Fixed tsg abort condition.
This commit is contained in:
parent
88d310ff2c
commit
dc197d4dd1
@ -229,6 +229,22 @@ struct rdp_tsg
|
||||
TSG_PACKET_VERSIONCAPS packetVersionCaps;
|
||||
};
|
||||
|
||||
static BOOL tsg_stream_align(wStream* s)
|
||||
{
|
||||
size_t pos;
|
||||
size_t offset = 0;
|
||||
|
||||
if (!s)
|
||||
return FALSE;
|
||||
|
||||
pos = Stream_GetPosition(s);
|
||||
|
||||
if ((pos % 4) != 0)
|
||||
offset = 4 - pos % 4;
|
||||
|
||||
return Stream_SafeSeek(s, offset);
|
||||
}
|
||||
|
||||
static BIO_METHOD* BIO_s_tsg(void);
|
||||
/**
|
||||
* RPC Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378623/
|
||||
@ -559,12 +575,8 @@ static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu,
|
||||
goto fail;
|
||||
|
||||
/* 4-byte alignment */
|
||||
{
|
||||
UINT32 offset = Stream_GetPosition(pdu->s);
|
||||
|
||||
if (!Stream_SafeSeek(pdu->s, rpc_offset_align(&offset, 4)))
|
||||
goto fail;
|
||||
}
|
||||
if (!tsg_stream_align(pdu->s))
|
||||
goto fail;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -600,17 +612,11 @@ static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu,
|
||||
Stream_Read_UINT16(pdu->s, versionCaps->minorVersion); /* MinorVersion (2 bytes) */
|
||||
Stream_Read_UINT16(pdu->s,
|
||||
versionCaps->quarantineCapabilities); /* QuarantineCapabilities (2 bytes) */
|
||||
|
||||
/* 4-byte alignment */
|
||||
{
|
||||
size_t loffset = Stream_GetPosition(pdu->s);
|
||||
UINT32 offset = (UINT32) loffset;
|
||||
if (!tsg_stream_align(pdu->s))
|
||||
goto fail;
|
||||
|
||||
if (loffset > UINT32_MAX)
|
||||
goto fail;
|
||||
|
||||
if (!Stream_SafeSeek(pdu->s, rpc_offset_align(&offset, 4)))
|
||||
goto fail;
|
||||
}
|
||||
tsgCaps = (PTSG_PACKET_CAPABILITIES) calloc(1, sizeof(TSG_PACKET_CAPABILITIES));
|
||||
|
||||
if (!tsgCaps)
|
||||
@ -670,14 +676,7 @@ static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu,
|
||||
|
||||
case TSG_ASYNC_MESSAGE_REAUTH:
|
||||
{
|
||||
size_t loffset = Stream_GetPosition(pdu->s);
|
||||
UINT32 offset = (UINT32)loffset;
|
||||
|
||||
if (loffset > UINT32_MAX)
|
||||
goto fail;
|
||||
|
||||
if (!Stream_SafeSeek(pdu->s, rpc_offset_align(&offset, 8) ||
|
||||
(Stream_GetRemainingLength(pdu->s) < 8)))
|
||||
if (!tsg_stream_align(pdu->s))
|
||||
goto fail;
|
||||
|
||||
Stream_Seek_UINT64(pdu->s); /* TunnelContext (8 bytes) */
|
||||
@ -689,12 +688,8 @@ static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
{
|
||||
UINT32 offset = Stream_GetPosition(pdu->s);
|
||||
|
||||
if (!Stream_SafeSeek(pdu->s, rpc_offset_align(&offset, 4)))
|
||||
goto fail;
|
||||
}
|
||||
if (!tsg_stream_align(pdu->s))
|
||||
goto fail;
|
||||
|
||||
/* TunnelContext (20 bytes) */
|
||||
if (Stream_GetRemainingLength(pdu->s) < 24)
|
||||
@ -744,12 +739,8 @@ static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu,
|
||||
goto fail;
|
||||
|
||||
/* 4-byte alignment */
|
||||
{
|
||||
UINT32 offset = Stream_GetPosition(pdu->s);
|
||||
|
||||
if (!Stream_SafeSeek(pdu->s, rpc_offset_align(&offset, 4)))
|
||||
goto fail;
|
||||
}
|
||||
if (!tsg_stream_align(pdu->s))
|
||||
goto fail;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -785,13 +776,10 @@ static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, RPC_PDU* pdu,
|
||||
Stream_Read_UINT16(pdu->s, versionCaps->majorVersion); /* MinorVersion (2 bytes) */
|
||||
Stream_Read_UINT16(pdu->s,
|
||||
versionCaps->quarantineCapabilities); /* QuarantineCapabilities (2 bytes) */
|
||||
/* 4-byte alignment */
|
||||
{
|
||||
UINT32 offset = Stream_GetPosition(pdu->s);
|
||||
|
||||
if (!Stream_SafeSeek(pdu->s, rpc_offset_align(&offset, 4)))
|
||||
goto fail;
|
||||
}
|
||||
/* 4-byte alignment */
|
||||
if (!tsg_stream_align(pdu->s))
|
||||
goto fail;
|
||||
|
||||
if (Stream_GetRemainingLength(pdu->s) < 36)
|
||||
goto fail;
|
||||
@ -847,7 +835,7 @@ static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunn
|
||||
count = _wcslen(tsg->MachineName) + 1;
|
||||
rpc = tsg->rpc;
|
||||
WLog_DBG(TAG, "TsProxyAuthorizeTunnelWriteRequest");
|
||||
s = Stream_New(NULL, 1024);
|
||||
s = Stream_New(NULL, 1024 + count * 2);
|
||||
|
||||
if (!s)
|
||||
return FALSE;
|
||||
@ -1735,10 +1723,10 @@ BOOL tsg_recv_pdu(rdpTsg* tsg, RPC_PDU* pdu)
|
||||
|
||||
BOOL tsg_check_event_handles(rdpTsg* tsg)
|
||||
{
|
||||
if (!rpc_client_in_channel_recv(tsg->rpc))
|
||||
if (rpc_client_in_channel_recv(tsg->rpc) < 0)
|
||||
return FALSE;
|
||||
|
||||
if (!rpc_client_out_channel_recv(tsg->rpc))
|
||||
if (rpc_client_out_channel_recv(tsg->rpc) < 0)
|
||||
return FALSE;
|
||||
|
||||
return TRUE;
|
||||
|
Loading…
Reference in New Issue
Block a user