git.ipfire.org Git - thirdparty/squid.git/commit

]> git.ipfire.org Git - thirdparty/squid.git/commit

projects / thirdparty / squid.git / commit

author	Joshua Rogers <MegaManSec@users.noreply.github.com>
	Sun, 19 Oct 2025 17:33:18 +0000 (17:33 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Sun, 19 Oct 2025 18:18:42 +0000 (18:18 +0000)
commit	346ff7bbc7e89ff8abdbc80fb7a2e6638162e359
tree	701088caac92684a798e375bfbff98309f0a123e	tree \| snapshot
parent	1e71bafbd82223c05202acecd4bd6adbf60726b9	commit \| diff

Fix libntlmauth string parsing on big-endian machines (#2242)

Prevent off-by-one reads in ntlm_fetch_string(); clamp copies too.
Convert flags with le32toh; validate lengths; ensure NUL-terminate.
cast ntlm string characters to unsigned char explicitly.
Return BlobError on oversized fields to avoid UB.

Combined these changes affect Big-Endian CPU architectures
which will fail to detect ASCII vs UTF encoding properly and
produce invalid strings (including user/password to compare).

lib/ntlmauth/ntlmauth.cc

diff | blob | blame | history

Mirror of https://github.com/squid-cache/squid.git

RSS Atom