[multitransport] Ignore unknown data
If the reserved filed is not 0 the request PDU seems to contain some extra data. Two bytes of 0 (probably a version field) followed by a JSON payload (not null terminated, until the end of the packet. There seems to be no dedicated length field)
This commit is contained in:
parent
c278170a2a
commit
63c80423a9
@ -63,13 +63,29 @@ state_run_t multitransport_recv_request(rdpMultitransport* multi, wStream* s)
|
|||||||
|
|
||||||
UINT32 requestId;
|
UINT32 requestId;
|
||||||
UINT16 requestedProto;
|
UINT16 requestedProto;
|
||||||
|
UINT16 reserved;
|
||||||
const BYTE* cookie;
|
const BYTE* cookie;
|
||||||
|
|
||||||
Stream_Read_UINT32(s, requestId); /* requestId (4 bytes) */
|
Stream_Read_UINT32(s, requestId); /* requestId (4 bytes) */
|
||||||
Stream_Read_UINT16(s, requestedProto); /* requestedProtocol (2 bytes) */
|
Stream_Read_UINT16(s, requestedProto); /* requestedProtocol (2 bytes) */
|
||||||
Stream_Seek(s, 2); /* reserved (2 bytes) */
|
Stream_Read_UINT16(s, reserved); /* reserved (2 bytes) */
|
||||||
cookie = Stream_ConstPointer(s);
|
cookie = Stream_ConstPointer(s);
|
||||||
Stream_Seek(s, RDPUDP_COOKIE_LEN); /* securityCookie (16 bytes) */
|
Stream_Seek(s, RDPUDP_COOKIE_LEN); /* securityCookie (16 bytes) */
|
||||||
|
if (reserved != 0)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* If the reserved filed is not 0 the request PDU seems to contain some extra data.
|
||||||
|
* If the reserved value is 1, then two bytes of 0 (probably a version field)
|
||||||
|
* are followed by a JSON payload (not null terminated, until the end of the packet.
|
||||||
|
* There seems to be no dedicated length field)
|
||||||
|
*
|
||||||
|
* for now just ignore all that
|
||||||
|
*/
|
||||||
|
WLog_WARN(TAG,
|
||||||
|
"reserved is %" PRIu16 " instead of 0, skipping %" PRIuz "bytes of unknown data",
|
||||||
|
reserved, Stream_GetRemainingLength(s));
|
||||||
|
Stream_SafeSeek(s, Stream_GetRemainingLength(s));
|
||||||
|
}
|
||||||
|
|
||||||
WINPR_ASSERT(multi->MtRequest);
|
WINPR_ASSERT(multi->MtRequest);
|
||||||
return multi->MtRequest(multi, requestId, requestedProto, cookie);
|
return multi->MtRequest(multi, requestId, requestedProto, cookie);
|
||||||
|
Loading…
Reference in New Issue
Block a user