Skip to content

Commit e7bffa6

Browse files
committed
Fixed OOB read in update_recv_secondary_order
CVE-2020-4032 thanks to @antonio-morales for finding this.
1 parent 05cd9ea commit e7bffa6

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

Diff for: libfreerdp/core/orders.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -3762,12 +3762,13 @@ static BOOL update_recv_secondary_order(rdpUpdate* update, wStream* s, BYTE flag
37623762
name, end - start);
37633763
return FALSE;
37643764
}
3765-
diff = start - end;
3765+
diff = end - start;
37663766
if (diff > 0)
37673767
{
37683768
WLog_Print(update->log, WLOG_DEBUG,
37693769
"SECONDARY_ORDER %s: read %" PRIuz "bytes short, skipping", name, diff);
3770-
Stream_Seek(s, diff);
3770+
if (!Stream_SafeSeek(s, diff))
3771+
return FALSE;
37713772
}
37723773
return rc;
37733774
}

0 commit comments

Comments
 (0)