Headline
CVE-2020-13397: Fixed GHSL-2020-101 missing NULL check · FreeRDP/FreeRDP@d6cd140
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
3 comments on commit d6cd140
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@akallabeth are all uninitialized pointers guaranteed to always be set to NULL? I noted that the CVE page states that this patch is re an uninitialized pointer issue, but if the uninitialized pointer is not specifically set to NULL, it will still pass this check.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tcullum-rh the rdp struct is initialized with calloc so yes.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@akallabeth awesome, thanks and thank you for all your hard work on this project!
Please sign in to comment.