From 1fae4081a820eb870e8a9639338ecb4d2f1bde70 Mon Sep 17 00:00:00 2001
From: George Hazan <ghazan@miranda.im>
Date: Tue, 14 Jul 2020 19:24:57 +0300
Subject: more accurate version of the previous commit

---
 src/core/stdssl/src/netlibssl.cpp | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'src/core/stdssl')

diff --git a/src/core/stdssl/src/netlibssl.cpp b/src/core/stdssl/src/netlibssl.cpp
index 0c16f9fdb5..25a5e7d1df 100644
--- a/src/core/stdssl/src/netlibssl.cpp
+++ b/src/core/stdssl/src/netlibssl.cpp
@@ -773,9 +773,15 @@ static void* NetlibSslUnique(SslHandle *ssl, int *cbLen)
 	bindings = *(SEC_CHANNEL_BINDINGS *)bindings.dwInitiatorOffset;
 	pBuf += bindings.dwApplicationDataOffset;
 	if (memcmp(pBuf, "tls-unique:", 11)) {
-		CMStringA tmp(' ', bindings.cbApplicationDataLength * 2);
-		bin2hex(pBuf, bindings.cbApplicationDataLength, tmp.GetBuffer());
-		Netlib_Logf(nullptr, "NetlibSslUnique() failed: bad buffer: %s", tmp.c_str());
+		char tmp[sizeof(bindings) * 2 + 1];
+		bin2hex(&bindings, sizeof(bindings), tmp);
+		Netlib_Logf(nullptr, "NetlibSslUnique() failed: bad buffer: %s", tmp);
+
+		if (!IsBadReadPtr(pBuf, bindings.cbApplicationDataLength)) {
+			ptrA buf((char*)mir_alloc(bindings.cbApplicationDataLength*2 + 1));
+			bin2hex(pBuf, bindings.cbApplicationDataLength, buf);
+			Netlib_Logf(nullptr, "buffer: %s", buf.get());
+		}
 		return nullptr;
 	}
 
-- 
cgit v1.2.3