Index: squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c diff -c squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3 squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3.2.1 *** squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c:1.3 Wed Aug 29 08:57:38 2001 --- squid/helpers/ntlm_auth/fakeauth/fakeauth_auth.c Fri Aug 20 02:09:58 2004 *************** *** 150,156 **** o = WSWAP(str->offset); /* Sanity checks. XXX values arbitrarialy chosen */ ! if (l <= 0 || l>= 32 || o>= 256) { fprintf(stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); return (NULL); } --- 150,156 ---- o = WSWAP(str->offset); /* Sanity checks. XXX values arbitrarialy chosen */ ! if (l <= 0 || o <= 0 || l>= 32 || o>= 256) { fprintf(stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); return (NULL); } Index: squid/lib/ntlmauth.c diff -c squid/lib/ntlmauth.c:1.5.2.2 squid/lib/ntlmauth.c:1.5.2.3 *** squid/lib/ntlmauth.c:1.5.2.2 Sun Jul 21 20:06:31 2002 --- squid/lib/ntlmauth.c Fri Aug 20 02:09:58 2004 *************** *** 84,90 **** o = WSWAP(str->offset); /* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */ ! if (l < 0 || l> MAX_FIELD_LENGTH || o + l> length || o == 0) { /* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */ return rv; } --- 84,90 ---- o = WSWAP(str->offset); /* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */ ! if (l < 0 || o <= 0 || l> MAX_FIELD_LENGTH || o + l> length) { /* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */ return rv; }

AltStyle によって変換されたページ (->オリジナル) /