libcurl: update to 7.74.0

author: dartraiden <wowemuh@gmail.com> 2020-12-12 21:52:50 +0300
committer: dartraiden <wowemuh@gmail.com> 2020-12-12 21:52:50 +0300
commit: 3b96a0dcef3c7e1de852025cfea5a9e56486021c (patch)
tree: e0f3d4006a618993b1c70f507cc32c707db5e73b /libs/libcurl/src/curl_ntlm_core.c
parent: 346d20620a22103175778d0ae96299af9f93c7ea (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c
index defae772b4..9a075ac90f 100644
--- a/libs/libcurl/src/curl_ntlm_core.c
+++ b/libs/libcurl/src/curl_ntlm_core.c
@@ -9,7 +9,7 @@
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.se/docs/copyright.html.
  *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
@@ -580,15 +580,11 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
   unsigned char *identity;
   CURLcode result = CURLE_OK;
 
-  /* we do the length checks below separately to avoid integer overflow risk
-     on extreme data lengths */
-  if((userlen > SIZE_T_MAX/2) ||
-     (domlen > SIZE_T_MAX/2) ||
-     ((userlen + domlen) > SIZE_T_MAX/2))
+  if((userlen > CURL_MAX_INPUT_LENGTH) || (domlen > CURL_MAX_INPUT_LENGTH))
     return CURLE_OUT_OF_MEMORY;
 
   identity_len = (userlen + domlen) * 2;
-  identity = malloc(identity_len);
+  identity = malloc(identity_len + 1);
 
   if(!identity)
     return CURLE_OUT_OF_MEMORY;
author	dartraiden <wowemuh@gmail.com>	2020-12-12 21:52:50 +0300
committer	dartraiden <wowemuh@gmail.com>	2020-12-12 21:52:50 +0300
commit	3b96a0dcef3c7e1de852025cfea5a9e56486021c (patch)
tree	e0f3d4006a618993b1c70f507cc32c707db5e73b /libs/libcurl/src/curl_ntlm_core.c
parent	346d20620a22103175778d0ae96299af9f93c7ea (diff)