morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

Fixed OOB read in update_recv_secondary_order

Browse Source 
CVE-2020-4032 thanks to @antonio-morales for finding this.
This commit is contained in:
akallabeth
2020-05-27 08:10:11 +02:00
committed by Armin Novak
parent 05cd9ea229
commit e7bffa64ef
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libfreerdp/core/orders.c
View File

@@ -3762,12 +3762,13 @@ static BOOL update_recv_secondary_order(rdpUpdate* update, wStream* s, BYTE flag
name, end - start);
return FALSE;
}
diff = start - end;
diff = end - start;
if (diff > 0)
{
WLog_Print(update->log, WLOG_DEBUG,
"SECONDARY_ORDER %s: read %" PRIuz "bytes short, skipping", name, diff);
Stream_Seek(s, diff);
if (!Stream_SafeSeek(s, diff))
return FALSE;
}
return rc;
}