[core,info] ensure stream length

ensure the stream is large enough for all info packets
This commit is contained in:
Armin Novak 2022-12-14 10:43:07 +01:00 committed by Pascal Nowack
parent 8af5f15769
commit 87ae9dec0d
2 changed files with 62 additions and 13 deletions

View File

@ -253,13 +253,23 @@ static BOOL rdp_read_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
* msdn{cc240541}
*/
static void rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
static BOOL rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
{
BYTE* p;
ARC_CS_PRIVATE_PACKET* autoReconnectCookie;
rdpSettings* settings = rdp->settings;
rdpSettings* settings;
WINPR_ASSERT(rdp);
settings = rdp->settings;
WINPR_ASSERT(settings);
autoReconnectCookie = settings->ClientAutoReconnectCookie;
WINPR_ASSERT(autoReconnectCookie);
p = autoReconnectCookie->securityVerifier;
WINPR_ASSERT(p);
WLog_DBG(TAG,
"ClientAutoReconnectCookie: Version: %" PRIu32 " LogonId: %" PRIu32 " ArcRandomBits: "
"%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8 "%02" PRIX8
@ -268,10 +278,13 @@ static void rdp_write_client_auto_reconnect_cookie(rdpRdp* rdp, wStream* s)
"%02" PRIX8 "",
autoReconnectCookie->version, autoReconnectCookie->logonId, p[0], p[1], p[2], p[3],
p[4], p[5], p[6], p[7], p[8], p[9], p[10], p[11], p[12], p[13], p[14], p[15]);
if (!Stream_EnsureRemainingCapacity(s, 12ull + 16ull))
return FALSE;
Stream_Write_UINT32(s, autoReconnectCookie->cbLen); /* cbLen (4 bytes) */
Stream_Write_UINT32(s, autoReconnectCookie->version); /* version (4 bytes) */
Stream_Write_UINT32(s, autoReconnectCookie->logonId); /* LogonId (4 bytes) */
Stream_Write(s, autoReconnectCookie->securityVerifier, 16); /* SecurityVerifier (16 bytes) */
return TRUE;
}
/*
@ -502,6 +515,9 @@ static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
goto fail;
cbAutoReconnectCookie = (UINT16)settings->ServerAutoReconnectCookie->cbLen;
if (!Stream_EnsureRemainingCapacity(s, 4ull + cbClientAddress + 2ull + cbClientDir))
goto fail;
Stream_Write_UINT16(s, clientAddressFamily); /* clientAddressFamily (2 bytes) */
Stream_Write_UINT16(s, cbClientAddress); /* cbClientAddress (2 bytes) */
@ -514,6 +530,9 @@ static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
if (!rdp_write_client_time_zone(s, settings)) /* clientTimeZone (172 bytes) */
goto fail;
if (!Stream_EnsureRemainingCapacity(s, 10ull))
goto fail;
Stream_Write_UINT32(
s, settings->ClientSessionId); /* clientSessionId (4 bytes), should be set to 0 */
freerdp_performance_flags_make(settings);
@ -524,7 +543,11 @@ static BOOL rdp_write_extended_info_packet(rdpRdp* rdp, wStream* s)
{
if (!rdp_compute_client_auto_reconnect_cookie(rdp))
goto fail;
rdp_write_client_auto_reconnect_cookie(rdp, s); /* autoReconnectCookie */
if (!rdp_write_client_auto_reconnect_cookie(rdp, s)) /* autoReconnectCookie */
goto fail;
if (!Stream_EnsureRemainingCapacity(s, 4ull))
goto fail;
Stream_Write_UINT16(s, 0); /* reserved1 (2 bytes) */
Stream_Write_UINT16(s, 0); /* reserved2 (2 bytes) */
}

