Fixed #6006: bounds checks in update_read_synchronize
This commit is contained in:
parent
f5e73cc7c9
commit
ed53cd148f
@ -287,10 +287,10 @@ fail:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void update_read_synchronize(rdpUpdate* update, wStream* s)
|
||||
static BOOL update_read_synchronize(rdpUpdate* update, wStream* s)
|
||||
{
|
||||
WINPR_UNUSED(update);
|
||||
Stream_Seek_UINT16(s); /* pad2Octets (2 bytes) */
|
||||
return Stream_SafeSeek(s, 2); /* pad2Octets (2 bytes) */
|
||||
/**
|
||||
* The Synchronize Update is an artifact from the
|
||||
* T.128 protocol and should be ignored.
|
||||
@ -807,7 +807,8 @@ BOOL update_recv(rdpUpdate* update, wStream* s)
|
||||
break;
|
||||
|
||||
case UPDATE_TYPE_SYNCHRONIZE:
|
||||
update_read_synchronize(update, s);
|
||||
if (!update_read_synchronize(update, s))
|
||||
goto fail;
|
||||
rc = IFCALLRESULT(TRUE, update->Synchronize, context);
|
||||
break;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user