Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed OOB read in update_recv_secondary_order
CVE-2020-4032 thanks to @antonio-morales for finding this.
  • Loading branch information
akallabeth committed Jun 22, 2020
1 parent 05cd9ea commit e7bffa6
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions libfreerdp/core/orders.c
Expand Up @@ -3762,12 +3762,13 @@ static BOOL update_recv_secondary_order(rdpUpdate* update, wStream* s, BYTE flag
name, end - start);
return FALSE;
}
diff = start - end;
diff = end - start;
if (diff > 0)
{
WLog_Print(update->log, WLOG_DEBUG,
"SECONDARY_ORDER %s: read %" PRIuz "bytes short, skipping", name, diff);
Stream_Seek(s, diff);
if (!Stream_SafeSeek(s, diff))
return FALSE;
}
return rc;
}
Expand Down

0 comments on commit e7bffa6

Please sign in to comment.