From 7ae1f07aa8c0ccf130fe2df9c5103770c5c42574 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Wed, 18 Sep 2024 21:15:45 +0200
Subject: [PATCH] [locale,keyboard] fix missing input validation

---
 libfreerdp/locale/keyboard.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/libfreerdp/locale/keyboard.c b/libfreerdp/locale/keyboard.c
index 86b73d6c2..6eebd6554 100644
--- a/libfreerdp/locale/keyboard.c
+++ b/libfreerdp/locale/keyboard.c
@@ -373,7 +373,21 @@ DWORD freerdp_keyboard_init_ex(DWORD keyboardLayoutId, const char* keyboardRemap
 
 DWORD freerdp_keyboard_get_rdp_scancode_from_x11_keycode(DWORD keycode)
 {
+	if (keycode > ARRAYSIZE(X11_KEYCODE_TO_VIRTUAL_SCANCODE))
+	{
+		WLog_ERR(TAG, "KeyCode %" PRIu32 " exceeds allowed value range [0,%" PRIuz "]", keycode,
+		         ARRAYSIZE(X11_KEYCODE_TO_VIRTUAL_SCANCODE));
+		return 0;
+	}
+
 	const DWORD scancode = X11_KEYCODE_TO_VIRTUAL_SCANCODE[keycode];
+	if (scancode > ARRAYSIZE(REMAPPING_TABLE))
+	{
+		WLog_ERR(TAG, "ScanCode %" PRIu32 " exceeds allowed value range [0,%" PRIuz "]", scancode,
+		         ARRAYSIZE(REMAPPING_TABLE));
+		return 0;
+	}
+
 	const DWORD remapped = REMAPPING_TABLE[scancode];
 #if defined(WITH_DEBUG_KBD)
 	const BOOL ex = RDP_SCANCODE_EXTENDED(scancode);
@@ -400,6 +414,13 @@ DWORD freerdp_keyboard_get_rdp_scancode_from_x11_keycode(DWORD keycode)
 
 DWORD freerdp_keyboard_get_x11_keycode_from_rdp_scancode(DWORD scancode, BOOL extended)
 {
+	if (scancode > ARRAYSIZE(VIRTUAL_SCANCODE_TO_X11_KEYCODE))
+	{
+		WLog_ERR(TAG, "ScanCode %" PRIu32 " exceeds allowed value range [0,%" PRIuz "]", scancode,
+		         ARRAYSIZE(VIRTUAL_SCANCODE_TO_X11_KEYCODE));
+		return 0;
+	}
+
 	const DWORD* x11 = VIRTUAL_SCANCODE_TO_X11_KEYCODE[scancode];
 	WINPR_ASSERT(x11);