mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Better packet length checking.

Browse Source
This commit is contained in:
Pawel Jakub Dawidek 2012-02-06 22:31:41 +01:00
parent b6ec892f27
commit 4a950cedd7
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libfreerdp-core/rdp.c
View File

@ -93,13 +93,14 @@ boolean rdp_read_share_control_header(STREAM* s, uint16* length, uint16* type, u
{
/* Share Control Header */
stream_read_uint16(s, *length); /* totalLength */
if (*length - 2 > stream_get_left(s))
return false;
stream_read_uint16(s, *type); /* pduType */
stream_read_uint16(s, *channel_id); /* pduSource */
*type &= 0x0F; /* type is in the 4 least significant bits */
if (*length - 6 > stream_get_left(s))
return false;
return true;
}
@ -229,6 +230,9 @@ boolean rdp_read_header(rdpRdp* rdp, STREAM* s, uint16* length, uint16* channel_
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication;
mcs_read_domain_mcspdu_header(s, &MCSPDU, length);
if (*length - 8 > stream_get_left(s))
return false;
per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
per_read_integer16(s, channel_id, 0); /* channelId */
stream_seek(s, 1); /* dataPriority + Segmentation (0x70) */