checks stream size in rail client channel

This commit is contained in:
rdp.effort 2013-01-11 01:31:48 +01:00
parent dc9777bea0
commit a63598e2be
2 changed files with 80 additions and 47 deletions

View File

@ -88,10 +88,13 @@ void rail_string_to_unicode_string(rdpRailOrder* rail_order, char* string, RAIL_
unicode_string->length = (UINT16) length;
}
void rail_read_pdu_header(STREAM* s, UINT16* orderType, UINT16* orderLength)
BOOL rail_read_pdu_header(STREAM* s, UINT16* orderType, UINT16* orderLength)
{
if(stream_get_left(s) < 4)
return FALSE;
stream_read_UINT16(s, *orderType); /* orderType (2 bytes) */
stream_read_UINT16(s, *orderLength); /* orderLength (2 bytes) */
return TRUE;
}
void rail_write_pdu_header(STREAM* s, UINT16 orderType, UINT16 orderLength)
@ -133,23 +136,31 @@ void rail_write_high_contrast(STREAM* s, HIGH_CONTRAST* high_contrast)
rail_write_unicode_string(s, &high_contrast->colorScheme); /* colorScheme */
}
void rail_read_handshake_order(STREAM* s, RAIL_HANDSHAKE_ORDER* handshake)
BOOL rail_read_handshake_order(STREAM* s, RAIL_HANDSHAKE_ORDER* handshake)
{
if(stream_get_left(s) < 4)
return FALSE;
stream_read_UINT32(s, handshake->buildNumber); /* buildNumber (4 bytes) */
return TRUE;
}
void rail_read_server_exec_result_order(STREAM* s, RAIL_EXEC_RESULT_ORDER* exec_result)
BOOL rail_read_server_exec_result_order(STREAM* s, RAIL_EXEC_RESULT_ORDER* exec_result)
{
if(stream_get_left(s) < 8)
return FALSE;
stream_read_UINT16(s, exec_result->flags); /* flags (2 bytes) */
stream_read_UINT16(s, exec_result->execResult); /* execResult (2 bytes) */
stream_read_UINT32(s, exec_result->rawResult); /* rawResult (4 bytes) */
stream_seek_UINT16(s); /* padding (2 bytes) */
rail_read_unicode_string(s, &exec_result->exeOrFile); /* exeOrFile */
return rail_read_unicode_string(s, &exec_result->exeOrFile); /* exeOrFile */
}
void rail_read_server_sysparam_order(STREAM* s, RAIL_SYSPARAM_ORDER* sysparam)
BOOL rail_read_server_sysparam_order(STREAM* s, RAIL_SYSPARAM_ORDER* sysparam)
{
BYTE body;
if(stream_get_left(s) < 5)
return FALSE;
stream_read_UINT32(s, sysparam->param); /* systemParam (4 bytes) */
stream_read_BYTE(s, body); /* body (1 byte) */
@ -166,10 +177,13 @@ void rail_read_server_sysparam_order(STREAM* s, RAIL_SYSPARAM_ORDER* sysparam)
default:
break;
}
return TRUE;
}
void rail_read_server_minmaxinfo_order(STREAM* s, RAIL_MINMAXINFO_ORDER* minmaxinfo)
BOOL rail_read_server_minmaxinfo_order(STREAM* s, RAIL_MINMAXINFO_ORDER* minmaxinfo)
{
if(stream_get_left(s) < 20)
return FALSE;
stream_read_UINT32(s, minmaxinfo->windowId); /* windowId (4 bytes) */
stream_read_UINT16(s, minmaxinfo->maxWidth); /* maxWidth (2 bytes) */
stream_read_UINT16(s, minmaxinfo->maxHeight); /* maxHeight (2 bytes) */
@ -179,11 +193,14 @@ void rail_read_server_minmaxinfo_order(STREAM* s, RAIL_MINMAXINFO_ORDER* minmaxi
stream_read_UINT16(s, minmaxinfo->minTrackHeight); /* minTrackHeight (2 bytes) */
stream_read_UINT16(s, minmaxinfo->maxTrackWidth); /* maxTrackWidth (2 bytes) */
stream_read_UINT16(s, minmaxinfo->maxTrackHeight); /* maxTrackHeight (2 bytes) */
return TRUE;
}
void rail_read_server_localmovesize_order(STREAM* s, RAIL_LOCALMOVESIZE_ORDER* localmovesize)
BOOL rail_read_server_localmovesize_order(STREAM* s, RAIL_LOCALMOVESIZE_ORDER* localmovesize)
{
UINT16 isMoveSizeStart;
if(stream_get_left(s) < 12)
return FALSE;
stream_read_UINT32(s, localmovesize->windowId); /* windowId (4 bytes) */
stream_read_UINT16(s, isMoveSizeStart); /* isMoveSizeStart (2 bytes) */
@ -192,20 +209,27 @@ void rail_read_server_localmovesize_order(STREAM* s, RAIL_LOCALMOVESIZE_ORDER* l
stream_read_UINT16(s, localmovesize->moveSizeType); /* moveSizeType (2 bytes) */
stream_read_UINT16(s, localmovesize->posX); /* posX (2 bytes) */
stream_read_UINT16(s, localmovesize->posY); /* posY (2 bytes) */
return TRUE;
}
void rail_read_server_get_appid_resp_order(STREAM* s, RAIL_GET_APPID_RESP_ORDER* get_appid_resp)
BOOL rail_read_server_get_appid_resp_order(STREAM* s, RAIL_GET_APPID_RESP_ORDER* get_appid_resp)
{
if(stream_get_left(s) < 516)
return FALSE;
stream_read_UINT32(s, get_appid_resp->windowId); /* windowId (4 bytes) */
stream_read(s, &get_appid_resp->applicationIdBuffer[0], 512); /* applicationId (256 UNICODE chars) */
get_appid_resp->applicationId.length = 512;
get_appid_resp->applicationId.string = &get_appid_resp->applicationIdBuffer[0];
return TRUE;
}
void rail_read_langbar_info_order(STREAM* s, RAIL_LANGBAR_INFO_ORDER* langbar_info)
BOOL rail_read_langbar_info_order(STREAM* s, RAIL_LANGBAR_INFO_ORDER* langbar_info)
{
if(stream_get_left(s) < 4)
return FALSE;
stream_read_UINT32(s, langbar_info->languageBarStatus); /* languageBarStatus (4 bytes) */
return TRUE;
}
void rail_write_handshake_order(STREAM* s, RAIL_HANDSHAKE_ORDER* handshake)
