This extra check makes sense, the code is not very robust here - maybe
the wording of the message could be made more understandable (what does
"security buffer too big for message buffer" mean?) but at least we
have a check + message now.
I have not tested this for real as I do not have a working NTLM setup,
but Frank has, and the code does not affect anything "not NTLM".
Your patch has been applied to the master branch.
The *check* needs to go into release/2.6 as well, but since the code is
different (due to NTLMv1 removal) there is one extra add_security_buffer()
to be handled by the 2.6 patch (gerrit/493). Coming next :-)
commit a021de2aabb21a24c7b69aaae1c710a9b6fee429 (master)
Author: Frank Lichtenheld
Date: Wed Jan 17 09:59:51 2024 +0100
NTLM: add length check to add_security_buffer
Signed-off-by: Frank Lichtenheld <[email protected]>
Acked-by: Gert Doering <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg28037.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
