From 93f0dad21b81a562f9a66e99c25ae975fb6876a8 Mon Sep 17 00:00:00 2001 From: Mads Kiilerich Date: Mon, 20 Feb 2012 21:03:31 +0100 Subject: [PATCH] libfreerdp-core: don't add sec_bytes in fastpath_send_input_pdu fastpath_input_pdu_init already reserved space for fastpath_get_sec_bytes() which thus already was included in stream_get_length() in fastpath_send_input_pdu(). Adding sec_bytes again just added extra invalid (but correctly hashed/encrypted) bytes to the PDU. --- libfreerdp-core/fastpath.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/libfreerdp-core/fastpath.c b/libfreerdp-core/fastpath.c index 866fea6af..0d68f1891 100644 --- a/libfreerdp-core/fastpath.c +++ b/libfreerdp-core/fastpath.c @@ -553,23 +553,25 @@ boolean fastpath_send_input_pdu(rdpFastPath* fastpath, STREAM* s) * because we can leave room for fixed-length header, store all * the data first and then store the header. */ - stream_write_uint16_be(s, 0x8000 | (length + sec_bytes)); + stream_write_uint16_be(s, 0x8000 | length); if (sec_bytes > 0) { - uint8* ptr; + uint8* fpInputEvents; + uint16 fpInputEvents_length; - ptr = stream_get_tail(s) + sec_bytes; + fpInputEvents = stream_get_tail(s) + sec_bytes; + fpInputEvents_length = length - 3 - sec_bytes; if (rdp->sec_flags & SEC_SECURE_CHECKSUM) - security_salted_mac_signature(rdp, ptr, length - 3, true, stream_get_tail(s)); + security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, true, stream_get_tail(s)); else - security_mac_signature(rdp, ptr, length - 3, stream_get_tail(s)); - security_encrypt(ptr, length - 3, rdp); + security_mac_signature(rdp, fpInputEvents, fpInputEvents_length, stream_get_tail(s)); + security_encrypt(fpInputEvents, fpInputEvents_length, rdp); } rdp->sec_flags = 0; - stream_set_pos(s, length + sec_bytes); + stream_set_pos(s, length); if (transport_write(fastpath->rdp->transport, s) < 0) return false;