Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:Update
freerdp.6948
freerdp-CVE-2018-8789.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File freerdp-CVE-2018-8789.patch of Package freerdp.6948
From 2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6 Mon Sep 17 00:00:00 2001 From: Armin Novak <armin.novak@thincast.com> Date: Mon, 22 Oct 2018 16:00:03 +0200 Subject: [PATCH 1/6] Fixed CVE-2018-8789 Thanks to Eyal Itkin from Check Point Software Technologies. --- winpr/libwinpr/sspi/NTLM/ntlm_message.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) Index: b/winpr/libwinpr/sspi/NTLM/ntlm_message.c =================================================================== --- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c 2019-01-08 19:44:33.512758872 +0800 +++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c 2019-01-08 19:44:39.104796353 +0800 @@ -74,7 +74,7 @@ static const char* const NTLM_NEGOTIATE_ "NTLMSSP_NEGOTIATE_UNICODE" }; -void ntlm_print_negotiate_flags(UINT32 flags) +static void ntlm_print_negotiate_flags(UINT32 flags) { int i; const char* str; @@ -90,7 +90,7 @@ void ntlm_print_negotiate_flags(UINT32 f } } -int ntlm_read_message_header(wStream* s, NTLM_MESSAGE_HEADER* header) +static int ntlm_read_message_header(wStream* s, NTLM_MESSAGE_HEADER* header) { if (Stream_GetRemainingLength(s) < 12) return -1; @@ -104,19 +104,19 @@ int ntlm_read_message_header(wStream* s, return 1; } -void ntlm_write_message_header(wStream* s, NTLM_MESSAGE_HEADER* header) +static void ntlm_write_message_header(wStream* s, NTLM_MESSAGE_HEADER* header) { Stream_Write(s, header->Signature, sizeof(NTLM_SIGNATURE)); Stream_Write_UINT32(s, header->MessageType); } -void ntlm_populate_message_header(NTLM_MESSAGE_HEADER* header, UINT32 MessageType) +static void ntlm_populate_message_header(NTLM_MESSAGE_HEADER* header, UINT32 MessageType) { CopyMemory(header->Signature, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)); header->MessageType = MessageType; } -int ntlm_read_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields) +static int ntlm_read_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (Stream_GetRemainingLength(s) < 8) return -1; @@ -127,7 +127,7 @@ int ntlm_read_message_fields(wStream* s, return 1; } -void ntlm_write_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields) +static void ntlm_write_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (fields->MaxLen < 1) fields->MaxLen = fields->Len; @@ -137,11 +137,13 @@ void ntlm_write_message_fields(wStream* Stream_Write_UINT32(s, fields->BufferOffset); /* BufferOffset (4 bytes) */ } -int ntlm_read_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields) +static int ntlm_read_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (fields->Len > 0) { - if ((fields->BufferOffset + fields->Len) > Stream_Length(s)) + const UINT64 offset = (UINT64)fields->BufferOffset + (UINT64)fields->Len; + + if (offset > Stream_Length(s)) return -1; fields->Buffer = (PBYTE) malloc(fields->Len); @@ -156,7 +158,7 @@ int ntlm_read_message_fields_buffer(wStr return 1; } -void ntlm_write_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields) +static void ntlm_write_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields) { if (fields->Len > 0) { @@ -165,7 +167,7 @@ void ntlm_write_message_fields_buffer(wS } } -void ntlm_free_message_fields_buffer(NTLM_MESSAGE_FIELDS* fields) +static void ntlm_free_message_fields_buffer(NTLM_MESSAGE_FIELDS* fields) { if (fields) { @@ -180,7 +182,7 @@ void ntlm_free_message_fields_buffer(NTL } } -void ntlm_print_message_fields(NTLM_MESSAGE_FIELDS* fields, const char* name) +static void ntlm_print_message_fields(NTLM_MESSAGE_FIELDS* fields, const char* name) { WLog_DBG(TAG, "%s (Len: %d MaxLen: %d BufferOffset: %d)", name, fields->Len, fields->MaxLen, fields->BufferOffset);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor