Add checks for DR channel
This commit is contained in:
parent
b624ecbfce
commit
a132922376
@ -561,6 +561,9 @@ BOOL drive_file_set_information(DRIVE_FILE* file, UINT32 FsInformationClass, UIN
|
|||||||
switch (FsInformationClass)
|
switch (FsInformationClass)
|
||||||
{
|
{
|
||||||
case FileBasicInformation:
|
case FileBasicInformation:
|
||||||
|
if (Stream_GetRemainingLength(input) < 36)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
/* http://msdn.microsoft.com/en-us/library/cc232094.aspx */
|
/* http://msdn.microsoft.com/en-us/library/cc232094.aspx */
|
||||||
Stream_Read_UINT64(input, liCreationTime.QuadPart);
|
Stream_Read_UINT64(input, liCreationTime.QuadPart);
|
||||||
Stream_Read_UINT64(input, liLastAccessTime.QuadPart);
|
Stream_Read_UINT64(input, liLastAccessTime.QuadPart);
|
||||||
@ -620,6 +623,9 @@ BOOL drive_file_set_information(DRIVE_FILE* file, UINT32 FsInformationClass, UIN
|
|||||||
|
|
||||||
/* http://msdn.microsoft.com/en-us/library/cc232067.aspx */
|
/* http://msdn.microsoft.com/en-us/library/cc232067.aspx */
|
||||||
case FileAllocationInformation:
|
case FileAllocationInformation:
|
||||||
|
if (Stream_GetRemainingLength(input) < 8)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
/* http://msdn.microsoft.com/en-us/library/cc232076.aspx */
|
/* http://msdn.microsoft.com/en-us/library/cc232076.aspx */
|
||||||
Stream_Read_INT64(input, size);
|
Stream_Read_INT64(input, size);
|
||||||
|
|
||||||
@ -656,7 +662,12 @@ BOOL drive_file_set_information(DRIVE_FILE* file, UINT32 FsInformationClass, UIN
|
|||||||
break; /* TODO: SetLastError ??? */
|
break; /* TODO: SetLastError ??? */
|
||||||
|
|
||||||
if (Length)
|
if (Length)
|
||||||
|
{
|
||||||
|
if (Stream_GetRemainingLength(input) < 1)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
Stream_Read_UINT8(input, delete_pending);
|
Stream_Read_UINT8(input, delete_pending);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
delete_pending = 1;
|
delete_pending = 1;
|
||||||
|
|
||||||
@ -676,13 +687,19 @@ BOOL drive_file_set_information(DRIVE_FILE* file, UINT32 FsInformationClass, UIN
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case FileRenameInformation:
|
case FileRenameInformation:
|
||||||
|
if (Stream_GetRemainingLength(input) < 6)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
/* http://msdn.microsoft.com/en-us/library/cc232085.aspx */
|
/* http://msdn.microsoft.com/en-us/library/cc232085.aspx */
|
||||||
Stream_Read_UINT8(input, ReplaceIfExists);
|
Stream_Read_UINT8(input, ReplaceIfExists);
|
||||||
Stream_Seek_UINT8(input); /* RootDirectory */
|
Stream_Seek_UINT8(input); /* RootDirectory */
|
||||||
Stream_Read_UINT32(input, FileNameLength);
|
Stream_Read_UINT32(input, FileNameLength);
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(input) < FileNameLength)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
fullpath = drive_file_combine_fullpath(file->basepath, (WCHAR*)Stream_Pointer(input),
|
fullpath = drive_file_combine_fullpath(file->basepath, (WCHAR*)Stream_Pointer(input),
|
||||||
FileNameLength);
|
FileNameLength);
|
||||||
|
|
||||||
if (!fullpath)
|
if (!fullpath)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "drive_file_combine_fullpath failed!");
|
WLog_ERR(TAG, "drive_file_combine_fullpath failed!");
|
||||||
|
@ -274,10 +274,13 @@ static UINT drive_process_irp_read(DRIVE_DEVICE* drive, IRP* irp)
|
|||||||
if (!drive || !irp || !irp->output || !irp->Complete)
|
if (!drive || !irp || !irp->output || !irp->Complete)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(irp->input) < 12)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, Length);
|
Stream_Read_UINT32(irp->input, Length);
|
||||||
Stream_Read_UINT64(irp->input, Offset);
|
Stream_Read_UINT64(irp->input, Offset);
|
||||||
file = drive_get_file_by_id(drive, irp->FileId);
|
|
||||||
|
|
||||||
|
file = drive_get_file_by_id(drive, irp->FileId);
|
||||||
if (!file)
|
if (!file)
|
||||||
