From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 31 Aug 2020 07:33:05 +0000 (+0300)
Subject: lib-ntlm: Ensure data_size is large enough for buffer
X-Git-Tag: 2.3.13~205
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28d085f4083793742723d1332a684b76cb1111ae;p=thirdparty%2Fdovecot%2Fcore.git

lib-ntlm: Ensure data_size is large enough for buffer
---

diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c
index 65dcfdfdbf..d1aef0f6a0 100644
--- a/src/lib-ntlm/ntlm-message.c
+++ b/src/lib-ntlm/ntlm-message.c
@@ -176,6 +176,11 @@ ntlmssp_create_challenge(pool_t pool, const struct ntlmssp_request *request,
 static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer,
 				 size_t data_size, const char **error)
 {
+	if (data_size < sizeof(*buffer)) {
+		*error = "data_size is smaller than buffer header";
+		return FALSE;
+	}
+
 	uint32_t offset = le32_to_cpu(buffer->offset);
 	uint16_t length = le16_to_cpu(buffer->length);
 	uint16_t space = le16_to_cpu(buffer->space);