From: akallabeth <akallabeth@posteo.net>
Date: Fri, 29 May 2020 07:20:05 +0000 (+0200)
Subject: Lock security_decrypt to avoid simultaneous counter manipulation
X-Git-Tag: 2.1.2^2~56
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4f80017786dbbf78a46e781352a911c11909ffde;p=platform%2Fupstream%2Ffreerdp.git

Lock security_decrypt to avoid simultaneous counter manipulation

(cherry picked from commit 164c00f68b64781d8c624a8c71fab6691519d294)
---

diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c
index e6571c3..54c39cc 100644
--- a/libfreerdp/core/security.c
+++ b/libfreerdp/core/security.c
@@ -741,29 +741,34 @@ fail:
 
 BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
 {
+	BOOL rc = FALSE;
+	EnterCriticalSection(&rdp->critical);
 	if (rdp->rc4_decrypt_key == NULL)
-		return FALSE;
+		goto fail;
 
 	if (rdp->decrypt_use_count >= 4096)
 	{
 		if (!security_key_update(rdp->decrypt_key, rdp->decrypt_update_key, rdp->rc4_key_len, rdp))
-			return FALSE;
+			goto fail;
 
 		winpr_RC4_Free(rdp->rc4_decrypt_key);
 		rdp->rc4_decrypt_key = winpr_RC4_New(rdp->decrypt_key, rdp->rc4_key_len);
 
 		if (!rdp->rc4_decrypt_key)
-			return FALSE;
+			goto fail;
 
 		rdp->decrypt_use_count = 0;
 	}
 
 	if (!winpr_RC4_Update(rdp->rc4_decrypt_key, length, data, data))
-		return FALSE;
+		goto fail;
 
 	rdp->decrypt_use_count += 1;
 	rdp->decrypt_checksum_use_count++;
-	return TRUE;
+	rc = TRUE;
+fail:
+	LeaveCriticalSection(&rdp->critical);
+	return rc;
 }
 
 BOOL security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp)