[PATCH 2/5] secur32: We can't read more than expected_size - 5 in schan_DecryptMessage().
Henri Verbeet
hverbeet at codeweavers.com
Tue Jun 26 08:32:07 CDT 2012
---
dlls/secur32/schannel.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index 2339b73..f703ab7 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -1067,7 +1067,7 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle
return SEC_E_INCOMPLETE_MESSAGE;
}
- data_size = buffer->cbBuffer;
+ data_size = expected_size - 5;
data = HeapAlloc(GetProcessHeap(), 0, data_size);
transport.ctx = ctx;
--
1.7.3.4
More information about the wine-patches
mailing list