romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-30 03:47:27 +03:00
Code Issues Projects Releases Packages Wiki Activity

NTLM: use DES_set_key_unchecked with OpenSSL

Browse source 
... as the previously used function DES_set_key() will in some cases
reject using a key that it deems "weak" which will cause curl to
continue using the unitialized buffer content as key instead.

Assisted-by: Harry Sintonen
Fixes #7779
Closes #7781
This commit is contained in:
Daniel Stenberg 2021-09-27 16:08:39 +02:00
parent 02c9802fd1
commit 1ddfa8e480
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/curl_ntlm_core.c
View file

@ -150,7 +150,7 @@ static void setup_des_key(const unsigned char *key_56,
DES_set_odd_parity(&key);
/* Set the key */
DES_set_key(&key, ks);
DES_set_key_unchecked(&key, ks);
}
#elif defined(USE_GNUTLS)