diff options
Diffstat (limited to 'CVE-2014-0791.patch')
-rw-r--r-- | CVE-2014-0791.patch | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/CVE-2014-0791.patch b/CVE-2014-0791.patch deleted file mode 100644 index 42939bc46b6a..000000000000 --- a/CVE-2014-0791.patch +++ /dev/null @@ -1,24 +0,0 @@ -From f1d6afca6ae620f9855a33280bdc6f3ad9153be0 Mon Sep 17 00:00:00 2001 -From: Hardening <rdp.effort@gmail.com> -Date: Wed, 8 Jan 2014 16:12:51 +0100 -Subject: [PATCH] Fix CVE-2014-0791 - -This patch fixes CVE-2014-0791, the remaining length in the stream is checked -before doing some malloc(). ---- - libfreerdp/core/license.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/license.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/core/license.c 2017-08-23 11:07:13.453296923 -0400 -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/license.c 2017-08-23 11:07:13.449296923 -0400 -@@ -677,6 +677,8 @@ BOOL license_read_scope_list(wStream* s, - return FALSE; - - Stream_Read_UINT32(s, scopeCount); /* ScopeCount (4 bytes) */ -+ if (scopeCount > Stream_GetRemainingLength(s) / 4) /* every blob is at least 4 bytes */ -+ return FALSE; - - scopeList->count = scopeCount; - scopeList->array = (LICENSE_BLOB*) malloc(sizeof(LICENSE_BLOB) * scopeCount); |