mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

channels/cliprdr: fix CLIPRDR_FILECONTENTS_RESPONSE

Browse Source 
Do not try to 'helpfully' fixup the length of the data provided by the
client when FILECONTENTS_SIZE is present. This can lead to a crash if
the client wants to report an error in msgFlags, sets cbRequested to
zero, and does not provide any data in requestedData. For example,
XFreeRDP does this in xf_cliprdr_send_file_contents_failure() and
xf_cliprdr_clipboard_file_size_failure().
This commit is contained in:
ilammy 2017-04-09 02:29:51 +03:00
parent ef4421fc77
commit f643a95820
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
channels/cliprdr/client/cliprdr_main.c
View File

@ -930,9 +930,6 @@ static UINT cliprdr_client_file_contents_response(CliprdrClientContext* context,
wStream* s;
cliprdrPlugin* cliprdr = (cliprdrPlugin*) context->handle;
if (fileContentsResponse->dwFlags & FILECONTENTS_SIZE)
fileContentsResponse->cbRequested = sizeof(UINT64);
s = cliprdr_packet_new(CB_FILECONTENTS_RESPONSE, fileContentsResponse->msgFlags,
4 + fileContentsResponse->cbRequested);