Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix possible integer overflow in license_read_scope_list()
  • Loading branch information
Huzaifa Sidhpurwala committed Jan 2, 2014
1 parent 72f38ce commit e274580
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions libfreerdp/core/license.c
Expand Up @@ -670,6 +670,9 @@ BOOL license_read_scope_list(wStream* s, SCOPE_LIST* scopeList)

Stream_Read_UINT32(s, scopeCount); /* ScopeCount (4 bytes) */

if (Stream_GetRemainingLength(s) / sizeof(LICENSE_BLOB) < scopeCount)
return FALSE; /* Avoid overflow in malloc */

scopeList->count = scopeCount;
scopeList->array = (LICENSE_BLOB*) malloc(sizeof(LICENSE_BLOB) * scopeCount);

Expand Down

0 comments on commit e274580

Please sign in to comment.