libfreerdp-core: improved TSG fragmentation handling

2012-10-30 14:49:18 -04:00 · 2012-10-30 14:49:18 -04:00 · 363460c8d1
parent fa1dc6d9e1
commit 363460c8d1
2 changed files with 40 additions and 18 deletions
--- a/libfreerdp/core/rpc.c
+++ b/libfreerdp/core/rpc.c
@ -803,15 +803,24 @@ int rpc_out_read(rdpRpc* rpc, BYTE* data, int length)
 int rpc_recv_pdu(rdpRpc* rpc)
 {
 	int status;
+	int bytesRead = 0;
 	RPC_PDU_HEADER* header;

 	/* read first 20 bytes to get RPC PDU Header */
-	status = tls_read(rpc->tls_out, rpc->buffer, 20);

-	if (status <= 0)
+	ZeroMemory(rpc->buffer, 20);
+
+	while (bytesRead < 20)
 	{
-		printf("rpc_recv_pdu: error reading header\n");
-		return status;
+		status = tls_read(rpc->tls_out, &rpc->buffer[bytesRead], 20 - bytesRead);
+
+		if (status < 0)
+		{
+			printf("rpc_recv_pdu: error reading header\n");
+			return status;
+		}
+
+		bytesRead += status;
 	}

 	header = (RPC_PDU_HEADER*) rpc->buffer;
@ -821,14 +830,20 @@ int rpc_recv_pdu(rdpRpc* rpc)
 	{
 		rpc->length = header->frag_length;
 		rpc->buffer = (BYTE*) realloc(rpc->buffer, rpc->length);
+		header = (RPC_PDU_HEADER*) rpc->buffer;
 	}

-	status = tls_read(rpc->tls_out, &rpc->buffer[20], header->frag_length - 20);
-
-	if (status < 0)
+	while (bytesRead < header->frag_length)
 	{
-		printf("rpc_recv_pdu: error reading fragment\n");
-		return status;
+		status = tls_read(rpc->tls_out, &rpc->buffer[bytesRead], header->frag_length - bytesRead);
+
+		if (status < 0)
+		{
+			printf("rpc_recv_pdu: error reading fragment\n");
+			return status;
+		}
+
+		bytesRead += status;
 	}

 	if (header->ptype == PTYPE_RTS) /* RTS PDU */
@ -845,7 +860,7 @@ int rpc_recv_pdu(rdpRpc* rpc)

 #ifdef WITH_DEBUG_RPC
 	printf("rpc_recv_pdu: length: %d\n", header->frag_length);
-	freerdp_hexdump(rpc->buffer, rpc->length);
+	freerdp_hexdump(rpc->buffer, header->frag_length);
 	printf("\n");
 #endif

--- a/libfreerdp/core/tsg.c
+++ b/libfreerdp/core/tsg.c
@ -728,6 +728,7 @@ BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port)
 int tsg_read(rdpTsg* tsg, BYTE* data, UINT32 length)
 {
 	int status;
+	int copyLength;
 	RPC_PDU_HEADER* header;
 	rdpRpc* rpc = tsg->rpc;

@ -737,12 +738,16 @@ int tsg_read(rdpTsg* tsg, BYTE* data, UINT32 length)
 	{
 		header = (RPC_PDU_HEADER*) rpc->buffer;

-		CopyMemory(data, &rpc->buffer[tsg->bytesRead], length);
-		tsg->bytesAvailable -= length;
-		tsg->bytesRead += length;
+		copyLength = (tsg->bytesAvailable > length) ? length : tsg->bytesAvailable;
+
+		CopyMemory(data, &rpc->buffer[tsg->bytesRead], copyLength);
+		tsg->bytesAvailable -= copyLength;
+		tsg->bytesRead += copyLength;

 		if (tsg->bytesAvailable < 1)
 			tsg->pendingPdu = FALSE;
+
+		return copyLength;
 	}
 	else
 	{
@ -753,12 +758,14 @@ int tsg_read(rdpTsg* tsg, BYTE* data, UINT32 length)
 		tsg->bytesAvailable = header->frag_length;
 		tsg->bytesRead = 0;

-		CopyMemory(data, &rpc->buffer[tsg->bytesRead], length);
-		tsg->bytesAvailable -= length;
-		tsg->bytesRead += length;
-	}
+		copyLength = (tsg->bytesAvailable > length) ? length : tsg->bytesAvailable;

-	return length;
+		CopyMemory(data, &rpc->buffer[tsg->bytesRead], copyLength);
+		tsg->bytesAvailable -= copyLength;
+		tsg->bytesRead += copyLength;
+
+		return copyLength;
+	}
 }

 int tsg_write(rdpTsg* tsg, BYTE* data, UINT32 length)