From 54e5ff1e757a51577f79fe3dbb737ca0a62d459d Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Sat, 28 Jan 2023 12:48:00 +0100
Subject: [PATCH] [core,gcc] fix server random length

---
 libfreerdp/core/gcc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c
index 5a299620f..b7d51e66f 100644
--- a/libfreerdp/core/gcc.c
+++ b/libfreerdp/core/gcc.c
@@ -1815,10 +1815,12 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs)
 	if (!gcc_update_server_random(settings))
 		return FALSE;
 
+	if (!Stream_EnsureRemainingCapacity(s, sizeof(UINT32) + settings->ServerRandomLength))
+		return FALSE;
 	Stream_Write_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
 	const size_t posCertLen = Stream_GetPosition(s);
 	Stream_Seek_UINT32(s); /* serverCertLen */
-	Stream_Write(s, settings->ServerRandom, settings->ServerRandom);
+	Stream_Write(s, settings->ServerRandom, settings->ServerRandomLength);
 
 	const SSIZE_T len = certificate_write_server_certificate(
 	    settings->RdpServerRsaKey, CERT_TEMPORARILY_ISSUED | CERT_CHAIN_VERSION_1, s);