mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

transport_read: ensure stream buf size >= pdu size

Browse Source 
Without this check a simple nc < /dev/urandom server:3389 could
kill the server instantly.
This commit is contained in:
Norbert Federa 2014-07-10 12:09:48 +02:00
parent 1d8e2fc95f
commit c206a35c12
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libfreerdp/core/transport.c
View File

@ -744,6 +744,7 @@ int transport_read(rdpTransport* transport, wStream* s)
if (position < 4)
{
Stream_EnsureCapacity(s, 4);
status = transport_read_layer(transport, Stream_Buffer(s) + position, 4 - position);
if (status < 0)
@ -811,6 +812,13 @@ int transport_read(rdpTransport* transport, wStream* s)
}
}
if (pduLength < 0 || pduLength > 0xFFFF)
{
fprintf(stderr, "%s: invalid pduLength: %d\n", __FUNCTION__, pduLength);
return -1;
}
Stream_EnsureCapacity(s, pduLength);
status = transport_read_layer(transport, Stream_Buffer(s) + position, pduLength - position);
if (status < 0)