Module: wine Branch: master Commit: 8f39fb146a0e6540b219af8b70589dacaed616d6 URL: http://source.winehq.org/git/wine.git/?a=commit;h=8f39fb146a0e6540b219af8b70... Author: Henri Verbeet <hverbeet(a)codeweavers.com> Date: Tue Jun 26 15:32:07 2012 +0200 secur32: We can't read more than expected_size - 5 in schan_DecryptMessage(). --- dlls/secur32/schannel.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c index 2339b73..f703ab7 100644 --- a/dlls/secur32/schannel.c +++ b/dlls/secur32/schannel.c @@ -1067,7 +1067,7 @@ static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle return SEC_E_INCOMPLETE_MESSAGE; } - data_size = buffer->cbBuffer; + data_size = expected_size - 5; data = HeapAlloc(GetProcessHeap(), 0, data_size); transport.ctx = ctx;