summaryrefslogtreecommitdiff
path: root/src/core/stdssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/stdssl')
-rw-r--r--src/core/stdssl/src/netlibssl.cpp10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/core/stdssl/src/netlibssl.cpp b/src/core/stdssl/src/netlibssl.cpp
index 25a5e7d1df..1ed8e4fc5d 100644
--- a/src/core/stdssl/src/netlibssl.cpp
+++ b/src/core/stdssl/src/netlibssl.cpp
@@ -762,15 +762,19 @@ static void* NetlibSslUnique(SslHandle *ssl, int *cbLen)
return nullptr;
}
- LPBYTE pBuf = LPBYTE(bindings.dwInitiatorOffset);
- if (bindings.dwInitiatorOffset == 0) {
+ BYTE *pBuf;
+ if (!IsBadReadPtr((void*)bindings.cbInitiatorLength, sizeof(bindings)))
+ pBuf = (BYTE *)bindings.cbInitiatorLength;
+ else if(!IsBadReadPtr((void *)bindings.dwInitiatorOffset, sizeof(bindings)))
+ pBuf = (BYTE *)bindings.dwInitiatorOffset;
+ else {
char tmp[sizeof(bindings)*2 + 1];
bin2hex(&bindings, sizeof(bindings), tmp);
Netlib_Logf(nullptr, "Failed bindings: %s", tmp);
return nullptr;
}
- bindings = *(SEC_CHANNEL_BINDINGS *)bindings.dwInitiatorOffset;
+ bindings = *(SEC_CHANNEL_BINDINGS *)pBuf;
pBuf += bindings.dwApplicationDataOffset;
if (memcmp(pBuf, "tls-unique:", 11)) {
char tmp[sizeof(bindings) * 2 + 1];
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-31 16:52:32 +0000