View File

@ -20,6 +20,7 @@
#include <freerdp/config.h>
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/timezone.h>
#include "timezone.h"
@ -27,8 +28,8 @@
#include <freerdp/log.h>
#define TAG FREERDP_TAG("core.timezone")
static void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time);
static void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time);
static BOOL rdp_read_system_time(wStream* s, SYSTEMTIME* system_time);
static BOOL rdp_write_system_time(wStream* s, const SYSTEMTIME* system_time);
/**
* Read SYSTEM_TIME structure (TS_SYSTEMTIME).
@ -37,8 +38,13 @@ static void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time);
* @param system_time system time structure
*/
void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
BOOL rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
{
WINPR_ASSERT(system_time);
if (!Stream_CheckAndLogRequiredLength(TAG, s, 16ull))
return FALSE;
Stream_Read_UINT16(s, system_time->wYear); /* wYear, must be set to 0 */
Stream_Read_UINT16(s, system_time->wMonth); /* wMonth */
Stream_Read_UINT16(s, system_time->wDayOfWeek); /* wDayOfWeek */
@ -47,6 +53,7 @@ void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
Stream_Read_UINT16(s, system_time->wMinute); /* wMinute */
Stream_Read_UINT16(s, system_time->wSecond); /* wSecond */
Stream_Read_UINT16(s, system_time->wMilliseconds); /* wMilliseconds */
return TRUE;
}
/**
@ -56,8 +63,12 @@ void rdp_read_system_time(wStream* s, SYSTEMTIME* system_time)
* @param system_time system time structure
*/
void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time)
BOOL rdp_write_system_time(wStream* s, const SYSTEMTIME* system_time)
{
WINPR_ASSERT(system_time);
if (!Stream_EnsureRemainingCapacity(s, 16ull))
return FALSE;
Stream_Write_UINT16(s, system_time->wYear); /* wYear, must be set to 0 */
Stream_Write_UINT16(s, system_time->wMonth); /* wMonth */
Stream_Write_UINT16(s, system_time->wDayOfWeek); /* wDayOfWeek */
@ -71,6 +82,7 @@ void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time)
system_time->wYear, system_time->wMonth, system_time->wDayOfWeek,
system_time->wDay, system_time->wHour, system_time->wMinute,
system_time->wSecond, system_time->wMilliseconds);
return TRUE;
}
/**
@ -84,7 +96,7 @@ void rdp_write_system_time(wStream* s, SYSTEMTIME* system_time)
BOOL rdp_read_client_time_zone(wStream* s, rdpSettings* settings)
{
LPTIME_ZONE_INFORMATION tz;
LPTIME_ZONE_INFORMATION tz = { 0 };
if (!s || !settings)
return FALSE;
@ -100,11 +112,13 @@ BOOL rdp_read_client_time_zone(wStream* s, rdpSettings* settings)
Stream_Read_UINT32(s, tz->Bias); /* Bias */
/* standardName (64 bytes) */
Stream_Read(s, tz->StandardName, sizeof(tz->StandardName));
rdp_read_system_time(s, &tz->StandardDate); /* StandardDate */
if (!rdp_read_system_time(s, &tz->StandardDate)) /* StandardDate */
return FALSE;
Stream_Read_UINT32(s, tz->StandardBias); /* StandardBias */
/* daylightName (64 bytes) */
Stream_Read(s, tz->DaylightName, sizeof(tz->DaylightName));
rdp_read_system_time(s, &tz->DaylightDate); /* DaylightDate */
if (!rdp_read_system_time(s, &tz->DaylightDate)) /* DaylightDate */
return FALSE;
Stream_Read_UINT32(s, tz->DaylightBias); /* DaylightBias */
return TRUE;
}
@ -120,19 +134,26 @@ BOOL rdp_read_client_time_zone(wStream* s, rdpSettings* settings)
BOOL rdp_write_client_time_zone(wStream* s, rdpSettings* settings)
{
LPTIME_ZONE_INFORMATION tz;
LPTIME_ZONE_INFORMATION tz = { 0 };
WINPR_ASSERT(settings);
tz = settings->ClientTimeZone;
if (!tz)
return FALSE;
GetTimeZoneInformation(tz);
if (!Stream_EnsureRemainingCapacity(s, 4ull + sizeof(tz->StandardName)))
return FALSE;
/* Bias */
Stream_Write_UINT32(s, tz->Bias);
/* standardName (64 bytes) */
Stream_Write(s, tz->StandardName, sizeof(tz->StandardName));
/* StandardDate */
rdp_write_system_time(s, &tz->StandardDate);
if (!rdp_write_system_time(s, &tz->StandardDate))
return FALSE;
#ifdef WITH_DEBUG_TIMEZONE
WLog_DBG(TIMEZONE_TAG, "bias=%" PRId32 "", tz->Bias);
WLog_DBG(TIMEZONE_TAG, "StandardName:");
@ -144,14 +165,19 @@ BOOL rdp_write_client_time_zone(wStream* s, rdpSettings* settings)
#endif
/* Note that StandardBias is ignored if no valid standardDate is provided. */
/* StandardBias */
if (!Stream_EnsureRemainingCapacity(s, 4ull + sizeof(tz->DaylightName)))
return FALSE;
Stream_Write_UINT32(s, tz->StandardBias);
DEBUG_TIMEZONE("StandardBias=%" PRId32 "", tz->StandardBias);
/* daylightName (64 bytes) */
Stream_Write(s, tz->DaylightName, sizeof(tz->DaylightName));
/* DaylightDate */
rdp_write_system_time(s, &tz->DaylightDate);
if (!rdp_write_system_time(s, &tz->DaylightDate))
return FALSE;
/* Note that DaylightBias is ignored if no valid daylightDate is provided. */
/* DaylightBias */
if (!Stream_EnsureRemainingCapacity(s, 4ull))
return FALSE;
Stream_Write_UINT32(s, tz->DaylightBias);
DEBUG_TIMEZONE("DaylightBias=%" PRId32 "", tz->DaylightBias);
return TRUE;