From c16100f60907a2de92bcb676f303b81facee0f64 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 7 Feb 2023 12:04:11 -0500 Subject: [PATCH] GHSL-2023-012: Incorrect free when decoding target Incorrect free when decoding target information (GHSL-2023-012) Fixes defect GHSL-2023-012 found by the GitHub Security Lab team via oss-fuzz. The error condition incorrectly assumed the cb and sh buffers would contain a copy of the data that needed to freed. However that is not the case. This will generally cause an assertion when trying to free a pointer that was never allocated, and potentially memory corruption depending on the contents fo the target_info buffer. This may cause a DoS condition. Signed-off-by: Simo Sorce --- src/ntlm.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/ntlm.c b/src/ntlm.c index 0ac1c03..d3d7d1b 100644 --- a/src/ntlm.c +++ b/src/ntlm.c @@ -731,8 +731,6 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, done: if (ret) { - ntlm_free_buffer_data(&sh); - ntlm_free_buffer_data(&cb); safefree(nb_computer); safefree(nb_domain); safefree(dns_computer);