mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed file name pattern checks in freerdp_channels_list_dynamic_addins 

Reported by George Zaytsev from Positive Technologies

(cherry picked from commit 359bee229c95cbf008cdb32a62bd304e44857b8a)
This commit is contained in:
akallabeth 2021-12-22 09:04:04 +01:00 committed by Armin Novak
parent bdcc13f96f
commit ce2c783016
1 changed files with 70 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
channels/client/addin.c
View File

@ -231,10 +231,8 @@ static FREERDP_ADDIN** freerdp_channels_list_dynamic_addins(LPCSTR pszName, LPCS
do do
{ {
char* p[5]; BOOL used = FALSE;
FREERDP_ADDIN* pAddin; FREERDP_ADDIN* pAddin = (FREERDP_ADDIN*)calloc(1, sizeof(FREERDP_ADDIN));
nDashes = 0;
pAddin = (FREERDP_ADDIN*)calloc(1, sizeof(FREERDP_ADDIN));
if (!pAddin) if (!pAddin)
{ {
@ -242,57 +240,116 @@ static FREERDP_ADDIN** freerdp_channels_list_dynamic_addins(LPCSTR pszName, LPCS
goto error_out; goto error_out;
} }
nDashes = 0;
for (index = 0; FindData.cFileName[index]; index++) for (index = 0; FindData.cFileName[index]; index++)
nDashes += (FindData.cFileName[index] == '-') ? 1 : 0; nDashes += (FindData.cFileName[index] == '-') ? 1 : 0;
if (nDashes == 1) if (nDashes == 1)
{ {
size_t len;
char* p[2] = { 0 };
/* <name>-client.<extension> */ /* <name>-client.<extension> */
p[0] = FindData.cFileName; p[0] = FindData.cFileName;
p[1] = strchr(p[0], '-') + 1; p[1] = strchr(p[0], '-') + 1;
strncpy(pAddin->cName, p[0], (p[1] - p[0]) - 1);
len = p[1] - p[0];
if (len < 1)
{
WLog_WARN(TAG, "Skipping file '%s', invalid format", FindData.cFileName);
goto skip;
}
strncpy(pAddin->cName, p[0], MIN(ARRAYSIZE(pAddin->cName), len - 1));
pAddin->dwFlags = FREERDP_ADDIN_CLIENT; pAddin->dwFlags = FREERDP_ADDIN_CLIENT;
pAddin->dwFlags |= FREERDP_ADDIN_DYNAMIC; pAddin->dwFlags |= FREERDP_ADDIN_DYNAMIC;
pAddin->dwFlags |= FREERDP_ADDIN_NAME; pAddin->dwFlags |= FREERDP_ADDIN_NAME;
ppAddins[nAddins++] = pAddin; ppAddins[nAddins++] = pAddin;
used = TRUE;
} }
else if (nDashes == 2) else if (nDashes == 2)
{ {
size_t len;
char* p[4] = { 0 };
/* <name>-client-<subsystem>.<extension> */ /* <name>-client-<subsystem>.<extension> */
p[0] = FindData.cFileName; p[0] = FindData.cFileName;
p[1] = strchr(p[0], '-') + 1; p[1] = strchr(p[0], '-') + 1;
p[2] = strchr(p[1], '-') + 1; p[2] = strchr(p[1], '-') + 1;
p[3] = strchr(p[2], '.') + 1; p[3] = strchr(p[2], '.') + 1;
strncpy(pAddin->cName, p[0], (p[1] - p[0]) - 1);
strncpy(pAddin->cSubsystem, p[2], (p[3] - p[2]) - 1); len = p[1] - p[0];
if (len < 1)
{
WLog_WARN(TAG, "Skipping file '%s', invalid format", FindData.cFileName);
