mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lock security_decrypt to avoid simultaneous counter manipulation

Browse Source
This commit is contained in:
akallabeth 2020-05-29 09:20:05 +02:00 committed by akallabeth
parent 5f788c65f4
commit a381dd1a27
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libfreerdp/core/security.c
View File

@ -741,29 +741,34 @@ fail:
BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
{
BOOL rc = FALSE;
EnterCriticalSection(&rdp->critical);
if (rdp->rc4_decrypt_key == NULL)
return FALSE;
goto fail;
if (rdp->decrypt_use_count >= 4096)
{
if (!security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len, rdp))
return FALSE;
goto fail;
winpr_RC4_Free(rdp->rc4_decrypt_key);
rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
if (!rdp->rc4_decrypt_key)
return FALSE;
goto fail;
rdp->decrypt_use_count = 0;
}
if (!winpr_RC4_Update(rdp->rc4_decrypt_key, length, data, data))
return FALSE;
goto fail;
rdp->decrypt_use_count += 1;
rdp->decrypt_checksum_use_count++;
return TRUE;
rc = TRUE;
fail:
LeaveCriticalSection(&rdp->critical);
return rc;
}
BOOL security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp)