mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed an issue introduced with #4822 

The string prepared is not NULL terminated and the sources are of fixed sizes.
Use memcpy instead of print fucntions in this specific case.
This commit is contained in:
Armin Novak 2018-09-03 08:48:33 +02:00
parent 25e2ab1c09
commit 817f8e0d47
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libfreerdp/crypto/tls.c
View File

@ -593,16 +593,14 @@ static void tls_free_certificate(CryptoCert cert)
static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
{
int PrefixLength;
BYTE CertificateHash[32];
UINT32 CertificateHashLength;
BYTE* ChannelBindingToken;
UINT32 ChannelBindingTokenLength;
SEC_CHANNEL_BINDINGS* ChannelBindings;
SecPkgContext_Bindings* ContextBindings;
ZeroMemory(CertificateHash, sizeof(CertificateHash));
const size_t PrefixLength = strnlen(TLS_SERVER_END_POINT, ARRAYSIZE(TLS_SERVER_END_POINT));
BYTE CertificateHash[32] = { 0 };
X509_digest(cert, EVP_sha256(), CertificateHash, &CertificateHashLength);
PrefixLength = strlen(TLS_SERVER_END_POINT);
ChannelBindingTokenLength = PrefixLength + CertificateHashLength;
ContextBindings = (SecPkgContext_Bindings*) calloc(1,
sizeof(SecPkgContext_Bindings));
@ -623,9 +621,8 @@ static SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert)
ChannelBindings->dwApplicationDataOffset = sizeof(SEC_CHANNEL_BINDINGS);
ChannelBindingToken = &((BYTE*)
ChannelBindings)[ChannelBindings->dwApplicationDataOffset];
sprintf_s((char*) ChannelBindingToken,
ContextBindings->BindingsLength - ChannelBindings->dwApplicationDataOffset, "%s%s",
TLS_SERVER_END_POINT, CertificateHash);
memcpy(ChannelBindingToken, TLS_SERVER_END_POINT, PrefixLength);
memcpy(ChannelBindingToken + PrefixLength, CertificateHash, CertificateHashLength);
return ContextBindings;
out_free:
free(ContextBindings);