This extra check makes sense, the code is not very robust here - maybe
the wording of the message could be made more understandable (what does
"security buffer too big for message buffer" mean?) but at least we
have a check + message now.
I have not tested this for real as I do not have a working NTLM setup,
but Frank has, and the code does not affect anything "not NTLM".
Your patch has been applied to the master branch.
The *check* needs to go into release/2.6 as well, but since the code is
different (due to NTLMv1 removal) there is one extra add_security_buffer()
to be handled by the 2.6 patch (gerrit/493). Coming next :-)
commit a021de2aabb21a24c7b69aaae1c710a9b6fee429 (master)
Author: Frank Lichtenheld
Date: Wed Jan 17 09:59:51 2024 +0100
NTLM: add length check to add_security_buffer
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20240117085951.27414-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28037.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
