From 927bc93c16e9e15b0562ce8dbbfe30dd35f654f0 Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Wed, 3 Sep 2025 17:36:49 +0000
Subject: [PATCH] negotiate_wrapper: Search buffer with strchr instead of
 memchr (#2176)

Previously, memchr would search tainted data.
---
 src/auth/negotiate/wrapper/negotiate_wrapper.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/auth/negotiate/wrapper/negotiate_wrapper.cc b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
index 2ac4e58201..425434d22f 100644
--- a/src/auth/negotiate/wrapper/negotiate_wrapper.cc
+++ b/src/auth/negotiate/wrapper/negotiate_wrapper.cc
@@ -128,7 +128,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
             fprintf(stdout, "BH input error\n");
             return 0;
         }
-        c = static_cast<char*>(memchr(buf, '\n', sizeof(buf) - 1));
+        c = strchr(buf, '\n');
         if (c) {
             *c = '\0';
             length = c - buf;
@@ -221,7 +221,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
 
-            if (!memchr(tbuff, '\n', sizeof(tbuff) - 1)) {
+            if (!strchr(tbuff, '\n')) {
                 fprintf(stderr, "%s| %s: Oversized NTLM helper response\n",
                         LogTime(), PROGRAM);
                 return 0;
@@ -260,7 +260,7 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT, FILE *FDNIN, FILE *FDNOUT)
                 return 0;
             }
 
-            if (!memchr(buff, '\n', sizeof(buff) - 1)) {
+            if (!strchr(buff, '\n')) {
                 fprintf(stderr, "%s| %s: Oversized Kerberos helper response\n",
                         LogTime(), PROGRAM);
                 return 0;
-- 
2.47.3