mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added some validation to xmalloc calls

Browse Source
This commit is contained in:
Julien Ropé 2012-05-07 18:35:49 +02:00
parent de3a6b6070
commit dd16629644
2 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
libfreerdp-core/rpc.c
View File

@ -128,7 +128,7 @@ boolean ntlm_authenticate(rdpNtlm* ntlm)
if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
{
printf("QueryContextAttributes SECPKG_ATTR_SIZES failure\n");
return 0;
return false ;
}
if (status == SEC_I_COMPLETE_NEEDED)
@ -491,6 +491,8 @@ int rpc_recv_bind_ack_pdu(rdpRpc* rpc)
int pdu_length = 0x8FFF;
pdu = xmalloc(pdu_length);
if (pdu == NULL)
return -1 ;
status = rpc_out_read(rpc, pdu, pdu_length);
if (status > 0)
@ -502,6 +504,11 @@ int rpc_recv_bind_ack_pdu(rdpRpc* rpc)
stream_free(s);
auth_data = xmalloc(header.auth_length);
if (auth_data == NULL)
{
xfree(pdu) ;
return -1 ;
}
p = (pdu + (header.frag_length - header.auth_length));
memcpy(auth_data, p, header.auth_length);
@ -581,6 +588,11 @@ int rpc_out_read(rdpRpc* rpc, uint8* data, int length)
rts_send_flow_control_ack_pdu(rpc); /* Send FlowControlAck every time AvailableWindow reaches the half */
pdu = xmalloc(0xFFFF);
if (pdu == NULL)
{
printf("rpc_out_read error: memory allocation failed") ;
return -1 ;
}
status = tls_read(rpc->tls_out, pdu, 16); /* read first 16 bytes to get RPC PDU Header */
@ -610,6 +622,7 @@ int rpc_out_read(rdpRpc* rpc, uint8* data, int length)
if (header.ptype == PTYPE_RTS) /* RTS PDU */
{
printf("rpc_out_read error: Unexpected RTS PDU\n");
xfree(pdu);
return -1;
}
else
@ -622,6 +635,7 @@ int rpc_out_read(rdpRpc* rpc, uint8* data, int length)
if (length < header.frag_length)
{
printf("rpc_out_read error! receive buffer is not large enough\n");
xfree(pdu);
return -1;
}
@ -634,7 +648,6 @@ int rpc_out_read(rdpRpc* rpc, uint8* data, int length)
#endif
xfree(pdu);
return header.frag_length;
}
@ -758,11 +771,18 @@ int rpc_read(rdpRpc* rpc, uint8* data, int length)
int rpc_length = length + 0xFF;
uint8* rpc_data = xmalloc(rpc_length);
if (rpc_data == NULL)
{
printf("rpc_read error: memory allocation failed\n") ;
return -1 ;
}
if (rpc->read_buffer_len > 0)
{
if (rpc->read_buffer_len > (uint32) length)
{
printf("rpc_read error: receiving buffer is not large enough\n");
xfree(rpc_data) ;
return -1;
}
@ -824,7 +844,6 @@ int rpc_read(rdpRpc* rpc, uint8* data, int length)
}
xfree(rpc_data);
return read;
}
@ -845,7 +864,7 @@ boolean rpc_connect(rdpRpc* rpc)
return false;
}
if (!rpc_recv_bind_ack_pdu(rpc))
if (rpc_recv_bind_ack_pdu(rpc) <= 0)
{
printf("rpc_recv_bind_ack_pdu error!\n");
return false;

12
libfreerdp-core/tsg.c
View File

@ -1730,11 +1730,17 @@ boolean tsg_connect(rdpTsg* tsg, const char* hostname, uint16 port)
length = 0x8FFF;
data = xmalloc(length);
if (data == NULL)
{
printf("rpc_recv - memory allocation error\n") ;
return false ;
}
status = rpc_read(rpc, data, length);
if (status <= 0)
{
printf("rpc_recv failed!\n");
xfree(data) ;
return false;
}
@ -1765,6 +1771,7 @@ boolean tsg_connect(rdpTsg* tsg, const char* hostname, uint16 port)
if (status <= 0)
{
printf("rpc_write opnum=2 failed!\n");
xfree(data) ;
return false;
}
@ -1773,6 +1780,7 @@ boolean tsg_connect(rdpTsg* tsg, const char* hostname, uint16 port)
if (status <= 0)
{
printf("rpc_recv failed!\n");
xfree(data) ;
return false;
}
@ -1831,6 +1839,7 @@ boolean tsg_connect(rdpTsg* tsg, const char* hostname, uint16 port)
if (status <= 0)
{
printf("rpc_write opnum=4 failed!\n");
xfree(data) ;
return false;
}
xfree(dest_addr_unic);
@ -1840,6 +1849,7 @@ boolean tsg_connect(rdpTsg* tsg, const char* hostname, uint16 port)
if (status < 0)
{
printf("rpc_recv failed!\n");
xfree(data) ;
return false;
}
@ -1867,9 +1877,11 @@ boolean tsg_connect(rdpTsg* tsg, const char* hostname, uint16 port)
if (status <= 0)
{
printf("rpc_write opnum=8 failed!\n");
xfree(data) ;
return false;
}
xfree(data) ;
return true;
}
#else