From b3ae8cec8daa9d0f6d2444a52bc9f4a9d11c8308 Mon Sep 17 00:00:00 2001 From: Pascal Nowack Date: Sun, 19 Sep 2021 14:44:23 +0200 Subject: [PATCH] rdpei/server: Fix PDU length for RDPINPUT_PROTOCOL_V300 When the server supports the protocol version RDPINPUT_PROTOCOL_V300, the additional supportedFeatures field will be present. The pduLength in the RDPINPUT_HEADER should, however, reflect this. So, fix this error by writing the correct PDU length when the supportedFeatures field is present. --- channels/rdpei/server/rdpei_main.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/channels/rdpei/server/rdpei_main.c b/channels/rdpei/server/rdpei_main.c index 5cb717e74..558a54190 100644 --- a/channels/rdpei/server/rdpei_main.c +++ b/channels/rdpei/server/rdpei_main.c @@ -602,6 +602,7 @@ UINT rdpei_server_send_sc_ready(RdpeiServerContext* context, UINT32 version, UIN { ULONG written; RdpeiServerPrivate* priv = context->priv; + UINT32 pduLen = 4; if (priv->automataState != STATE_INITIAL) { @@ -611,14 +612,17 @@ UINT rdpei_server_send_sc_ready(RdpeiServerContext* context, UINT32 version, UIN Stream_SetPosition(priv->outputStream, 0); - if (!Stream_EnsureCapacity(priv->outputStream, RDPINPUT_HEADER_LENGTH + 4)) + if (version >= RDPINPUT_PROTOCOL_V300) + pduLen += 4; + + if (!Stream_EnsureCapacity(priv->outputStream, RDPINPUT_HEADER_LENGTH + pduLen)) { WLog_ERR(TAG, "Stream_EnsureCapacity failed!"); return CHANNEL_RC_NO_MEMORY; } Stream_Write_UINT16(priv->outputStream, EVENTID_SC_READY); - Stream_Write_UINT32(priv->outputStream, RDPINPUT_HEADER_LENGTH + 4); + Stream_Write_UINT32(priv->outputStream, RDPINPUT_HEADER_LENGTH + pduLen); Stream_Write_UINT32(priv->outputStream, version); if (version >= RDPINPUT_PROTOCOL_V300) Stream_Write_UINT32(priv->outputStream, features);