File freerdp-CVE-2022-39282.patch of Package freerdp.26971

Overview Repositories Revisions Requests Users Attributes Meta

File freerdp-CVE-2022-39282.patch of Package freerdp.26971

From 85a055386a033143720007f659cc14aa68cce4b9 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 6 Oct 2022 09:12:40 +0200
Subject: [PATCH] Fix length checks in parallel driver

The length requested was not checked against the length read from
the port.

(cherry picked from commit 094cc5a4596c299595b732effd59ee149181fd61)
---
 channels/parallel/client/parallel_main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c
index af3e82703..993605a65 100644
--- a/channels/parallel/client/parallel_main.c
+++ b/channels/parallel/client/parallel_main.c
@@ -159,7 +159,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
 		return ERROR_INVALID_DATA;
 	Stream_Read_UINT32(irp->input, Length);
 	Stream_Read_UINT64(irp->input, Offset);
-	buffer = (BYTE*)malloc(Length);
+	buffer = (BYTE*)calloc(Length, sizeof(BYTE));
 
 	if (!buffer)
 	{
@@ -178,6 +178,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
 	}
 	else
 	{
+		Length = status;
 	}
 
 	Stream_Write_UINT32(irp->output, Length);
-- 
2.26.2

Places

File freerdp-CVE-2022-39282.patch of Package freerdp.26971

Places