security: add a NULL pointer check to fix a server crash.

2013-03-05 15:08:03 +08:00 · 2013-03-05 15:08:03 +08:00 · 7d58aac24f
parent 03fd416b3b
commit 7d58aac24f
2 changed files with 4 additions and 1 deletions
--- a/libfreerdp/core/rdp.c
+++ b/libfreerdp/core/rdp.c
@ -717,7 +717,8 @@ BOOL rdp_decrypt(rdpRdp* rdp, STREAM* s, int length, UINT16 securityFlags)

 	stream_read(s, wmac, sizeof(wmac));
 	length -= sizeof(wmac);
-	security_decrypt(s->p, length, rdp);
+	if (!security_decrypt(s->p, length, rdp))
+		return FALSE;

 	if (securityFlags & SEC_SECURE_CHECKSUM)
 		security_salted_mac_signature(rdp, s->p, length, FALSE, cmac);
--- a/libfreerdp/core/security.c
+++ b/libfreerdp/core/security.c
@ -492,6 +492,8 @@ BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp)

 BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp)
 {
+	if (rdp->rc4_decrypt_key == NULL)
+		return FALSE;
 	if (rdp->decrypt_use_count >= 4096)
 	{
 		security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len);