goto skip;
}
strncpy(pAddin->cName, p[0], MIN(ARRAYSIZE(pAddin->cName), len - 1));
len = p[3] - p[2];
if (len < 1)
{
WLog_WARN(TAG, "Skipping file '%s', invalid format", FindData.cFileName);
goto skip;
}
strncpy(pAddin->cSubsystem, p[2], MIN(ARRAYSIZE(pAddin->cSubsystem), len - 1));
pAddin->dwFlags = FREERDP_ADDIN_CLIENT; pAddin->dwFlags = FREERDP_ADDIN_CLIENT;
pAddin->dwFlags |= FREERDP_ADDIN_DYNAMIC; pAddin->dwFlags |= FREERDP_ADDIN_DYNAMIC;
pAddin->dwFlags |= FREERDP_ADDIN_NAME; pAddin->dwFlags |= FREERDP_ADDIN_NAME;
pAddin->dwFlags |= FREERDP_ADDIN_SUBSYSTEM; pAddin->dwFlags |= FREERDP_ADDIN_SUBSYSTEM;
ppAddins[nAddins++] = pAddin; ppAddins[nAddins++] = pAddin;
used = TRUE;
} }
else if (nDashes == 3) else if (nDashes == 3)
{ {
size_t len;
char* p[5] = { 0 };
/* <name>-client-<subsystem>-<type>.<extension> */ /* <name>-client-<subsystem>-<type>.<extension> */
p[0] = FindData.cFileName; p[0] = FindData.cFileName;
p[1] = strchr(p[0], '-') + 1; p[1] = strchr(p[0], '-') + 1;
p[2] = strchr(p[1], '-') + 1; p[2] = strchr(p[1], '-') + 1;
p[3] = strchr(p[2], '-') + 1; p[3] = strchr(p[2], '-') + 1;
p[4] = strchr(p[3], '.') + 1; p[4] = strchr(p[3], '.') + 1;
strncpy(pAddin->cName, p[0], (p[1] - p[0]) - 1);
strncpy(pAddin->cSubsystem, p[2], (p[3] - p[2]) - 1); len = p[1] - p[0];
strncpy(pAddin->cType, p[3], (p[4] - p[3]) - 1); if (len < 1)
{
WLog_WARN(TAG, "Skipping file '%s', invalid format", FindData.cFileName);
goto skip;
}
strncpy(pAddin->cName, p[0], MIN(ARRAYSIZE(pAddin->cName), len - 1));
len = p[3] - p[2];
if (len < 1)
{
WLog_WARN(TAG, "Skipping file '%s', invalid format", FindData.cFileName);
goto skip;
}
strncpy(pAddin->cSubsystem, p[2], MIN(ARRAYSIZE(pAddin->cSubsystem), len - 1));
len = p[4] - p[3];
if (len < 1)
{
WLog_WARN(TAG, "Skipping file '%s', invalid format", FindData.cFileName);
goto skip;
}
strncpy(pAddin->cType, p[3], MIN(ARRAYSIZE(pAddin->cType), len - 1));
pAddin->dwFlags = FREERDP_ADDIN_CLIENT; pAddin->dwFlags = FREERDP_ADDIN_CLIENT;
pAddin->dwFlags |= FREERDP_ADDIN_DYNAMIC; pAddin->dwFlags |= FREERDP_ADDIN_DYNAMIC;
pAddin->dwFlags |= FREERDP_ADDIN_NAME; pAddin->dwFlags |= FREERDP_ADDIN_NAME;
pAddin->dwFlags |= FREERDP_ADDIN_SUBSYSTEM; pAddin->dwFlags |= FREERDP_ADDIN_SUBSYSTEM;
pAddin->dwFlags |= FREERDP_ADDIN_TYPE; pAddin->dwFlags |= FREERDP_ADDIN_TYPE;
ppAddins[nAddins++] = pAddin; ppAddins[nAddins++] = pAddin;
used = TRUE;
} }
else
{ skip:
if (!used)
free(pAddin); free(pAddin);
}
} while (FindNextFileA(hFind, &FindData)); } while (FindNextFileA(hFind, &FindData));
FindClose(hFind); FindClose(hFind);