From 7841030279c5300d5073b2348b58f3f41e136f82 Mon Sep 17 00:00:00 2001 From: Markus Beth Date: Tue, 11 Jun 2019 22:57:31 +0200 Subject: [PATCH] sec_decrypt() the correct amount of data Save the correct amount of data to sec_decrypt() because after inout_uint8p() the macro s_remaining(s) will find nothing left. --- secure.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/secure.c b/secure.c index 8f65b3aa..9b301e1f 100644 --- a/secure.c +++ b/secure.c @@ -813,6 +813,7 @@ sec_recv(uint8 * rdpver) STREAM s; struct stream packet; size_t data_offset; + size_t remaining; unsigned char *data; while ((s = mcs_recv(&channel, rdpver)) != NULL) @@ -832,8 +833,9 @@ sec_recv(uint8 * rdpver) data_offset = s_tell(s); - inout_uint8p(s, data, s_remaining(s)); - sec_decrypt(data, s_remaining(s)); + remaining = s_remaining(s); + inout_uint8p(s, data, remaining); + sec_decrypt(data, remaining); s_seek(s, data_offset); } @@ -860,8 +862,9 @@ sec_recv(uint8 * rdpver) data_offset = s_tell(s); - inout_uint8p(s, data, s_remaining(s)); - sec_decrypt(data, s_remaining(s)); + remaining = s_remaining(s); + inout_uint8p(s, data, remaining); + sec_decrypt(data, remaining); } if (sec_flags & SEC_LICENCE_NEG) @@ -883,8 +886,9 @@ sec_recv(uint8 * rdpver) data_offset = s_tell(s); - inout_uint8p(s, data, s_remaining(s)); - sec_decrypt(data, s_remaining(s)); + remaining = s_remaining(s); + inout_uint8p(s, data, remaining); + sec_decrypt(data, remaining); /* Check for a redirect packet, starts with 00 04 */ if (data[0] == 0 && data[1] == 4)