[core,redirect] check TsvUrl on redirect

according to spec the TsvUrl must match the LoadBalanceInfo the client initially sent. Implement this check or else log an error.
2023-02-28 16:36:42 +01:00 · 2023-02-28 16:36:42 +01:00 · d0ef43f49b
parent 9c56ce1336
commit d0ef43f49b
1 changed files with 47 additions and 18 deletions
--- a/libfreerdp/core/redirection.c
+++ b/libfreerdp/core/redirection.c
@ -467,24 +467,6 @@ int rdp_redirection_apply_settings(rdpRdp* rdp)
 			return -1;
 	}

-	if (settings->RedirectionFlags & LB_LOAD_BALANCE_INFO)
-	{
-		/* LoadBalanceInfo may not contain a null terminator */
-		if (!freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo,
-		                                      redirection->LoadBalanceInfo,
-		                                      redirection->LoadBalanceInfoLength))
-			return -1;
-	}
-	else
-	{
-		/**
-		 * Free previous LoadBalanceInfo, if any, otherwise it may end up
-		 * being reused for the redirected session, which is not what we want.
-		 */
-		if (!freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo, NULL, 0))
-			return -1;
-	}
-
 	if (settings->RedirectionFlags & LB_USERNAME)
 	{
 		if (!freerdp_settings_set_string(settings, FreeRDP_RedirectionUsername,
@ -548,6 +530,35 @@ int rdp_redirection_apply_settings(rdpRdp* rdp)
 		if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RedirectionTsvUrl,
 		                                      redirection->TsvUrl, redirection->TsvUrlLength))
 			return -1;
+
+		const size_t lblen = freerdp_settings_get_uint32(settings, FreeRDP_LoadBalanceInfoLength);
+		const char* lb = freerdp_settings_get_pointer(settings, FreeRDP_LoadBalanceInfo);
+		if (lblen > 0)
+		{
+			BOOL valid = TRUE;
+			size_t tsvlen = 0;
+
+			char* tsv = ConvertWCharNToUtf8Alloc(
+			    redirection->TsvUrl, redirection->TsvUrlLength / sizeof(WCHAR), &tsvlen);
+			if (!tsv || !lb)
+				valid = FALSE;
+			else if (tsvlen != lblen)
+				valid = FALSE;
+			else if (memcmp(tsv, lb, lblen) != 0)
+				valid = FALSE;
+
+			if (!valid)
+			{
+				WLog_ERR(TAG,
+				         "[redirection] Expected TsvUrl '%s' [%" PRIuz "], but got '%s' [%" PRIuz
+				         "]",
+				         lb, lblen, tsv, tsvlen);
+			}
+			free(tsv);
+
+			if (!valid)
+				return -2;
+		}
 	}

 	if (settings->RedirectionFlags & LB_SERVER_TSV_CAPABLE)
@ -555,6 +566,24 @@ int rdp_redirection_apply_settings(rdpRdp* rdp)
 		// TODO
 	}

+	if (settings->RedirectionFlags & LB_LOAD_BALANCE_INFO)
+	{
+		/* LoadBalanceInfo may not contain a null terminator */
+		if (!freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo,
+		                                      redirection->LoadBalanceInfo,
+		                                      redirection->LoadBalanceInfoLength))
+			return -1;
+	}
+	else
+	{
+		/**
+		 * Free previous LoadBalanceInfo, if any, otherwise it may end up
+		 * being reused for the redirected session, which is not what we want.
+		 */
+		if (!freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo, NULL, 0))
+			return -1;
+	}
+
 	if (settings->RedirectionFlags & LB_PASSWORD_IS_PK_ENCRYPTED)
 	{
 		// TODO