morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

[core,nla] fix a memory leak in server nla

Browse Source 
Clear destination SecBuffer before calling credssp_auth_decrypt or
credssp_auth_encrypt
This commit is contained in:
akallabeth
2023-01-26 12:51:39 +01:00
committed by Martin Fleisz
parent aeef6045b7
commit ca3cd8b7ec
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libfreerdp/core/nla.c
View File

@@ -897,6 +897,7 @@ BOOL nla_encrypt_public_key_echo(rdpNla* nla)
WINPR_ASSERT(nla);
sspi_SecBufferFree(&nla->pubKeyAuth);
if (nla->server)
{
SecBuffer buf;
@@ -951,8 +952,11 @@ BOOL nla_encrypt_public_key_hash(rdpNla* nla)
if (!winpr_Digest_Final(sha256, buf.pvBuffer, WINPR_SHA256_DIGEST_LENGTH))
goto out;
if (credssp_auth_encrypt(nla->auth, &buf, &nla->pubKeyAuth, NULL, nla->sendSeqNum++))
status = TRUE;
sspi_SecBufferFree(&nla->pubKeyAuth);
if (!credssp_auth_encrypt(nla->auth, &buf, &nla->pubKeyAuth, NULL, nla->sendSeqNum++))
goto out;
status = TRUE;
out:
winpr_Digest_Free(sha256);
@@ -1272,6 +1276,7 @@ static BOOL nla_encrypt_ts_credentials(rdpNla* nla)
if (!nla_encode_ts_credentials(nla))
return FALSE;
sspi_SecBufferFree(&nla->authInfo);
if (!credssp_auth_encrypt(nla->auth, &nla->tsCredentials, &nla->authInfo, NULL,
nla->sendSeqNum++))
return FALSE;
@@ -1289,6 +1294,7 @@ static BOOL nla_decrypt_ts_credentials(rdpNla* nla)
return FALSE;
}
sspi_SecBufferFree(&nla->tsCredentials);
if (!credssp_auth_decrypt(nla->auth, &nla->authInfo, &nla->tsCredentials, nla->recvSeqNum++))
return FALSE;