From 83d96a81f320cb8a047fd4ef059a6fe4016dbeec Mon Sep 17 00:00:00 2001 From: akallabeth Date: Sat, 13 Dec 2025 17:28:43 +0100 Subject: [PATCH] [crypto,certificate_data] add some hostname sanitation --- libfreerdp/crypto/certificate_data.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/libfreerdp/crypto/certificate_data.c b/libfreerdp/crypto/certificate_data.c index efacdeae6..55233e14d 100644 --- a/libfreerdp/crypto/certificate_data.c +++ b/libfreerdp/crypto/certificate_data.c @@ -33,6 +33,8 @@ #include #include "certificate.h" +#include +#define TAG FREERDP_TAG("crypto.certificate_data") struct rdp_certificate_data { @@ -95,8 +97,9 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data) WINPR_ASSERT(data); freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash, - sizeof(data->cached_hash)); - if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0) + sizeof(data->cached_hash) - 1); + const size_t len = strnlen(data->cached_hash, sizeof(data->cached_hash)); + if ((len == 0) || (len >= sizeof(data->cached_hash))) goto fail; data->cached_subject = freerdp_certificate_get_subject(data->cert); @@ -133,6 +136,11 @@ static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostn if (!hostname || !xcert) goto fail; + if (strnlen(hostname, MAX_PATH) >= MAX_PATH) + { + WLog_ERR(TAG, "hostname exceeds length limits"); + goto fail; + } certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData)); @@ -295,5 +303,5 @@ char* freerdp_certificate_data_hash(const char* hostname, UINT16 port) { char name[MAX_PATH + 10] = { 0 }; freerdp_certificate_data_hash_(hostname, port, name, sizeof(name)); - return _strdup(name); + return strndup(name, sizeof(name)); }