{
|
{
|
||||||
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
||||||
@ -328,11 +331,14 @@ static UINT drive_process_irp_write(DRIVE_DEVICE* drive, IRP* irp)
|
|||||||
if (!drive || !irp || !irp->input || !irp->output || !irp->Complete)
|
if (!drive || !irp || !irp->input || !irp->output || !irp->Complete)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(irp->input) < 32)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, Length);
|
Stream_Read_UINT32(irp->input, Length);
|
||||||
Stream_Read_UINT64(irp->input, Offset);
|
Stream_Read_UINT64(irp->input, Offset);
|
||||||
Stream_Seek(irp->input, 20); /* Padding */
|
Stream_Seek(irp->input, 20); /* Padding */
|
||||||
file = drive_get_file_by_id(drive, irp->FileId);
|
|
||||||
|
|
||||||
|
file = drive_get_file_by_id(drive, irp->FileId);
|
||||||
if (!file)
|
if (!file)
|
||||||
{
|
{
|
||||||
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
||||||
@ -367,9 +373,12 @@ static UINT drive_process_irp_query_information(DRIVE_DEVICE* drive, IRP* irp)
|
|||||||
if (!drive || !irp || !irp->Complete)
|
if (!drive || !irp || !irp->Complete)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, FsInformationClass);
|
if (Stream_GetRemainingLength(irp->input) < 4)
|
||||||
file = drive_get_file_by_id(drive, irp->FileId);
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
|
Stream_Read_UINT32(irp->input, FsInformationClass);
|
||||||
|
|
||||||
|
file = drive_get_file_by_id(drive, irp->FileId);
|
||||||
if (!file)
|
if (!file)
|
||||||
{
|
{
|
||||||
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
||||||
@ -396,11 +405,14 @@ static UINT drive_process_irp_set_information(DRIVE_DEVICE* drive, IRP* irp)
|
|||||||
if (!drive || !irp || !irp->Complete || !irp->input || !irp->output)
|
if (!drive || !irp || !irp->Complete || !irp->input || !irp->output)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(irp->input) < 32)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, FsInformationClass);
|
Stream_Read_UINT32(irp->input, FsInformationClass);
|
||||||
Stream_Read_UINT32(irp->input, Length);
|
Stream_Read_UINT32(irp->input, Length);
|
||||||
Stream_Seek(irp->input, 24); /* Padding */
|
Stream_Seek(irp->input, 24); /* Padding */
|
||||||
file = drive_get_file_by_id(drive, irp->FileId);
|
|
||||||
|
|
||||||
|
file = drive_get_file_by_id(drive, irp->FileId);
|
||||||
if (!file)
|
if (!file)
|
||||||
{
|
{
|
||||||
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
||||||
@ -442,6 +454,9 @@ static UINT drive_process_irp_query_volume_information(DRIVE_DEVICE* drive,
|
|||||||
if (!drive || !irp)
|
if (!drive || !irp)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(irp->input) < 4)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, FsInformationClass);
|
Stream_Read_UINT32(irp->input, FsInformationClass);
|
||||||
GetDiskFreeSpaceW(drive->path, &lpSectorsPerCluster, &lpBytesPerSector, &lpNumberOfFreeClusters,
|
GetDiskFreeSpaceW(drive->path, &lpSectorsPerCluster, &lpBytesPerSector, &lpNumberOfFreeClusters,
|
||||||
&lpTotalNumberOfClusters);
|
&lpTotalNumberOfClusters);
|
||||||
@ -574,7 +589,11 @@ static UINT drive_process_irp_silent_ignore(DRIVE_DEVICE* drive, IRP* irp)
|
|||||||
if (!drive || !irp || !irp->output || !irp->Complete)
|
if (!drive || !irp || !irp->output || !irp->Complete)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(irp->input) < 4)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, FsInformationClass);
|
Stream_Read_UINT32(irp->input, FsInformationClass);
|
||||||
|
|
||||||
Stream_Write_UINT32(irp->output, 0); /* Length */
|
Stream_Write_UINT32(irp->output, 0); /* Length */
|
||||||
return irp->Complete(irp);
|
return irp->Complete(irp);
|
||||||
}
|
}
|
||||||
@ -595,13 +614,16 @@ static UINT drive_process_irp_query_directory(DRIVE_DEVICE* drive, IRP* irp)
|
|||||||
if (!drive || !irp || !irp->Complete)
|
if (!drive || !irp || !irp->Complete)
|
||||||
return ERROR_INVALID_PARAMETER;
