From 5f9db5a89c0bb134909afca84bc359df1c58de59 Mon Sep 17 00:00:00 2001 From: Martin Fleisz Date: Tue, 14 Feb 2023 09:16:02 +0100 Subject: [PATCH] core: Fix pointer corruption with d2i_X509 The `d2i_X509` function manipulates the passed pointer on success. This resulted in a corrupted `rdpCertBlob` struct, crashing later on free. --- libfreerdp/crypto/certificate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libfreerdp/crypto/certificate.c b/libfreerdp/crypto/certificate.c index 8058f22b5..42a8c4314 100644 --- a/libfreerdp/crypto/certificate.c +++ b/libfreerdp/crypto/certificate.c @@ -285,7 +285,8 @@ static BOOL is_rsa_key(const X509* x509) static BOOL blob_is_rsa_key(const rdpCertBlob* cert) { - X509* x509 = d2i_X509(NULL, &cert->data, cert->length); + const BYTE* inData = cert->data; + X509* x509 = d2i_X509(NULL, &inData, cert->length); if (!x509) return FALSE;