Overview

File freerdp-CVE-2014-0791.patch of Package freerdp

From 5253b9e27a2de48564f9b41eb3643a8edf11afe9 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Mon, 23 Jun 2014 12:57:55 +0800
Subject: [PATCH] CVE-2014-0791

---
 libfreerdp-core/license.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libfreerdp-core/license.c b/libfreerdp-core/license.c
index 60b9f93..2425ddc 100644
--- a/libfreerdp-core/license.c
+++ b/libfreerdp-core/license.c
@@ -539,6 +539,8 @@ void license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList)
 	uint32 scopeCount;
 
 	stream_read_uint32(s, scopeCount); /* ScopeCount (4 bytes) */
+	if (scopeCount > stream_get_left(s) / 4)  /* every blob is at least 4 bytes */
+		return;
 
 	scopeList->count = scopeCount;
 	scopeList->array = (LICENSE_BLOB*) xmalloc(sizeof(LICENSE_BLOB) * scopeCount);
-- 
1.7.12.4
openSUSE Build Service is sponsored by
Places