Lock security_decrypt to avoid simultaneous counter manipulation

(cherry picked from commit 164c00f68b64781d8c624a8c71fab6691519d294)

diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c
index e6571c3..54c39cc 100644 (file)
--- a/libfreerdp/core/security.c
+++ b/libfreerdp/core/security.c
@@ -741,29 +741,34 @@ fail:
 
 BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
 {
+       BOOL rc = FALSE;
+       EnterCriticalSection(&rdp->critical);
        if (rdp->rc4_decrypt_key == NULL)
-               return FALSE;
+               goto fail;
 
        if (rdp->decrypt_use_count >= 4096)
        {
                if (!security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len, rdp))
-                       return FALSE;
+                       goto fail;
 
                winpr_RC4_Free(rdp->rc4_decrypt_key);
                rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
 
                if (!rdp->rc4_decrypt_key)
-                       return FALSE;
+                       goto fail;
 
                rdp->decrypt_use_count = 0;
        }
 
        if (!winpr_RC4_Update(rdp->rc4_decrypt_key, length, data, data))
-               return FALSE;
+               goto fail;
 
        rdp->decrypt_use_count += 1;
        rdp->decrypt_checksum_use_count++;
-       return TRUE;
+       rc = TRUE;
+fail:
+       LeaveCriticalSection(&rdp->critical);
+       return rc;
 }
 
 BOOL security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp)