From dfe89737a0c1581c6c4a09e6ddc321c2de69e3f5 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Wed, 27 Apr 2022 16:07:12 +0200 Subject: [PATCH] Fixed use after free --- libfreerdp/core/tscredentials.c | 4 +++- libfreerdp/core/tscredentials.h | 7 ++++--- tools/asn_parser_generator.py | 1 + 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/libfreerdp/core/tscredentials.c b/libfreerdp/core/tscredentials.c index de1ccebd6..ec0b26432 100644 --- a/libfreerdp/core/tscredentials.c +++ b/libfreerdp/core/tscredentials.c @@ -1,6 +1,6 @@ /* ============================================================================================================ * this file has been generated using - * tools/asn_parser_generator.py --input=libfreerdp/core/credssp.asn1 --output-kind=impls + * ./tools/asn_parser_generator.py --input=libfreerdp/core/credssp.asn1 --output-kind=impls * --output=libfreerdp/core/tscredentials.c * * /!\ If you want to modify this file you'd probably better change asn_parser_generator.py or the @@ -844,7 +844,9 @@ BOOL ber_read_nla_TSRemoteGuardPackageCred_array(wStream* s, TSRemoteGuardPackag free(retItems); return FALSE; } + retItems = tmpRet; + retItems = tmpRet; memcpy(&retItems[ret], item, sizeof(*item)); free(item); ret++; diff --git a/libfreerdp/core/tscredentials.h b/libfreerdp/core/tscredentials.h index 72e503548..ae42b23e6 100644 --- a/libfreerdp/core/tscredentials.h +++ b/libfreerdp/core/tscredentials.h @@ -1,9 +1,10 @@ /* ============================================================================================================ * this file has been generated using - * tools/asn_parser_generator.py --input=libfreerdp/core/credssp.asn1 --output-kind=headers --output=libfreerdp/core/tscredentials.h + * ./tools/asn_parser_generator.py --input=libfreerdp/core/credssp.asn1 --output-kind=headers + * --output=libfreerdp/core/tscredentials.h * - * /!\ If you want to modify this file you'd probably better change asn_parser_generator.py or the corresponding ASN1 - * definition file + * /!\ If you want to modify this file you'd probably better change asn_parser_generator.py or the + * corresponding ASN1 definition file * * ============================================================================================================ */ diff --git a/tools/asn_parser_generator.py b/tools/asn_parser_generator.py index 2a2b83166..bd42bef02 100755 --- a/tools/asn_parser_generator.py +++ b/tools/asn_parser_generator.py @@ -520,6 +520,7 @@ BOOL ber_read_{prefix}{defName}_array(wStream* s, {defName}_t** pitems, size_t* free(retItems); return FALSE; }} + retItems = tmpRet; memcpy(&retItems[ret], item, sizeof(*item)); free(item);