Fixed return of tpkt_verify_header

Allow detection of an error (e.g. not enough data in stream)
This commit is contained in:
akallabeth 2022-10-21 09:19:29 +02:00 committed by David Fort
parent 92b40a1c1d
commit d15e80e266
5 changed files with 20 additions and 11 deletions

View File

@ -960,8 +960,10 @@ BOOL nego_send_negotiation_request(rdpNego* nego)
em = Stream_GetPosition(s);
Stream_SetPosition(s, bm);
tpkt_write_header(s, (UINT16)length);
tpdu_write_connection_request(s, (UINT16)length - 5);
if (!tpkt_write_header(s, (UINT16)length))
goto fail;
if (!tpdu_write_connection_request(s, (UINT16)length - 5))
goto fail;
Stream_SetPosition(s, em);
Stream_SealLength(s);
rc = (transport_write(nego->transport, s) >= 0);

View File

@ -550,10 +550,13 @@ static int peer_recv_fastpath_pdu(freerdp_peer* client, wStream* s)
static int peer_recv_pdu(freerdp_peer* client, wStream* s)
{
if (tpkt_verify_header(s))
int rc = tpkt_verify_header(s);
if (rc > 0)
return peer_recv_tpkt_pdu(client, s);
else
else if (rc == 0)
return peer_recv_fastpath_pdu(client, s);
else
return rc;
}
static int peer_recv_callback_internal(rdpTransport* transport, wStream* s, void* extra)

View File

@ -1592,10 +1592,13 @@ static int rdp_recv_fastpath_pdu(rdpRdp* rdp, wStream* s)
static int rdp_recv_pdu(rdpRdp* rdp, wStream* s)
{
if (tpkt_verify_header(s))
const int rc = tpkt_verify_header(s);
if (rc > 0)
return rdp_recv_tpkt_pdu(rdp, s);
else
else if (rc == 0)
return rdp_recv_fastpath_pdu(rdp, s);
else
return rc;
}
int rdp_recv_callback(rdpTransport* transport, wStream* s, void* extra)

View File

@ -65,18 +65,19 @@
* @return BOOL
*/
BOOL tpkt_verify_header(wStream* s)
int tpkt_verify_header(wStream* s)
{
BYTE version;
WINPR_ASSERT(s);
if (!Stream_CheckAndLogRequiredLength(TAG, s, 1))
return -1;
Stream_Peek_UINT8(s, version);
if (version == 3)
return TRUE;
return 1;
else
return FALSE;
return 0;
}
/**

View File

@ -28,7 +28,7 @@
#define TPKT_HEADER_LENGTH 4
FREERDP_LOCAL BOOL tpkt_verify_header(wStream* s);
FREERDP_LOCAL int tpkt_verify_header(wStream* s);
FREERDP_LOCAL BOOL tpkt_read_header(wStream* s, UINT16* length);
FREERDP_LOCAL BOOL tpkt_write_header(wStream* s, UINT16 length);
#define tpkt_ensure_stream_consumed(s, length) \