mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #401 from pjd/fixes

Browse Source 
Better length checking and Windows XP fix.
This commit is contained in:
Marc-André Moreau 2012-02-06 13:42:47 -08:00
commit e3d6e8782e
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libfreerdp-core/activation.c
View File

@ -277,9 +277,16 @@ boolean rdp_recv_deactivate_all(rdpRdp* rdp, STREAM* s)
{ {
uint16 lengthSourceDescriptor; uint16 lengthSourceDescriptor;
stream_read_uint32(s, rdp->settings->share_id); /* shareId (4 bytes) */ /*
stream_read_uint16(s, lengthSourceDescriptor); /* lengthSourceDescriptor (2 bytes) */ * Windows XP can send short DEACTIVATE_ALL PDU that doesn't contain
stream_seek(s, lengthSourceDescriptor); /* sourceDescriptor (should be 0x00) */ * the following fields.
*/
if (stream_get_left(s) > 0)
{
stream_read_uint32(s, rdp->settings->share_id); /* shareId (4 bytes) */
stream_read_uint16(s, lengthSourceDescriptor); /* lengthSourceDescriptor (2 bytes) */
stream_seek(s, lengthSourceDescriptor); /* sourceDescriptor (should be 0x00) */
}
rdp->state = CONNECTION_STATE_CAPABILITY; rdp->state = CONNECTION_STATE_CAPABILITY;

14
libfreerdp-core/rdp.c
View File

@ -93,12 +93,17 @@ boolean rdp_read_share_control_header(STREAM* s, uint16* length, uint16* type, u
{ {
/* Share Control Header */ /* Share Control Header */
stream_read_uint16(s, *length); /* totalLength */ stream_read_uint16(s, *length); /* totalLength */
if (*length - 2 > stream_get_left(s))
return false;
stream_read_uint16(s, *type); /* pduType */ stream_read_uint16(s, *type); /* pduType */
stream_read_uint16(s, *channel_id); /* pduSource */
*type &= 0x0F; /* type is in the 4 least significant bits */ *type &= 0x0F; /* type is in the 4 least significant bits */
if (*length - 6 > stream_get_left(s)) if (*length > 4)
return false; stream_read_uint16(s, *channel_id); /* pduSource */
else /* Windows XP can send such short DEACTIVATE_ALL PDUs. */
*channel_id = 0;
return true; return true;
} }
@ -229,6 +234,9 @@ boolean rdp_read_header(rdpRdp* rdp, STREAM* s, uint16* length, uint16* channel_
MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication; MCSPDU = (rdp->settings->server_mode) ? DomainMCSPDU_SendDataRequest : DomainMCSPDU_SendDataIndication;
mcs_read_domain_mcspdu_header(s, &MCSPDU, length); mcs_read_domain_mcspdu_header(s, &MCSPDU, length);
if (*length - 8 > stream_get_left(s))
return false;
per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */ per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
per_read_integer16(s, channel_id, 0); /* channelId */ per_read_integer16(s, channel_id, 0); /* channelId */
stream_seek(s, 1); /* dataPriority + Segmentation (0x70) */ stream_seek(s, 1); /* dataPriority + Segmentation (0x70) */