From 135a380d7fd3bfc176f73c3732b18dd2e2a81eca Mon Sep 17 00:00:00 2001 From: Aaron Small Date: Sun, 4 Mar 2012 16:59:15 -0500 Subject: [PATCH 1/2] When a server sends an update where the bitmap data is insufficient to cover the area the server indicates in width and height, discard the update instead of crashing. --- client/X11/xf_gdi.c | 52 +++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/client/X11/xf_gdi.c b/client/X11/xf_gdi.c index 2438db317..bf1395166 100644 --- a/client/X11/xf_gdi.c +++ b/client/X11/xf_gdi.c @@ -966,31 +966,37 @@ void xf_gdi_surface_bits(rdpContext* context, SURFACE_BITS_COMMAND* surface_bits XSetFunction(xfi->display, xfi->gc, GXcopy); XSetFillStyle(xfi->display, xfi->gc, FillSolid); - xfi->bmp_codec_none = (uint8*) xrealloc(xfi->bmp_codec_none, - surface_bits_command->width * surface_bits_command->height * 4); - - freerdp_image_flip(surface_bits_command->bitmapData, xfi->bmp_codec_none, - surface_bits_command->width, surface_bits_command->height, 32); - - image = XCreateImage(xfi->display, xfi->visual, 24, ZPixmap, 0, - (char*) xfi->bmp_codec_none, surface_bits_command->width, surface_bits_command->height, 32, 0); - - XPutImage(xfi->display, xfi->primary, xfi->gc, image, 0, 0, - surface_bits_command->destLeft, surface_bits_command->destTop, - surface_bits_command->width, surface_bits_command->height); - - if (xfi->remote_app != true) + /* Validate that the data received is large enough */ + if( surface_bits_command->width * surface_bits_command->height * surface_bits_command->bpp / 8 <= surface_bits_command->bitmapDataLength ) { - XCopyArea(xfi->display, xfi->primary, xfi->window->handle, xfi->gc, - surface_bits_command->destLeft, surface_bits_command->destTop, - surface_bits_command->width, surface_bits_command->height, - surface_bits_command->destLeft, surface_bits_command->destTop); + xfi->bmp_codec_none = (uint8*) xrealloc(xfi->bmp_codec_none, + surface_bits_command->width * surface_bits_command->height * 4); + + freerdp_image_flip(surface_bits_command->bitmapData, xfi->bmp_codec_none, + surface_bits_command->width, surface_bits_command->height, 32); + + image = XCreateImage(xfi->display, xfi->visual, 24, ZPixmap, 0, + (char*) xfi->bmp_codec_none, surface_bits_command->width, surface_bits_command->height, 32, 0); + + XPutImage(xfi->display, xfi->primary, xfi->gc, image, 0, 0, + surface_bits_command->destLeft, surface_bits_command->destTop, + surface_bits_command->width, surface_bits_command->height); + + if (xfi->remote_app != true) + { + XCopyArea(xfi->display, xfi->primary, xfi->window->handle, xfi->gc, + surface_bits_command->destLeft, surface_bits_command->destTop, + surface_bits_command->width, surface_bits_command->height, + surface_bits_command->destLeft, surface_bits_command->destTop); + } + + gdi_InvalidateRegion(xfi->hdc, surface_bits_command->destLeft, surface_bits_command->destTop, + surface_bits_command->width, surface_bits_command->height); + + XSetClipMask(xfi->display, xfi->gc, None); + } else { + printf("Invalid bitmap size - data is %d bytes for %dx%d\n update", surface_bits_command->bitmapDataLength, surface_bits_command->width, surface_bits_command->height); } - - gdi_InvalidateRegion(xfi->hdc, surface_bits_command->destLeft, surface_bits_command->destTop, - surface_bits_command->width, surface_bits_command->height); - - XSetClipMask(xfi->display, xfi->gc, None); } else { From 62d6f8f024e433d6392fb17a68809e3c9a324cf4 Mon Sep 17 00:00:00 2001 From: Aaron Small Date: Sun, 4 Mar 2012 18:01:31 -0500 Subject: [PATCH 2/2] Test server requires RemoteFX, so make that explicit, instead of sending out corrupt updates to clients that do not. --- server/X11/xf_peer.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/server/X11/xf_peer.c b/server/X11/xf_peer.c index ae879499a..5a988a2fb 100644 --- a/server/X11/xf_peer.c +++ b/server/X11/xf_peer.c @@ -555,6 +555,12 @@ boolean xf_peer_post_connect(freerdp_peer* client) printf("Client requested desktop: %dx%dx%d\n", client->settings->width, client->settings->height, client->settings->color_depth); + if (!client->settings->rfx_codec) + { + printf("Client does not support RemoteFX\n"); + return 0; + } + /* A real server should tag the peer as activated here and start sending updates in mainloop. */ client->settings->width = xfi->width;