|
return ERROR_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (Stream_GetRemainingLength(irp->input) < 32)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
Stream_Read_UINT32(irp->input, FsInformationClass);
|
Stream_Read_UINT32(irp->input, FsInformationClass);
|
||||||
Stream_Read_UINT8(irp->input, InitialQuery);
|
Stream_Read_UINT8(irp->input, InitialQuery);
|
||||||
Stream_Read_UINT32(irp->input, PathLength);
|
Stream_Read_UINT32(irp->input, PathLength);
|
||||||
Stream_Seek(irp->input, 23); /* Padding */
|
Stream_Seek(irp->input, 23); /* Padding */
|
||||||
path = (WCHAR*) Stream_Pointer(irp->input);
|
path = (WCHAR*) Stream_Pointer(irp->input);
|
||||||
file = drive_get_file_by_id(drive, irp->FileId);
|
|
||||||
|
|
||||||
|
file = drive_get_file_by_id(drive, irp->FileId);
|
||||||
if (file == NULL)
|
if (file == NULL)
|
||||||
{
|
{
|
||||||
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
irp->IoStatus = STATUS_UNSUCCESSFUL;
|
||||||
@ -756,11 +778,13 @@ static void* drive_thread_func(void* arg)
|
|||||||
irp = (IRP*) message.wParam;
|
irp = (IRP*) message.wParam;
|
||||||
|
|
||||||
if (irp)
|
if (irp)
|
||||||
|
{
|
||||||
if ((error = drive_process_irp(drive, irp)))
|
if ((error = drive_process_irp(drive, irp)))
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "drive_process_irp failed with error %"PRIu32"!", error);
|
WLog_ERR(TAG, "drive_process_irp failed with error %"PRIu32"!", error);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
|
@ -110,6 +110,7 @@ BOOL freerdp_channel_send(rdpRdp* rdp, UINT16 channelId, BYTE* data, int size)
|
|||||||
|
|
||||||
Stream_Write(s, data, chunkSize);
|
Stream_Write(s, data, chunkSize);
|
||||||
|
|
||||||
|
WLog_DBG(TAG, "%s: sending data (flags=0x%x size=%d)", __FUNCTION__, flags, size);
|
||||||
if (!rdp_send(rdp, s, channelId))
|
if (!rdp_send(rdp, s, channelId))
|
||||||
{
|
{
|
||||||
Stream_Release(s);
|
Stream_Release(s);
|
||||||
|
@ -604,6 +604,7 @@ BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id)
|
|||||||
Stream_SetPosition(s, length);
|
Stream_SetPosition(s, length);
|
||||||
Stream_SealLength(s);
|
Stream_SealLength(s);
|
||||||
|
|
||||||
|
WLog_DBG(TAG, "%s: sending data (type=0x%x size=%d channelId)", __FUNCTION__, type, Stream_Length(s), channel_id);
|
||||||
if (transport_write(rdp->transport, s) < 0)
|
if (transport_write(rdp->transport, s) < 0)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
@ -1224,6 +1225,7 @@ static int rdp_recv_tpkt_pdu(rdpRdp* rdp, wStream* s)
|
|||||||
case PDU_TYPE_FLOW_RESPONSE:
|
case PDU_TYPE_FLOW_RESPONSE:
|
||||||
case PDU_TYPE_FLOW_STOP:
|
case PDU_TYPE_FLOW_STOP:
|
||||||
case PDU_TYPE_FLOW_TEST:
|
case PDU_TYPE_FLOW_TEST:
|
||||||
|
WLog_DBG(TAG, "flow message 0x%04"PRIX16"", pduType);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -592,6 +592,7 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len, rdpRdp* rdp)
|
|||||||
BYTE salt[] = { 0xD1, 0x26, 0x9E }; /* 40 bits: 3 bytes, 56 bits: 1 byte */
|
BYTE salt[] = { 0xD1, 0x26, 0x9E }; /* 40 bits: 3 bytes, 56 bits: 1 byte */
|
||||||
BOOL result = FALSE;
|
BOOL result = FALSE;
|
||||||
|
|
||||||
|
WLog_DBG(TAG, "updating RDP key");
|
||||||
if (!(sha1 = winpr_Digest_New()))
|
if (!(sha1 = winpr_Digest_New()))
|
||||||
goto out;
|
goto out;
|
||||||
if (!winpr_Digest_Init(sha1, WINPR_MD_SHA1))
|
if (!winpr_Digest_Init(sha1, WINPR_MD_SHA1))
|
||||||
|
@ -562,6 +562,10 @@ BOOL update_recv(rdpUpdate* update, wStream* s)
|
|||||||
update_read_synchronize(update, s);
|
update_read_synchronize(update, s);
|
||||||
IFCALL(update->Synchronize, context);
|
IFCALL(update->Synchronize, context);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
WLog_ERR(TAG, "unknown update type %"PRIu16"", updateType);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
IFCALL(update->EndPaint, context);
|
IFCALL(update->EndPaint, context);
|
||||||
|
Loading…
Reference in New Issue
Block a user