Fixed #6006: bounds checks in update_read_synchronize

This commit is contained in:
akallabeth 2020-03-31 09:21:43 +02:00
parent f5e73cc7c9
commit ed53cd148f

View File

@ -287,10 +287,10 @@ fail:
return NULL;
}
static void update_read_synchronize(rdpUpdate* update, wStream* s)
static BOOL update_read_synchronize(rdpUpdate* update, wStream* s)
{
WINPR_UNUSED(update);
Stream_Seek_UINT16(s); /* pad2Octets (2 bytes) */
return Stream_SafeSeek(s, 2); /* pad2Octets (2 bytes) */
/**
* The Synchronize Update is an artifact from the
* T.128 protocol and should be ignored.
@ -807,7 +807,8 @@ BOOL update_recv(rdpUpdate* update, wStream* s)
break;
case UPDATE_TYPE_SYNCHRONIZE:
update_read_synchronize(update, s);
if (!update_read_synchronize(update, s))
goto fail;
rc = IFCALLRESULT(TRUE, update->Synchronize, context);
break;