[core,redirection] free redirection::TargetNetAddresses

during some testcases the packet can be received on already allocated
TargetNetAddresses. So clean up the field before reusing it.
This commit is contained in:
Armin Novak 2024-04-25 09:43:50 +02:00 committed by akallabeth
parent c909253b11
commit e37acf08b5

View File

@ -819,7 +819,8 @@ static state_run_t rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
/* sanity check: the whole packet has a length limit of UINT16_MAX /* sanity check: the whole packet has a length limit of UINT16_MAX
* each TargetNetAddress is a WCHAR string, so minimum length 2 bytes * each TargetNetAddress is a WCHAR string, so minimum length 2 bytes
*/ */
if (TargetNetAddressesCount * sizeof(WCHAR) > Stream_GetRemainingLength(s)) const size_t size = TargetNetAddressesCount * sizeof(WCHAR);
if ((size > Stream_GetRemainingLength(s)) || (size > targetNetAddressesLength))
{ {
WLog_ERR(TAG, WLog_ERR(TAG,
"Invalid RDP_SERVER_REDIRECTION_PACKET::TargetNetAddressLength %" PRIuz "Invalid RDP_SERVER_REDIRECTION_PACKET::TargetNetAddressLength %" PRIuz
@ -828,7 +829,8 @@ static state_run_t rdp_recv_server_redirection_pdu(rdpRdp* rdp, wStream* s)
return STATE_RUN_FAILED; return STATE_RUN_FAILED;
} }
redirection->TargetNetAddresses = NULL; redirection_free_array(&redirection->TargetNetAddresses,
&redirection->TargetNetAddressesCount);
if (TargetNetAddressesCount > 0) if (TargetNetAddressesCount > 0)
{ {
redirection->TargetNetAddresses = redirection->TargetNetAddresses =