From 64d1db926674fcc0ebda6e2d06238a19ea695206 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 19 Mar 2015 20:22:49 -0400 Subject: Fix length check of nt_response An array passed as a function argument is just a cosmetic ay to pass just a pointer. Therefore sizeof(array) will only return the pointer length, not the array length, and on 32 bit pointers are 4 bytes long. Fix payload calculation by passing in the known correct length instead of using fancy sizeofs ... --- src/ntlm_crypto.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index c07f6cd..13e886e 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -646,9 +646,7 @@ int ntlmv2_verify_nt_response(struct ntlm_buffer *nt_response, nt_resp = (union wire_ntlm_response *)nt_response->data; - payload.length = nt_response->length - - sizeof(nt_resp->v2.resp) - + sizeof(server_chal); + payload.length = nt_response->length - sizeof(nt_resp->v2.resp) + 8; payload.data = malloc(payload.length); if (!payload.data) return ENOMEM; memcpy(payload.data, server_chal, 8); -- cgit