mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3795 from hardening/monitor_limit

Browse Source 
Limit the number of client announced monitors
This commit is contained in:
Norbert Federa 2017-02-21 17:35:57 +01:00 committed by GitHub
commit 43a4903e3d
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libfreerdp/core/gcc.c
View File

@ -1705,6 +1705,16 @@ BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs, UINT16 blockLength)
Stream_Read_UINT32(s, flags); /* flags */ Stream_Read_UINT32(s, flags); /* flags */
Stream_Read_UINT32(s, monitorCount); /* monitorCount */ Stream_Read_UINT32(s, monitorCount); /* monitorCount */
/* 2.2.1.3.6 Client Monitor Data -
* monitorCount (4 bytes): A 32-bit, unsigned integer. The number of display
* monitor definitions in the monitorDefArray field (the maximum allowed is 16).
*/
if (monitorCount > 16)
{
WLog_ERR(TAG, "announced monitors(%"PRIu32") exceed the 16 limit", monitorCount);
return FALSE;
}
if (monitorCount > settings->MonitorDefArraySize) if (monitorCount > settings->MonitorDefArraySize)
{ {
WLog_ERR(TAG, "too many announced monitors(%"PRIu32"), clamping to %"PRIu32"", monitorCount, WLog_ERR(TAG, "too many announced monitors(%"PRIu32"), clamping to %"PRIu32"", monitorCount,