From 837491ba24dca4e68c1c7eece9f40050af6745c3 Mon Sep 17 00:00:00 2001 From: David Fort Date: Tue, 21 Feb 2017 11:02:12 +0100 Subject: [PATCH 1/2] Limit the number of client announced monitors The specs says that only 16 are allowed, so let's make that limitation a reality. --- libfreerdp/core/gcc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c index 51d1de1ad..f55b8746d 100644 --- a/libfreerdp/core/gcc.c +++ b/libfreerdp/core/gcc.c @@ -1705,6 +1705,12 @@ BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs, UINT16 blockLength) Stream_Read_UINT32(s, flags); /* flags */ Stream_Read_UINT32(s, monitorCount); /* monitorCount */ + if (monitorCount > 16) + { + WLog_ERR(TAG, "announced monitors(%"PRIu32") exceed the 16 limit", monitorCount); + return FALSE; + } + if (monitorCount > settings->MonitorDefArraySize) { WLog_ERR(TAG, "too many announced monitors(%"PRIu32"), clamping to %"PRIu32"", monitorCount, From 59dafc25732638dc794a4b924f00c8f22d07cf11 Mon Sep 17 00:00:00 2001 From: David Fort Date: Tue, 21 Feb 2017 15:03:00 +0100 Subject: [PATCH 2/2] Added the spec reference for the 16 monitors limit --- libfreerdp/core/gcc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c index f55b8746d..6eefc82c4 100644 --- a/libfreerdp/core/gcc.c +++ b/libfreerdp/core/gcc.c @@ -1705,6 +1705,10 @@ BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs, UINT16 blockLength) Stream_Read_UINT32(s, flags); /* flags */ Stream_Read_UINT32(s, monitorCount); /* monitorCount */ + /* 2.2.1.3.6 Client Monitor Data - + * monitorCount (4 bytes): A 32-bit, unsigned integer. The number of display + * monitor definitions in the monitorDefArray field (the maximum allowed is 16). + */ if (monitorCount > 16) { WLog_ERR(TAG, "announced monitors(%"PRIu32") exceed the 16 limit", monitorCount);