@ -332,9 +356,10 @@ void rail_write_langbar_info_order(STREAM* s, RAIL_LANGBAR_INFO_ORDER* langbar_i
stream_write_UINT32(s, langbar_info->languageBarStatus); /* languageBarStatus (4 bytes) */
}
void rail_recv_handshake_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_handshake_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_handshake_order(s, &rail_order->handshake);
if(!rail_read_handshake_order(s, &rail_order->handshake))
return FALSE;
rail_order->handshake.buildNumber = 0x00001DB0;
rail_send_handshake_order(rail_order);
@ -371,56 +396,70 @@ void rail_recv_handshake_order(rdpRailOrder* rail_order, STREAM* s)
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_GET_SYSPARAMS, &rail_order->sysparam);
return TRUE;
}
void rail_recv_exec_result_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_exec_result_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_server_exec_result_order(s, &rail_order->exec_result);
if(!rail_read_server_exec_result_order(s, &rail_order->exec_result))
return FALSE;
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_EXEC_RESULTS, &rail_order->exec_result);
return TRUE;
}
void rail_recv_server_sysparam_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_server_sysparam_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_server_sysparam_order(s, &rail_order->sysparam);
if(!rail_read_server_sysparam_order(s, &rail_order->sysparam))
return FALSE;
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_SERVER_SYSPARAM, &rail_order->sysparam);
return TRUE;
}
void rail_recv_server_minmaxinfo_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_server_minmaxinfo_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_server_minmaxinfo_order(s, &rail_order->minmaxinfo);
if(!rail_read_server_minmaxinfo_order(s, &rail_order->minmaxinfo))
return FALSE;
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_SERVER_MINMAXINFO, &rail_order->minmaxinfo);
return TRUE;
}
void rail_recv_server_localmovesize_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_server_localmovesize_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_server_localmovesize_order(s, &rail_order->localmovesize);
if(!rail_read_server_localmovesize_order(s, &rail_order->localmovesize))
return FALSE;
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_SERVER_LOCALMOVESIZE, &rail_order->localmovesize);
return TRUE;
}
void rail_recv_server_get_appid_resp_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_server_get_appid_resp_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_server_get_appid_resp_order(s, &rail_order->get_appid_resp);
if(!rail_read_server_get_appid_resp_order(s, &rail_order->get_appid_resp))
return FALSE;
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_APPID_RESP, &rail_order->get_appid_resp);
return TRUE;
}
void rail_recv_langbar_info_order(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_recv_langbar_info_order(rdpRailOrder* rail_order, STREAM* s)
{
rail_read_langbar_info_order(s, &rail_order->langbar_info);
if(!rail_read_langbar_info_order(s, &rail_order->langbar_info))
return FALSE;
rail_send_channel_event(rail_order->plugin,
RDP_EVENT_TYPE_RAIL_CHANNEL_LANGBARINFO, &rail_order->langbar_info);
return TRUE;
}
void rail_order_recv(rdpRailOrder* rail_order, STREAM* s)
BOOL rail_order_recv(rdpRailOrder* rail_order, STREAM* s)
{
UINT16 orderType;
UINT16 orderLength;
rail_read_pdu_header(s, &orderType, &orderLength);
if(!rail_read_pdu_header(s, &orderType, &orderLength))
return FALSE;
DEBUG_RAIL("Received %s PDU, length:%d",
RAIL_ORDER_TYPE_STRINGS[((orderType & 0xF0) >> 3) + (orderType & 0x0F)], orderLength);
@ -428,37 +467,31 @@ void rail_order_recv(rdpRailOrder* rail_order, STREAM* s)
switch (orderType)
{
case RDP_RAIL_ORDER_HANDSHAKE:
rail_recv_handshake_order(rail_order, s);
break;
return rail_recv_handshake_order(rail_order, s);
case RDP_RAIL_ORDER_EXEC_RESULT:
rail_recv_exec_result_order(rail_order, s);
break;
return rail_recv_exec_result_order(rail_order, s);
case RDP_RAIL_ORDER_SYSPARAM:
rail_recv_server_sysparam_order(rail_order, s);
break;
return rail_recv_server_sysparam_order(rail_order, s);
case RDP_RAIL_ORDER_MINMAXINFO:
rail_recv_server_minmaxinfo_order(rail_order, s);
break;
return rail_recv_server_minmaxinfo_order(rail_order, s);
case RDP_RAIL_ORDER_LOCALMOVESIZE:
rail_recv_server_localmovesize_order(rail_order, s);
break;
return rail_recv_server_localmovesize_order(rail_order, s);
case RDP_RAIL_ORDER_GET_APPID_RESP:
rail_recv_server_get_appid_resp_order(rail_order, s);
break;
return rail_recv_server_get_appid_resp_order(rail_order, s);
case RDP_RAIL_ORDER_LANGBARINFO:
rail_recv_langbar_info_order(rail_order, s);
break;
return rail_recv_langbar_info_order(rail_order, s);
default:
printf("Unknown RAIL PDU order reveived.");
break;
}
return TRUE;
}
void rail_send_handshake_order(rdpRailOrder* rail_order)

