Fixed #6245: Added additional tests to assistance parser

libfreerdp/common/assistance.c

@@ -361,6 +361,14 @@ static BOOL freerdp_assistance_parse_connection_string2(rdpAssistanceFile* file)
 			goto out_fail;
 		}
 
+		if (p > q)
+		{
+			WLog_ERR(
+			    TAG,
+			    "Failed to parse ASSISTANCE file: ConnectionString2 invalid field order for KH");
+			goto out_fail;
+		}
+
 		length = q - p;
 		free(file->RASpecificParams);
 		file->RASpecificParams = (char*)malloc(length + 1);
@@ -388,6 +396,12 @@ static BOOL freerdp_assistance_parse_connection_string2(rdpAssistanceFile* file)
 			goto out_fail;
 		}
 
+		if (p > q)
+		{
+			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field "
+			              "order for ID");
+			return -1;
+		}
 		length = q - p;
 		free(file->RASessionId);
 		file->RASessionId = (char*)malloc(length + 1);
@@ -810,6 +824,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for USERNAME");
+				return -1;
+			}
+
 			length = q - p;
 			file->Username = (char*)malloc(length + 1);
 
@@ -834,6 +855,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for LHTICKET");
+				return -1;
+			}
+
 			length = q - p;
 			file->LHTicket = (char*)malloc(length + 1);
 
@@ -858,6 +886,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for RCTICKET");
+				return -1;
+			}
+
 			length = q - p;
 			file->RCTicket = (char*)malloc(length + 1);
 
@@ -882,6 +917,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for RCTICKETENCRYPTED");
+				return -1;
+			}
+
 			length = q - p;
 
 			if ((length == 1) && (p[0] == '1'))
@@ -902,6 +944,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for PassStub");
+				return -1;
+			}
+
 			length = q - p;
 			file->PassStub = (char*)malloc(length + 1);
 
@@ -926,6 +975,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for DtStart");
+				return -1;
+			}
+
 			length = q - p;
 			r = (char*)malloc(length + 1);
 
@@ -964,6 +1020,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for DtLength");
+				return -1;
+			}
+
 			length = q - p;
 			r = (char*)malloc(length + 1);
 
@@ -1002,6 +1065,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 				return -1;
 			}
 
+			if (p > q)
+			{
+				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field "
+				              "order for L");
+				return -1;
+			}
+
 			length = q - p;
 
 			if ((length == 1) && (p[0] == '1'))
@@ -1061,6 +1131,12 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu
 			return -1;
 		}
 
+		if (p > q)
+		{
+			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field order for <E>");
+			return -1;
+		}
+
 		q += sizeof("</E>") - 1;
 		length = q - p;
 		file->ConnectionString2 = (char*)malloc(length + 1);