Overview

File freerdp-CVE-2022-24882.patch of Package freerdp.30864

From e4fc2a762864f320e95aa6769100dd5ceb11c486 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 28 Mar 2022 12:58:19 +0200
Subject: [PATCH] Fixed missing field read.

(cherry picked from commit cb538114ed0e0739ccc6c65754462265ba1072ed)
---
 winpr/libwinpr/sspi/NTLM/ntlm_message.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
index 7502ecfc2..f3d4d421e 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
@@ -71,6 +71,7 @@ static const char* const NTLM_NEGOTIATE_STRINGS[] = { "NTLMSSP_NEGOTIATE_56",
 	                                                  "NTLMSSP_REQUEST_TARGET",
 	                                                  "NTLMSSP_NEGOTIATE_OEM",
 	                                                  "NTLMSSP_NEGOTIATE_UNICODE" };
+static void ntlm_free_message_fields_buffer(NTLM_MESSAGE_FIELDS* fields);
 
 static void ntlm_print_negotiate_flags(UINT32 flags)
 {
@@ -120,6 +121,8 @@ static int ntlm_read_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields)
 	if (Stream_GetRemainingLength(s) < 8)
 		return -1;
 
+	ntlm_free_message_fields_buffer(fields);
+
 	Stream_Read_UINT16(s, fields->Len);          /* Len (2 bytes) */
 	Stream_Read_UINT16(s, fields->MaxLen);       /* MaxLen (2 bytes) */
 	Stream_Read_UINT32(s, fields->BufferOffset); /* BufferOffset (4 bytes) */
@@ -169,7 +172,7 @@ static void ntlm_write_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fi
 	}
 }
 
-static void ntlm_free_message_fields_buffer(NTLM_MESSAGE_FIELDS* fields)
+void ntlm_free_message_fields_buffer(NTLM_MESSAGE_FIELDS* fields)
 {
 	if (fields)
 	{
-- 
2.26.2
openSUSE Build Service is sponsored by
Places