From d847993a0c3fb26147a3d652a97336a5656b5343 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 28 Jan 2016 12:25:44 +0100 Subject: [PATCH] Using Stream_ReminingLength for read checks. --- channels/rdpdr/client/irp.c | 2 +- channels/rdpdr/client/rdpdr_capabilities.c | 24 +++++++++++----------- channels/rdpdr/client/rdpdr_main.c | 10 ++++----- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/channels/rdpdr/client/irp.c b/channels/rdpdr/client/irp.c index 899b89a9f..d98870d9d 100644 --- a/channels/rdpdr/client/irp.c +++ b/channels/rdpdr/client/irp.c @@ -83,7 +83,7 @@ IRP* irp_new(DEVMAN* devman, wStream* s, UINT* error) DEVICE* device; UINT32 DeviceId; - if (!Stream_EnsureRemainingCapacity(s, 20)) + if (Stream_GetRemainingLength(s) < 20) { if (error) *error = CHANNEL_RC_NO_BUFFER; diff --git a/channels/rdpdr/client/rdpdr_capabilities.c b/channels/rdpdr/client/rdpdr_capabilities.c index 4a64f98b6..4dba231e2 100644 --- a/channels/rdpdr/client/rdpdr_capabilities.c +++ b/channels/rdpdr/client/rdpdr_capabilities.c @@ -65,12 +65,12 @@ static UINT rdpdr_process_general_capset(rdpdrPlugin* rdpdr, wStream* s) { UINT16 capabilityLength; - if (!Stream_EnsureRemainingCapacity(s, 2)) + if (Stream_GetRemainingLength(s) < 2) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, capabilityLength); - if (!Stream_EnsureRemainingCapacity(s, capabilityLength - 4)) + if (Stream_GetRemainingLength(s) < capabilityLength - 4) return CHANNEL_RC_NO_BUFFER; Stream_Seek(s, capabilityLength - 4); @@ -89,12 +89,12 @@ static UINT rdpdr_process_printer_capset(rdpdrPlugin* rdpdr, wStream* s) { UINT16 capabilityLength; - if (!Stream_EnsureRemainingCapacity(s, 2)) + if (Stream_GetRemainingLength(s) < 2) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, capabilityLength); - if (!Stream_EnsureRemainingCapacity(s, capabilityLength - 4)) + if (Stream_GetRemainingLength(s) < capabilityLength - 4) return CHANNEL_RC_NO_BUFFER; Stream_Seek(s, capabilityLength - 4); @@ -113,12 +113,12 @@ static UINT rdpdr_process_port_capset(rdpdrPlugin* rdpdr, wStream* s) { UINT16 capabilityLength; - if (!Stream_EnsureRemainingCapacity(s, 2)) + if (Stream_GetRemainingLength(s) < 2) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, capabilityLength); - if (!Stream_EnsureRemainingCapacity(s, capabilityLength - 4)) + if (Stream_GetRemainingLength(s) < capabilityLength - 4) return CHANNEL_RC_NO_BUFFER; Stream_Seek(s, capabilityLength - 4); @@ -137,12 +137,12 @@ static UINT rdpdr_process_drive_capset(rdpdrPlugin* rdpdr, wStream* s) { UINT16 capabilityLength; - if (!Stream_EnsureRemainingCapacity(s, 2)) + if (Stream_GetRemainingLength(s) < 2) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, capabilityLength); - if (!Stream_EnsureRemainingCapacity(s, capabilityLength - 4)) + if (Stream_GetRemainingLength(s) < capabilityLength - 4) return CHANNEL_RC_NO_BUFFER; Stream_Seek(s, capabilityLength - 4); @@ -161,12 +161,12 @@ static UINT rdpdr_process_smartcard_capset(rdpdrPlugin* rdpdr, wStream* s) { UINT16 capabilityLength; - if (!Stream_EnsureRemainingCapacity(s, 2)) + if (Stream_GetRemainingLength(s) < 2) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, capabilityLength); - if (!Stream_EnsureRemainingCapacity(s, capabilityLength - 4)) + if (Stream_GetRemainingLength(s) < capabilityLength - 4) return CHANNEL_RC_NO_BUFFER; Stream_Seek(s, capabilityLength - 4); @@ -184,13 +184,13 @@ UINT rdpdr_process_capability_request(rdpdrPlugin* rdpdr, wStream* s) if (!rdpdr || !s) return CHANNEL_RC_NULL_DATA; - if (!Stream_EnsureRemainingCapacity(s, 4)) + if (Stream_GetRemainingLength(s) < 4) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, numCapabilities); Stream_Seek(s, 2); /* pad (2 bytes) */ - if (!Stream_EnsureRemainingCapacity(s, sizeof(UINT16) * numCapabilities)) + if (Stream_GetRemainingLength(s) < sizeof(UINT16) * numCapabilities) return CHANNEL_RC_NO_BUFFER; for (i = 0; i < numCapabilities; i++) diff --git a/channels/rdpdr/client/rdpdr_main.c b/channels/rdpdr/client/rdpdr_main.c index 3378f92bc..62da00b51 100644 --- a/channels/rdpdr/client/rdpdr_main.c +++ b/channels/rdpdr/client/rdpdr_main.c @@ -664,7 +664,7 @@ static UINT rdpdr_process_connect(rdpdrPlugin* rdpdr) static UINT rdpdr_process_server_announce_request(rdpdrPlugin* rdpdr, wStream* s) { - if (!Stream_EnsureRemainingCapacity(s, 8)) + if (Stream_GetRemainingLength(s) < 8) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, rdpdr->versionMajor); @@ -745,7 +745,7 @@ static UINT rdpdr_process_server_clientid_confirm(rdpdrPlugin* rdpdr, wStream* s UINT16 versionMinor; UINT32 clientID; - if (!Stream_EnsureRemainingCapacity(s, 8)) + if (Stream_GetRemainingLength(s) < 8) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, versionMajor); @@ -933,7 +933,7 @@ static UINT rdpdr_process_receive(rdpdrPlugin* rdpdr, wStream* s) if (!rdpdr || !s) return CHANNEL_RC_NULL_DATA; - if (!Stream_EnsureRemainingCapacity(s, 4)) + if (Stream_GetRemainingLength(s) < 4) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT16(s, component); /* Component (2 bytes) */ @@ -994,7 +994,7 @@ static UINT rdpdr_process_receive(rdpdrPlugin* rdpdr, wStream* s) case PAKID_CORE_DEVICE_REPLY: /* connect to a specific resource */ - if (Stream_EnsureRemainingCapacity(s, 8)) + if (Stream_GetRemainingLength(s) < 8) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT32(s, deviceId); @@ -1024,7 +1024,7 @@ static UINT rdpdr_process_receive(rdpdrPlugin* rdpdr, wStream* s) case PAKID_PRN_CACHE_DATA: { UINT32 eventID; - if (Stream_EnsureRemainingCapacity(s, 4)) + if (Stream_GetRemainingLength(s) < 4) return CHANNEL_RC_NO_BUFFER; Stream_Read_UINT32(s, eventID);