Fixed input sanitation in rdpgfx_recv_solid_fill_pdu
The input rectangle must be checked for plausibility. Thanks to Sunglin and HuanGMz of the Knownsec 404 security team and pangzi of pwnzen
This commit is contained in:
parent
efdc99528f
commit
4039370064
@ -182,6 +182,10 @@ UINT rdpgfx_read_rect16(wStream* s, RECTANGLE_16* rect16)
|
||||
Stream_Read_UINT16(s, rect16->top); /* top (2 bytes) */
|
||||
Stream_Read_UINT16(s, rect16->right); /* right (2 bytes) */
|
||||
Stream_Read_UINT16(s, rect16->bottom); /* bottom (2 bytes) */
|
||||
if (rect16->left >= rect16->right)
|
||||
return ERROR_INVALID_DATA;
|
||||
if (rect16->top >= rect16->bottom)
|
||||
return ERROR_INVALID_DATA;
|
||||
return CHANNEL_RC_OK;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user