mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed memory leak and return values in rdpgfx_recv_caps_advertise_pdu

Browse Source
This commit is contained in:
Armin Novak 2019-05-08 12:05:58 +02:00
parent 7b2608a938
commit 48a12ae131
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
channels/rdpgfx/server/rdpgfx_main.c
View File

@ -1193,7 +1193,10 @@ static UINT rdpgfx_recv_caps_advertise_pdu(RdpgfxServerContext* context,
UINT16 index; UINT16 index;
RDPGFX_CAPSET* capsSets; RDPGFX_CAPSET* capsSets;
RDPGFX_CAPS_ADVERTISE_PDU pdu; RDPGFX_CAPS_ADVERTISE_PDU pdu;
UINT error = CHANNEL_RC_OK; UINT error = ERROR_INVALID_DATA;
if (!context)
return ERROR_BAD_ARGUMENTS;
if (Stream_GetRemainingLength(s) < 2) if (Stream_GetRemainingLength(s) < 2)
{ {
@ -1214,10 +1217,7 @@ static UINT rdpgfx_recv_caps_advertise_pdu(RdpgfxServerContext* context,
RDPGFX_CAPSET* capsSet = &(pdu.capsSets[index]); RDPGFX_CAPSET* capsSet = &(pdu.capsSets[index]);
if (Stream_GetRemainingLength(s) < 8) if (Stream_GetRemainingLength(s) < 8)
{ goto fail;
WLog_ERR(TAG, "not enough data!");
return ERROR_INVALID_DATA;
}
Stream_Read_UINT32(s, capsSet->version); /* version (4 bytes) */ Stream_Read_UINT32(s, capsSet->version); /* version (4 bytes) */
Stream_Read_UINT32(s, capsSet->length); /* capsDataLength (4 bytes) */ Stream_Read_UINT32(s, capsSet->length); /* capsDataLength (4 bytes) */
@ -1225,23 +1225,22 @@ static UINT rdpgfx_recv_caps_advertise_pdu(RdpgfxServerContext* context,
if (capsSet->length >= 4) if (capsSet->length >= 4)
{ {
if (Stream_GetRemainingLength(s) < 4) if (Stream_GetRemainingLength(s) < 4)
return ERROR_INVALID_DATA; goto fail;
Stream_Peek_UINT32(s, capsSet->flags); /* capsData (4 bytes) */ Stream_Peek_UINT32(s, capsSet->flags); /* capsData (4 bytes) */
} }
if (!Stream_SafeSeek(s, capsSet->length)) if (!Stream_SafeSeek(s, capsSet->length))
return ERROR_INVALID_DATA; goto fail;
} }
if (context) error = ERROR_BAD_CONFIGURATION;
{ IFCALLRET(context->CapsAdvertise, error, context, &pdu);
IFCALLRET(context->CapsAdvertise, error, context, &pdu);
if (error) if (error)
WLog_ERR(TAG, "context->CapsAdvertise failed with error %"PRIu32"", error); WLog_ERR(TAG, "context->CapsAdvertise failed with error %"PRIu32"", error);
}
fail:
free(capsSets); free(capsSets);
return error; return error;
} }