Fixed NULL checks for strnlen calls, limit static channel name length.

As reported by @metametaclass in #5687 check the strings for NULL before using strnlen. Also extend the same checks to static channel loading.
2019-11-07 07:41:48 +01:00 · 2019-11-07 07:41:48 +01:00 · 153639624b
parent 72ca88f49c
commit 153639624b
2 changed files with 24 additions and 15 deletions
--- a/channels/client/addin.c
+++ b/channels/client/addin.c
@ -332,14 +332,13 @@ extern const STATIC_ENTRY CLIENT_VirtualChannelEntryEx_TABLE[];

 BOOL freerdp_channels_is_virtual_channel_entry_ex(LPCSTR pszName)
 {
-	int i;
-	STATIC_ENTRY* entry;
+	size_t i;

 	for (i = 0; CLIENT_VirtualChannelEntryEx_TABLE[i].name != NULL; i++)
 	{
-		entry = (STATIC_ENTRY*)&CLIENT_VirtualChannelEntryEx_TABLE[i];
+		const STATIC_ENTRY* entry = &CLIENT_VirtualChannelEntryEx_TABLE[i];

-		if (!strcmp(entry->name, pszName))
+		if (!strncmp(entry->name, pszName, MAX_PATH))
 			return TRUE;
 	}

@ -350,24 +349,27 @@ PVIRTUALCHANNELENTRY freerdp_channels_load_static_addin_entry(LPCSTR pszName, LP
                                                              LPCSTR pszType, DWORD dwFlags)
 {
 	const STATIC_ADDIN_TABLE* table = CLIENT_STATIC_ADDIN_TABLE;
+	if (!pszName)
+		return NULL;
+
 	for (; table->name != NULL; table++)
 	{
-		if (strcmp(table->name, pszName) == 0)
+		if (strncmp(table->name, pszName, MAX_PATH) == 0)
 		{
 			if (pszSubsystem != NULL)
 			{
-				const STATIC_SUBSYSTEM_ENTRY* subsystems =
-				    (const STATIC_SUBSYSTEM_ENTRY*)table->table;
+				const STATIC_SUBSYSTEM_ENTRY* subsystems = table->table;

 				for (; subsystems->name != NULL; subsystems++)
 				{
 					/* If the pszSubsystem is an empty string use the default backend. */
-					if ((strlen(pszSubsystem) == 0) ||
-					    (strcmp(subsystems->name, pszSubsystem) == 0))
+					if ((strnlen(pszSubsystem, 1) ==
+					     0) || /* we only want to know if strnlen is > 0 */
+					    (strncmp(subsystems->name, pszSubsystem, MAX_PATH) == 0))
 					{
 						if (pszType)
 						{
-							if (strcmp(subsystems->type, pszType) == 0)
+							if (strncmp(subsystems->type, pszType, MAX_PATH) == 0)
 								return (PVIRTUALCHANNELENTRY)subsystems->entry;
 						}
 						else
--- a/libfreerdp/common/addin.c
+++ b/libfreerdp/common/addin.c
@ -241,12 +241,19 @@ PVIRTUALCHANNELENTRY freerdp_load_dynamic_channel_addin_entry(LPCSTR pszName, LP
 	const size_t cchBaseFileName = sizeof(FREERDP_SHARED_LIBRARY_PREFIX) + 32;
 	LPCSTR pszExtension;
 	LPCSTR pszPrefix = FREERDP_SHARED_LIBRARY_PREFIX;
-	const size_t nameLen = strnlen(pszName, MAX_PATH);
-	const size_t subsystemLen = strnlen(pszSubsystem, MAX_PATH);
-	const size_t typeLen = strlen(pszType);
-	size_t extensionLen;
+	size_t nameLen = 0;
+	size_t subsystemLen = 0;
+	size_t typeLen = 0;
+	size_t extensionLen = 0;
 	pszExtension = PathGetSharedLibraryExtensionA(0);
-	extensionLen = strnlen(pszExtension, MAX_PATH);
+	if (pszName)
+		nameLen = strnlen(pszName, MAX_PATH);
+	if (pszSubsystem)
+		subsystemLen = strnlen(pszSubsystem, MAX_PATH);
+	if (pszType)
+		typeLen = strnlen(pszType, MAX_PATH);
+	if (pszExtension)
+		extensionLen = strnlen(pszExtension, MAX_PATH);

 	if (pszName && pszSubsystem && pszType)
 	{