summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/ntlmssp/ntlmssp_sign.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/auth/ntlmssp/ntlmssp_sign.c b/auth/ntlmssp/ntlmssp_sign.c
index a5c57d8423..4d07a81e44 100644
--- a/auth/ntlmssp/ntlmssp_sign.c
+++ b/auth/ntlmssp/ntlmssp_sign.c
@@ -402,6 +402,10 @@ NTSTATUS ntlmssp_wrap(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB sig;
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+ if (in->length + NTLMSSP_SIG_SIZE < in->length) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
*out = data_blob_talloc(out_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
if (!out->data) {
return NT_STATUS_NO_MEMORY;
@@ -422,6 +426,9 @@ NTSTATUS ntlmssp_wrap(struct ntlmssp_state *ntlmssp_state,
return nt_status;
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+ if (in->length + NTLMSSP_SIG_SIZE < in->length) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
*out = data_blob_talloc(out_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
if (!out->data) {