Merge pull request #3795 from hardening/monitor_limit

Limit the number of client announced monitors
2017-02-21 17:35:57 +01:00 · 2017-02-21 17:35:57 +01:00 · 43a4903e3d
commit 43a4903e3d
parent 9fc9188770 59dafc2573
1 changed files with 10 additions and 0 deletions
--- a/libfreerdp/core/gcc.c
+++ b/libfreerdp/core/gcc.c
@ -1705,6 +1705,16 @@ BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs, UINT16 blockLength)
 	Stream_Read_UINT32(s, flags); /* flags */
 	Stream_Read_UINT32(s, monitorCount); /* monitorCount */

+	/* 2.2.1.3.6 Client Monitor Data -
+	 * monitorCount (4 bytes): A 32-bit, unsigned integer. The number of display
+	 * monitor definitions in the monitorDefArray field (the maximum allowed is 16).
+	 */
+	if (monitorCount > 16)
+	{
+		WLog_ERR(TAG, "announced monitors(%"PRIu32") exceed the 16 limit", monitorCount);
+		return FALSE;
+	}
+
 	if (monitorCount > settings->MonitorDefArraySize)
 	{
 		WLog_ERR(TAG, "too many announced monitors(%"PRIu32"), clamping to %"PRIu32"", monitorCount,