diff options
| author | George Hazan <ghazan@miranda.im> | 2020-07-15 17:51:53 +0300 |
|---|---|---|
| committer | George Hazan <ghazan@miranda.im> | 2020-07-15 17:51:53 +0300 |
| commit | 84d4a2b429da046b8a33bc39aa38a3b529ccc9a6 (patch) | |
| tree | 146bf9de5fe4dbf6d6cf5c7a61329395aebbad98 /src/core | |
| parent | 149282db31fd9b6be2142d21cac98bae97ce9a4d (diff) | |
fixes #2486 completely
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/stdssl/src/netlibssl.cpp | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/core/stdssl/src/netlibssl.cpp b/src/core/stdssl/src/netlibssl.cpp index 25a5e7d1df..1ed8e4fc5d 100644 --- a/src/core/stdssl/src/netlibssl.cpp +++ b/src/core/stdssl/src/netlibssl.cpp @@ -762,15 +762,19 @@ static void* NetlibSslUnique(SslHandle *ssl, int *cbLen) return nullptr;
}
- LPBYTE pBuf = LPBYTE(bindings.dwInitiatorOffset);
- if (bindings.dwInitiatorOffset == 0) {
+ BYTE *pBuf;
+ if (!IsBadReadPtr((void*)bindings.cbInitiatorLength, sizeof(bindings)))
+ pBuf = (BYTE *)bindings.cbInitiatorLength;
+ else if(!IsBadReadPtr((void *)bindings.dwInitiatorOffset, sizeof(bindings)))
+ pBuf = (BYTE *)bindings.dwInitiatorOffset;
+ else {
char tmp[sizeof(bindings)*2 + 1];
bin2hex(&bindings, sizeof(bindings), tmp);
Netlib_Logf(nullptr, "Failed bindings: %s", tmp);
return nullptr;
}
- bindings = *(SEC_CHANNEL_BINDINGS *)bindings.dwInitiatorOffset;
+ bindings = *(SEC_CHANNEL_BINDINGS *)pBuf;
pBuf += bindings.dwApplicationDataOffset;
if (memcmp(pBuf, "tls-unique:", 11)) {
char tmp[sizeof(bindings) * 2 + 1];
|