2c1db16e0a13b;p=thirdparty%2Fcurl.git

ntlm: clear lm and nt response buffers before use

To avoid the risk of MemorySanitizer: use-of-uninitialized-value

Closes #10814
---

diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 2a5d4a4908..5aa7e6ec00 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -511,6 +511,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
   size_t userlen = 0;
   size_t domlen = 0;
 
+  memset(lmresp, 0, sizeof(lmresp));
+  memset(ntresp, 0, sizeof(ntresp));
   user = strchr(userp, '\\');
   if(!user)
     user = strchr(userp, '/');