libfreerdp-core: don't add sec_bytes in fastpath_send_input_pdu

fastpath_input_pdu_init already reserved space for fastpath_get_sec_bytes()
which thus already was included in stream_get_length() in
fastpath_send_input_pdu(). Adding sec_bytes again just added extra invalid (but
correctly hashed/encrypted) bytes to the PDU.
This commit is contained in:
Mads Kiilerich 2012-02-20 21:03:31 +01:00 committed by Anthony Tong
parent c46cdaf3fb
commit 93f0dad21b

View File

@ -553,23 +553,25 @@ boolean fastpath_send_input_pdu(rdpFastPath* fastpath, STREAM* s)
* because we can leave room for fixed-length header, store all
* the data first and then store the header.
*/
stream_write_uint16_be(s, 0x8000 | (length + sec_bytes));
stream_write_uint16_be(s, 0x8000 | length);
if (sec_bytes > 0)
{
uint8* ptr;
uint8* fpInputEvents;
uint16 fpInputEvents_length;
ptr = stream_get_tail(s) + sec_bytes;
fpInputEvents = stream_get_tail(s) + sec_bytes;
fpInputEvents_length = length - 3 - sec_bytes;
if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
security_salted_mac_signature(rdp, ptr, length - 3, true, stream_get_tail(s));
security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, true, stream_get_tail(s));
else
security_mac_signature(rdp, ptr, length - 3, stream_get_tail(s));
security_encrypt(ptr, length - 3, rdp);
security_mac_signature(rdp, fpInputEvents, fpInputEvents_length, stream_get_tail(s));
security_encrypt(fpInputEvents, fpInputEvents_length, rdp);
}
rdp->sec_flags = 0;
stream_set_pos(s, length + sec_bytes);
stream_set_pos(s, length);
if (transport_write(fastpath->rdp->transport, s) < 0)
return false;