View File

@ -56,13 +56,13 @@
void rail_string_to_unicode_string(rdpRailOrder* rail_order, char* string, RAIL_UNICODE_STRING* unicode_string);
void rail_read_handshake_order(STREAM* s, RAIL_HANDSHAKE_ORDER* handshake);
void rail_read_server_exec_result_order(STREAM* s, RAIL_EXEC_RESULT_ORDER* exec_result);
void rail_read_server_sysparam_order(STREAM* s, RAIL_SYSPARAM_ORDER* sysparam);
void rail_read_server_minmaxinfo_order(STREAM* s, RAIL_MINMAXINFO_ORDER* minmaxinfo);
void rail_read_server_localmovesize_order(STREAM* s, RAIL_LOCALMOVESIZE_ORDER* localmovesize);
void rail_read_server_get_appid_resp_order(STREAM* s, RAIL_GET_APPID_RESP_ORDER* get_appid_resp);
void rail_read_langbar_info_order(STREAM* s, RAIL_LANGBAR_INFO_ORDER* langbar_info);
BOOL rail_read_handshake_order(STREAM* s, RAIL_HANDSHAKE_ORDER* handshake);
BOOL rail_read_server_exec_result_order(STREAM* s, RAIL_EXEC_RESULT_ORDER* exec_result);
BOOL rail_read_server_sysparam_order(STREAM* s, RAIL_SYSPARAM_ORDER* sysparam);
BOOL rail_read_server_minmaxinfo_order(STREAM* s, RAIL_MINMAXINFO_ORDER* minmaxinfo);
BOOL rail_read_server_localmovesize_order(STREAM* s, RAIL_LOCALMOVESIZE_ORDER* localmovesize);
BOOL rail_read_server_get_appid_resp_order(STREAM* s, RAIL_GET_APPID_RESP_ORDER* get_appid_resp);
BOOL rail_read_langbar_info_order(STREAM* s, RAIL_LANGBAR_INFO_ORDER* langbar_info);
void rail_write_handshake_order(STREAM* s, RAIL_HANDSHAKE_ORDER* handshake);
void rail_write_client_status_order(STREAM* s, RAIL_CLIENT_STATUS_ORDER* client_status);
@ -76,7 +76,7 @@ void rail_write_client_window_move_order(STREAM* s, RAIL_WINDOW_MOVE_ORDER* wind
void rail_write_client_get_appid_req_order(STREAM* s, RAIL_GET_APPID_REQ_ORDER* get_appid_req);
void rail_write_langbar_info_order(STREAM* s, RAIL_LANGBAR_INFO_ORDER* langbar_info);
void rail_order_recv(rdpRailOrder* rail_order, STREAM* s);
BOOL rail_order_recv(rdpRailOrder* rail_order, STREAM* s);
void rail_send_handshake_order(rdpRailOrder* rail_order);
void rail_send_client_status_order(rdpRailOrder* rail_order);