diff options
Diffstat (limited to 'CVE-2018-8789.patch')
-rw-r--r-- | CVE-2018-8789.patch | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/CVE-2018-8789.patch b/CVE-2018-8789.patch deleted file mode 100644 index 1aec14058174..000000000000 --- a/CVE-2018-8789.patch +++ /dev/null @@ -1,27 +0,0 @@ -Backport of: - -From 2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6 Mon Sep 17 00:00:00 2001 -From: Armin Novak <armin.novak@thincast.com> -Date: Mon, 22 Oct 2018 16:00:03 +0200 -Subject: [PATCH] Fixed CVE-2018-8789 - -Thanks to Eyal Itkin from Check Point Software Technologies. ---- - winpr/libwinpr/sspi/NTLM/ntlm_message.c | 24 +++++++++++++----------- - 1 file changed, 13 insertions(+), 11 deletions(-) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/sspi/NTLM/ntlm_message.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/winpr/libwinpr/sspi/NTLM/ntlm_message.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/sspi/NTLM/ntlm_message.c -@@ -146,6 +146,10 @@ void ntlm_read_message_fields_buffer(wSt - { - if (fields->Len > 0) - { -+ const UINT64 offset = (UINT64)fields->BufferOffset + (UINT64)fields->Len; -+ -+ if (offset > Stream_Length(s)) -+ return; - fields->Buffer = malloc(fields->Len); - Stream_SetPosition(s, fields->BufferOffset); - Stream_Read(s, fields->Buffer, fields->Len); |