mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Harden capability parsing

Browse Source 
Don't check only the number of capabilities but also the remaining size in the stream
This commit is contained in:
Hardening 2013-12-13 15:08:43 +01:00
parent 0ed993635f
commit 8767931431
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libfreerdp/core/capabilities.c
View File

@ -3156,7 +3156,7 @@ BOOL rdp_read_capability_sets(wStream* s, rdpSettings* settings, UINT16 numberCa
Stream_GetPointer(s, mark);
count = numberCapabilities;
while (numberCapabilities > 0)
while (numberCapabilities > 0 && Stream_GetRemainingLength(s) >= 4)
{
Stream_GetPointer(s, bm);
@ -3340,6 +3340,11 @@ BOOL rdp_read_capability_sets(wStream* s, rdpSettings* settings, UINT16 numberCa
rdp_print_capability_sets(s, numberCapabilities, TRUE);
Stream_SetPointer(s, em);
#endif
if (numberCapabilities)
{
fprintf(stderr, "%s: strange we haven't read the number of announced capacity sets, read=%d expected=%d\n",
__FUNCTION__, count-numberCapabilities, count);
}
return TRUE;
}