mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

smartcard: Fix length of output buffer in device control response

Browse Source
This commit is contained in:
Martin Fleisz 2021-07-06 16:48:06 +02:00 committed by akallabeth
parent 6ecdd82e28
commit 9d031012be
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
channels/smartcard/client/smartcard_operations.c
View File

@ -702,12 +702,14 @@ static LONG smartcard_ListReadersW_Call(SMARTCARD_DEVICE* smartcard, SMARTCARD_O
DWORD cchReaders = 0;
IRP* irp = operation->irp;
ListReaders_Call* call = &operation->call.listReaders;
union {
union
{
const BYTE* bp;
const char* sz;
const WCHAR* wz;
} string;
union {
union
{
WCHAR** ppw;
WCHAR* pw;
CHAR* pc;
@ -2686,7 +2688,7 @@ LONG smartcard_irp_device_control_call(SMARTCARD_DEVICE* smartcard, SMARTCARD_OP
Stream_SealLength(irp->output);
outputBufferLength = Stream_Length(irp->output);
WINPR_ASSERT(outputBufferLength >= RDPDR_DEVICE_IO_RESPONSE_LENGTH - 4U);
outputBufferLength -= RDPDR_DEVICE_IO_RESPONSE_LENGTH - 4U;
outputBufferLength -= (RDPDR_DEVICE_IO_RESPONSE_LENGTH + 4U);
WINPR_ASSERT(outputBufferLength >= RDPDR_DEVICE_IO_RESPONSE_LENGTH);
objectBufferLength = outputBufferLength - RDPDR_DEVICE_IO_RESPONSE_LENGTH;
WINPR_ASSERT(outputBufferLength <= UINT32_MAX);