diff --git a/libfreerdp/common/assistance.c b/libfreerdp/common/assistance.c index c7ae2ba2d..508a80be6 100644 --- a/libfreerdp/common/assistance.c +++ b/libfreerdp/common/assistance.c @@ -361,6 +361,14 @@ static BOOL freerdp_assistance_parse_connection_string2(rdpAssistanceFile* file) goto out_fail; } + if (p > q) + { + WLog_ERR( + TAG, + "Failed to parse ASSISTANCE file: ConnectionString2 invalid field order for KH"); + goto out_fail; + } + length = q - p; free(file->RASpecificParams); file->RASpecificParams = (char*)malloc(length + 1); @@ -388,6 +396,12 @@ static BOOL freerdp_assistance_parse_connection_string2(rdpAssistanceFile* file) goto out_fail; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field " + "order for ID"); + return -1; + } length = q - p; free(file->RASessionId); file->RASessionId = (char*)malloc(length + 1); @@ -810,6 +824,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for USERNAME"); + return -1; + } + length = q - p; file->Username = (char*)malloc(length + 1); @@ -834,6 +855,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for LHTICKET"); + return -1; + } + length = q - p; file->LHTicket = (char*)malloc(length + 1); @@ -858,6 +886,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for RCTICKET"); + return -1; + } + length = q - p; file->RCTicket = (char*)malloc(length + 1); @@ -882,6 +917,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for RCTICKETENCRYPTED"); + return -1; + } + length = q - p; if ((length == 1) && (p[0] == '1')) @@ -902,6 +944,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for PassStub"); + return -1; + } + length = q - p; file->PassStub = (char*)malloc(length + 1); @@ -926,6 +975,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for DtStart"); + return -1; + } + length = q - p; r = (char*)malloc(length + 1); @@ -964,6 +1020,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for DtLength"); + return -1; + } + length = q - p; r = (char*)malloc(length + 1); @@ -1002,6 +1065,13 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field " + "order for L"); + return -1; + } + length = q - p; if ((length == 1) && (p[0] == '1')) @@ -1061,6 +1131,12 @@ int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* bu return -1; } + if (p > q) + { + WLog_ERR(TAG, "Failed to parse ASSISTANCE file: invalid field order for "); + return -1; + } + q += sizeof("") - 1; length = q - p; file->ConnectionString2 = (char*)malloc(length + 1);