From fba85da6733f2a7038a4cb0cb21ddedce7e667ce Mon Sep 17 00:00:00 2001 From: akallabeth Date: Tue, 19 May 2020 08:16:55 +0200 Subject: [PATCH] Ensure buffers are NULL before reuse in NLA (cherry picked from commit 5f53b2b7c7109016b7127d595e13bd333ac77613) --- libfreerdp/core/nla.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 03efc83..f354e04 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -1212,6 +1212,7 @@ SECURITY_STATUS nla_encrypt_public_key_hash(rdpNla* nla) const size_t hashSize = nla->server ? sizeof(ServerClientHashMagic) : sizeof(ClientServerHashMagic); + sspi_SecBufferFree(&nla->pubKeyAuth); if (!sspi_SecBufferAlloc(&nla->pubKeyAuth, auth_data_length)) { status = SEC_E_INSUFFICIENT_MEMORY; @@ -2069,6 +2070,7 @@ static int nla_decode_ts_request(rdpNla* nla, wStream* s) return -1; } + sspi_SecBufferFree(&nla->negoToken); if (!sspi_SecBufferAlloc(&nla->negoToken, length)) return -1; @@ -2097,6 +2099,7 @@ static int nla_decode_ts_request(rdpNla* nla, wStream* s) Stream_GetRemainingLength(s) < length) return -1; + sspi_SecBufferFree(&nla->pubKeyAuth); if (!sspi_SecBufferAlloc(&nla->pubKeyAuth, length)) return -1; @@ -2121,6 +2124,7 @@ static int nla_decode_ts_request(rdpNla* nla, wStream* s) Stream_GetRemainingLength(s) < length) return -1; + sspi_SecBufferFree(&nla->ClientNonce); if (!sspi_SecBufferAlloc(&nla->ClientNonce, length)) return -1; @@ -2357,10 +2361,6 @@ rdpNla* nla_new(freerdp* instance, rdpTransport* transport, rdpSettings* setting nla->sendSeqNum = 0; nla->recvSeqNum = 0; nla->version = 6; - ZeroMemory(&nla->ClientNonce, sizeof(SecBuffer)); - ZeroMemory(&nla->negoToken, sizeof(SecBuffer)); - ZeroMemory(&nla->pubKeyAuth, sizeof(SecBuffer)); - ZeroMemory(&nla->authInfo, sizeof(SecBuffer)); SecInvalidateHandle(&nla->context); if (settings->NtlmSamFile) -- 2.7.4