mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2188 from hopToDev/master

Browse Source 
Ignore T.128 FlowPDU in Share Control header
This commit is contained in:
Marc-André Moreau 2014-11-10 13:54:12 -05:00
commit b7c6e9c050
3 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libfreerdp/core/peer.c
View File

@ -379,6 +379,11 @@ static int peer_recv_tpkt_pdu(freerdp_peer* client, wStream* s)
return -1; return -1;
break; break;
case PDU_TYPE_FLOW_RESPONSE:
case PDU_TYPE_FLOW_STOP:
case PDU_TYPE_FLOW_TEST:
break;
default: default:
WLog_ERR(TAG, "Client sent pduType %d", pduType); WLog_ERR(TAG, "Client sent pduType %d", pduType);
return -1; return -1;

38
libfreerdp/core/rdp.c
View File

@ -112,6 +112,15 @@ BOOL rdp_read_share_control_header(wStream* s, UINT16* length, UINT16* type, UIN
/* Share Control Header */ /* Share Control Header */
Stream_Read_UINT16(s, *length); /* totalLength */ Stream_Read_UINT16(s, *length); /* totalLength */
/* If length is 0x8000 then we actually got a flow control PDU that we should ignore
http://msdn.microsoft.com/en-us/library/cc240576.aspx */
if (*length == 0x8000)
{
rdp_read_flow_control_pdu(s, type);
*length = 8; /* Flow control PDU is 8 bytes */
return TRUE;
}
if (((size_t) *length - 2) > Stream_GetRemainingLength(s)) if (((size_t) *length - 2) > Stream_GetRemainingLength(s))
return FALSE; return FALSE;
@ -894,12 +903,36 @@ int rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, wStream* s)
{ {
return rdp_recv_enhanced_security_redirection_packet(rdp, s); return rdp_recv_enhanced_security_redirection_packet(rdp, s);
} }
else if (type == PDU_TYPE_FLOW_RESPONSE ||
type == PDU_TYPE_FLOW_STOP ||
type == PDU_TYPE_FLOW_TEST)
{
return 0;
}
else else
{ {
return -1; return -1;
} }
} }
void rdp_read_flow_control_pdu(wStream* s, UINT16* type)
{
/*
* Read flow control PDU - documented in FlowPDU section in T.128
* http://www.itu.int/rec/T-REC-T.128-199802-S/en
* The specification for the PDU has pad8bits listed BEFORE pduTypeFlow.
* However, so far pad8bits has always been observed to arrive AFTER pduTypeFlow.
* Switched the order of these two fields to match this observation.
*/
UINT8 pduType;
Stream_Read_UINT8(s, pduType); /* pduTypeFlow */
*type = pduType;
Stream_Seek_UINT8(s); /* pad8bits */
Stream_Seek_UINT8(s); /* flowIdentifier */
Stream_Seek_UINT8(s); /* flowNumber */
Stream_Seek_UINT16(s); /* pduSource */
}
/** /**
* Decrypt an RDP packet.\n * Decrypt an RDP packet.\n
* @param rdp RDP module * @param rdp RDP module
@ -1058,6 +1091,11 @@ static int rdp_recv_tpkt_pdu(rdpRdp* rdp, wStream* s)
case PDU_TYPE_SERVER_REDIRECTION: case PDU_TYPE_SERVER_REDIRECTION:
return rdp_recv_enhanced_security_redirection_packet(rdp, s); return rdp_recv_enhanced_security_redirection_packet(rdp, s);
break; break;
case PDU_TYPE_FLOW_RESPONSE:
case PDU_TYPE_FLOW_STOP:
case PDU_TYPE_FLOW_TEST:
break;
default: default:
WLog_ERR(TAG, "incorrect PDU type: 0x%04X", pduType); WLog_ERR(TAG, "incorrect PDU type: 0x%04X", pduType);

6
libfreerdp/core/rdp.h
View File

@ -83,6 +83,10 @@
#define PDU_TYPE_DATA 0x7 #define PDU_TYPE_DATA 0x7
#define PDU_TYPE_SERVER_REDIRECTION 0xA #define PDU_TYPE_SERVER_REDIRECTION 0xA
#define PDU_TYPE_FLOW_TEST 0x41
#define PDU_TYPE_FLOW_RESPONSE 0x42
#define PDU_TYPE_FLOW_STOP 0x43
#define FINALIZE_SC_SYNCHRONIZE_PDU 0x01 #define FINALIZE_SC_SYNCHRONIZE_PDU 0x01
#define FINALIZE_SC_CONTROL_COOPERATE_PDU 0x02 #define FINALIZE_SC_CONTROL_COOPERATE_PDU 0x02
#define FINALIZE_SC_CONTROL_GRANTED_PDU 0x04 #define FINALIZE_SC_CONTROL_GRANTED_PDU 0x04
@ -206,6 +210,8 @@ int rdp_recv_message_channel_pdu(rdpRdp* rdp, wStream* s);
int rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, wStream* s); int rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, wStream* s);
void rdp_read_flow_control_pdu(wStream* s, UINT16* type);
void rdp_set_blocking_mode(rdpRdp* rdp, BOOL blocking); void rdp_set_blocking_mode(rdpRdp* rdp, BOOL blocking);
int rdp_check_fds(rdpRdp* rdp); int rdp_check_fds(rdpRdp* rdp);