mirror of https://github.com/neutrinolabs/xrdp
libxrdp: fastpath, add stream check (all stack)
This commit is contained in:
parent
d610101521
commit
44d831f05e
|
@ -57,24 +57,37 @@ int APP_CC
|
|||
xrdp_fastpath_recv(struct xrdp_fastpath *self, struct stream *s)
|
||||
{
|
||||
int fp_hdr;
|
||||
int len = 0;
|
||||
int len = 0; /* unused */
|
||||
int byte;
|
||||
DEBUG((" in xrdp_fastpath_recv"));
|
||||
|
||||
if (!s_check_rem(s, 2))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8(s, fp_hdr); /* fpInputHeader (1 byte) */
|
||||
in_uint8(s, byte); /* length 1 (1 byte) */
|
||||
|
||||
self->numEvents = (fp_hdr & 0x3C) >> 2;
|
||||
self->secFlags = (fp_hdr & 0xC0) >> 6;
|
||||
|
||||
in_uint8(s, byte); /* length 1 (1 byte) */
|
||||
|
||||
if (byte & 0x80)
|
||||
{
|
||||
byte &= ~(0x80);
|
||||
len = (byte << 8);
|
||||
|
||||
if (!s_check_rem(s, 1))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8(s, byte); /* length 2 (1 byte) */
|
||||
|
||||
len += byte;
|
||||
}
|
||||
else
|
||||
{
|
||||
len = byte;
|
||||
}
|
||||
|
||||
DEBUG((" out xrdp_fastpath_recv"));
|
||||
|
||||
|
@ -243,8 +256,11 @@ xrdp_fastpath_process_EVENT_SCANCODE(struct xrdp_fastpath *self, int eventFlags,
|
|||
int code;
|
||||
flags = 0;
|
||||
|
||||
if (!s_check_rem(s, 1))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8(s, code); /* keyCode (1 byte) */
|
||||
//g_writeln("scan code detected: %d", code);
|
||||
|
||||
if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_RELEASE))
|
||||
flags |= KBD_FLAG_UP;
|
||||
|
@ -276,6 +292,10 @@ xrdp_fastpath_process_EVENT_MOUSE(struct xrdp_fastpath *self, int eventFlags, st
|
|||
int xPos;
|
||||
int yPos;
|
||||
|
||||
if (!s_check_rem(s, 2 + 2 + 2))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint16_le(s, pointerFlags); /* pointerFlags (2 bytes) */
|
||||
in_uint16_le(s, xPos); /* xPos (2 bytes) */
|
||||
in_uint16_le(s, yPos); /* yPos (2 bytes) */
|
||||
|
@ -302,6 +322,10 @@ xrdp_fastpath_process_EVENT_MOUSEX(struct xrdp_fastpath *self, int eventFlags, s
|
|||
int xPos;
|
||||
int yPos;
|
||||
|
||||
if (!s_check_rem(s, 2 + 2 + 2))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint16_le(s, pointerFlags); /* pointerFlags (2 bytes) */
|
||||
in_uint16_le(s, xPos); /* xPos (2 bytes) */
|
||||
in_uint16_le(s, yPos); /* yPos (2 bytes) */
|
||||
|
@ -347,6 +371,10 @@ xrdp_fastpath_process_EVENT_SYNC(struct xrdp_fastpath *self, int eventCode, int
|
|||
int APP_CC
|
||||
xrdp_fastpath_process_EVENT_UNICODE(struct xrdp_fastpath *self, int eventFlags, struct stream *s)
|
||||
{
|
||||
if (!s_check_rem(s, 2))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8s(s, 2);
|
||||
return 0;
|
||||
}
|
||||
|
@ -362,13 +390,17 @@ xrdp_fastpath_process_input_event(struct xrdp_fastpath *self, struct stream *s)
|
|||
|
||||
// process fastpath input events
|
||||
for (i = 0 ; i < self->numEvents ; i++) {
|
||||
if (!s_check_rem(s, 1))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8(s, eventHeader);
|
||||
|
||||
eventFlags = (eventHeader & 0x1F);
|
||||
eventCode = (eventHeader >> 5);
|
||||
|
||||
// g_writeln("eventCode= %d, eventFlags= %d, numEvents= %d",
|
||||
// eventCode, eventFlags, self->sec_layer->fastpath_layer->numEvents);
|
||||
//DEBUG(("xrdp_fastpath_process_input_event: eventCode= %d, eventFlags= %d, numEvents= %d",
|
||||
// eventCode, eventFlags, self->sec_layer->fastpath_layer->numEvents));
|
||||
|
||||
switch (eventCode)
|
||||
{
|
||||
|
@ -402,10 +434,9 @@ xrdp_fastpath_process_input_event(struct xrdp_fastpath *self, struct stream *s)
|
|||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
break;
|
||||
default:
|
||||
g_writeln("xrdp_rdp_process_fastpath_data_input: unknown eventCode %d", eventCode);
|
||||
g_writeln("xrdp_fastpath_process_input_event: unknown eventCode %d", eventCode);
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -961,9 +961,17 @@ xrdp_sec_recv_fastpath(struct xrdp_sec *self, struct stream *s)
|
|||
|
||||
if (self->crypt_level == CRYPT_LEVEL_FIPS)
|
||||
{
|
||||
if (!s_check_rem(s, 4))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8s(s, 4); /* fipsInformation (4 bytes) */
|
||||
}
|
||||
|
||||
if (!s_check_rem(s, 8))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8s(s, 8); /* dataSignature (8 bytes), skip for now */
|
||||
|
||||
if (self->fastpath_layer->secFlags & FASTPATH_INPUT_ENCRYPTED)
|
||||
|
@ -976,6 +984,10 @@ xrdp_sec_recv_fastpath(struct xrdp_sec *self, struct stream *s)
|
|||
* If numberEvents is not provided in fpInputHeader, it will be provided
|
||||
* as one additional byte here.
|
||||
*/
|
||||
if (!s_check_rem(s, 8))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
in_uint8(s, self->fastpath_layer->numEvents); /* numEvents (1 byte) (optional) */
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue