mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

core: Fix array overrunning during FIPS keys generation 

p is 20 and r is 1 in the last iteration of fips_expand_key_bits,
which means that buf[21] is read (of BYTE buf[21];). However,
the value is not needed, because it is consequently discarded by
"c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1
to avoid this.
This commit is contained in:
Ondrej Holy 2017-12-19 10:21:03 +01:00
parent 2b320ea0fc
commit 0389cb129e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libfreerdp/core/security.c
View File

@ -524,9 +524,9 @@ static void fips_expand_key_bits(BYTE* in, BYTE* out)
p = b / 8;
r = b % 8;
if (r == 0)
if (r <= 1)
{
out[i] = buf[p] & 0xfe;
out[i] = (buf[p] << r) & 0xfe;
}
else
{