Red Hat Bugzilla – Bug 149323
CAN-2005-0490 Multiple stack based buffer overflows in curl
Last modified: 2007-04-18 13:20:10 EDT
*** This bug has been split off bug 149322 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.02.22
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and
possibly other versions, allow remote malicious web servers to execute
arbitrary code via base64 encoded replies that exceed the intended
buffer lengths when decoded, which is not properly handled by (1) the
Curl_input_ntlm function in http_ntlm.c during NTLM authentication or
(2) the Curl_krb_kauth and krb4_auth functions in krb4.c during
This issue should also affect FC2
Created attachment 111326 [details]
I fixed these problems (I changed the lengths of the buffers which are used in
Curl_input_ntlm (in http_ntlm.c) and in krb4_auth (in krb4.c)) in previous patch.
Do you think is it's possible to use this patch?
Created attachment 111334 [details]
Correction of previous puzzled and incorrect patch.
Don't for get to check the return value of malloc (stolen from the incomplete
upstream patch at
unsigned char *buffer = (unsigned char *)malloc(strlen(header));
if (buffer == NULL)
Created attachment 111336 [details]
The last patch with checked return values of malloc.
thank you for your notice.
Can this be the correct patch of this bug?
Fixed upstream in curl 7.13.1
fc3 version was fixed.
I'm closing this as a duplicate of #152917, which tracks the same problem for
other versions as well.
*** This bug has been marked as a duplicate of 152917 ***