From a561e246e8cf7cc7413b4d7708d25c45a42ea656 Mon Sep 17 00:00:00 2001 From: caramorsimon Date: Fri, 16 May 2014 16:19:22 +0100 Subject: [PATCH 1/2] Test for CRLF (0x0D0A) termination on the routing token before trying to add it again --- libfreerdp/core/nego.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index 80e531ec4..fd16f6321 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -704,9 +704,19 @@ BOOL nego_send_negotiation_request(rdpNego* nego) if (nego->RoutingToken) { Stream_Write(s, nego->RoutingToken, nego->RoutingTokenLength); - Stream_Write_UINT8(s, 0x0D); /* CR */ - Stream_Write_UINT8(s, 0x0A); /* LF */ - length += nego->RoutingTokenLength + 2; + /* Ensure Routing Token is correctly terminated - may already be present in string */ + if (nego->RoutingToken[nego->RoutingTokenLength-2]==0x0D && nego->RoutingToken[nego->RoutingTokenLength-1]==0x0A) + { + DEBUG_NEGO("Routing token looks correctly terminated - use verbatim"); + length +=nego->RoutingTokenLength; + } + else + { + DEBUG_NEGO("Adding terminating CRLF to routing token"); + Stream_Write_UINT8(s, 0x0D); /* CR */ + Stream_Write_UINT8(s, 0x0A); /* LF */ + length += nego->RoutingTokenLength + 2; + } } else if (nego->cookie) { From 8e77192ed86eb25cc8ba7027abf7680c0c160cec Mon Sep 17 00:00:00 2001 From: caramorsimon Date: Sun, 18 May 2014 21:32:26 +0100 Subject: [PATCH 2/2] Test for RoutingTokenLength before checking against termination chars --- libfreerdp/core/nego.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index fd16f6321..ab2753a03 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -705,7 +705,7 @@ BOOL nego_send_negotiation_request(rdpNego* nego) { Stream_Write(s, nego->RoutingToken, nego->RoutingTokenLength); /* Ensure Routing Token is correctly terminated - may already be present in string */ - if (nego->RoutingToken[nego->RoutingTokenLength-2]==0x0D && nego->RoutingToken[nego->RoutingTokenLength-1]==0x0A) + if (nego->RoutingTokenLength>2 && (nego->RoutingToken[nego->RoutingTokenLength-2]==0x0D && nego->RoutingToken[nego->RoutingTokenLength-1]==0x0A)) { DEBUG_NEGO("Routing token looks correctly terminated - use verbatim"); length +=nego->RoutingTokenLength;