[multitransport] Ignore unknown data

If the reserved filed is not 0 the request PDU seems to contain
some extra data. Two bytes of 0 (probably a version field) followed by a
JSON payload (not null terminated, until the end of the packet. There
seems to be no dedicated length field)
This commit is contained in:
akarl10 2023-06-26 07:47:07 +02:00 committed by akallabeth
parent c278170a2a
commit 63c80423a9

View File

@ -63,13 +63,29 @@ state_run_t multitransport_recv_request(rdpMultitransport* multi, wStream* s)
UINT32 requestId; UINT32 requestId;
UINT16 requestedProto; UINT16 requestedProto;
UINT16 reserved;
const BYTE* cookie; const BYTE* cookie;
Stream_Read_UINT32(s, requestId); /* requestId (4 bytes) */ Stream_Read_UINT32(s, requestId); /* requestId (4 bytes) */
Stream_Read_UINT16(s, requestedProto); /* requestedProtocol (2 bytes) */ Stream_Read_UINT16(s, requestedProto); /* requestedProtocol (2 bytes) */
Stream_Seek(s, 2); /* reserved (2 bytes) */ Stream_Read_UINT16(s, reserved); /* reserved (2 bytes) */
cookie = Stream_ConstPointer(s); cookie = Stream_ConstPointer(s);
Stream_Seek(s, RDPUDP_COOKIE_LEN); /* securityCookie (16 bytes) */ Stream_Seek(s, RDPUDP_COOKIE_LEN); /* securityCookie (16 bytes) */
if (reserved != 0)
{
/*
* If the reserved filed is not 0 the request PDU seems to contain some extra data.
* If the reserved value is 1, then two bytes of 0 (probably a version field)
* are followed by a JSON payload (not null terminated, until the end of the packet.
* There seems to be no dedicated length field)
*
* for now just ignore all that
*/
WLog_WARN(TAG,
"reserved is %" PRIu16 " instead of 0, skipping %" PRIuz "bytes of unknown data",
reserved, Stream_GetRemainingLength(s));
Stream_SafeSeek(s, Stream_GetRemainingLength(s));
}
WINPR_ASSERT(multi->MtRequest); WINPR_ASSERT(multi->MtRequest);
return multi->MtRequest(multi, requestId, requestedProto, cookie); return multi->MtRequest(multi, requestId, requestedProto, cookie);