Henri Verbeet : secur32: We can' t read more than expected_size - 5 in schan_DecryptMessage().
Alexandre Julliard
julliard at winehq.org
Tue Jun 26 13:34:15 CDT 2012
Module: wine
Branch: master
Commit: 8f39fb146a0e6540b219af8b70589dacaed616d6
URL: http://source.winehq.org/git/wine.git/?a=commit;h=8f39fb146a0e6540b219af8b70589dacaed616d6
Author: Henri Verbeet <hverbeet at codeweavers.com>
Date: Tue Jun 26 15:32:07 2012 +0200
secur32: We can't read more than expected_size - 5 in schan_DecryptMessage().
---
dlls/secur32/schannel.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index 2339b73..f703ab7 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -1067,7 +1067,7 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle
return SEC_E_INCOMPLETE_MESSAGE;
}
- data_size = buffer->cbBuffer;
+ data_size = expected_size - 5;
data = HeapAlloc(GetProcessHeap(), 0, data_size);
transport.ctx = ctx;
More information about the wine-cvs
mailing list