Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed GHSL-2020-101 missing NULL check
(cherry picked from commit b207dbba35c505bbc3ad5aadc10b34980c6b7e8e)
  • Loading branch information
akallabeth committed May 20, 2020
1 parent 8305349 commit d6cd140
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions libfreerdp/core/security.c
Expand Up @@ -816,6 +816,9 @@ BOOL security_fips_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
{
size_t olen;

if (!rdp || !rdp->fips_decrypt)
return FALSE;

if (!winpr_Cipher_Update(rdp->fips_decrypt, data, length, data, &olen))
return FALSE;

Expand Down

3 comments on commit d6cd140

@tcullum-rh
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@akallabeth are all uninitialized pointers guaranteed to always be set to NULL? I noted that the CVE page states that this patch is re an uninitialized pointer issue, but if the uninitialized pointer is not specifically set to NULL, it will still pass this check.

@akallabeth
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tcullum-rh the rdp struct is initialized with calloc so yes.

@tcullum-rh
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@akallabeth awesome, thanks and thank you for all your hard work on this project!

Please sign in to comment.