[PATCH] Only process full TLS frames in schan_DecryptMessage
Hans Leidekker
hans at meelstraat.net
Tue Aug 31 07:56:46 CDT 2010
On Mon, 2010-08-30 at 23:57 +0300, Mikko Rasa wrote:
> + SIZE_T expected_size;
> ssize_t received = 0;
> ssize_t ret;
> int idx;
> - char *buf_ptr;
> + unsigned char *buf_ptr;
> unsigned int offset;
>
> TRACE("context_handle %p, message %p, message_seq_no %d, quality %p\n",
> @@ -1230,12 +1243,22 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle
> if (idx == -1)
> return SEC_E_INVALID_TOKEN;
> buffer = &message->pBuffers[idx];
> + buf_ptr = (unsigned char *)buffer->pvBuffer;
> +
> + expected_size = 5 + ((buf_ptr[3] << 8) | buf_ptr[4]);
> + if(buffer->cbBuffer < expected_size)
> + {
> + TRACE("Expected %u bytes, but buffer only contains %u bytes\n", expected_size, buffer->cbBuffer);
> + TRACE("Returning SEC_E_INCOMPLETE_MESSAGE\n");
> + return SEC_E_INCOMPLETE_MESSAGE;
> + }
This produces a compiler warning here: schannel.c: In function
‘schan_DecryptMessage’: schannel.c:1251: warning: format ‘%u’ expects
type ‘unsigned int’, but argument 5 has type ‘SIZE_T’
More information about the wine-devel
mailing list