mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed input sanitation in rdpgfx_recv_solid_fill_pdu 

The input rectangle must be checked for plausibility.

Thanks to Sunglin and HuanGMz of the Knownsec 404 security team and pangzi of pwnzen
This commit is contained in:
akallabeth 2020-07-03 10:26:38 +02:00 committed by Bernhard Miklautz
parent efdc99528f
commit 4039370064
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
channels/rdpgfx/rdpgfx_common.c
View File

@ -182,6 +182,10 @@ UINT rdpgfx_read_rect16(wStream* s, RECTANGLE_16* rect16)
Stream_Read_UINT16(s, rect16->top); /* top (2 bytes) */
Stream_Read_UINT16(s, rect16->right); /* right (2 bytes) */
Stream_Read_UINT16(s, rect16->bottom); /* bottom (2 bytes) */
if (rect16->left >= rect16->right)
return ERROR_INVALID_DATA;
if (rect16->top >= rect16->bottom)
return ERROR_INVALID_DATA;
return CHANNEL_RC_OK;
}