[PATCH] Only process full TLS frames in schan_DecryptMessage

Hans Leidekker hans at meelstraat.net
Tue Aug 31 07:56:46 CDT 2010


On Mon, 2010-08-30 at 23:57 +0300, Mikko Rasa wrote:

> +    SIZE_T expected_size;
>      ssize_t received = 0;
>      ssize_t ret;
>      int idx;
> -    char *buf_ptr;
> +    unsigned char *buf_ptr;
>      unsigned int offset;
>  
>      TRACE("context_handle %p, message %p, message_seq_no %d, quality %p\n",
> @@ -1230,12 +1243,22 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle
>      if (idx == -1)
>          return SEC_E_INVALID_TOKEN;
>      buffer = &message->pBuffers[idx];
> +    buf_ptr = (unsigned char *)buffer->pvBuffer;
> +
> +    expected_size = 5 + ((buf_ptr[3] << 8) | buf_ptr[4]);
> +    if(buffer->cbBuffer < expected_size)
> +    {
> +        TRACE("Expected %u bytes, but buffer only contains %u bytes\n", expected_size, buffer->cbBuffer);
> +        TRACE("Returning SEC_E_INCOMPLETE_MESSAGE\n");
> +        return SEC_E_INCOMPLETE_MESSAGE;
> +    }

This produces a compiler warning here: schannel.c: In function
‘schan_DecryptMessage’: schannel.c:1251: warning: format ‘%u’ expects
type ‘unsigned int’, but argument 5 has type ‘SIZE_T’





More information about the wine-devel mailing list