mirrors
/
xrdp
mirror of https://github.com/neutrinolabs/xrdp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CVE-2022-23481 

Add length checks to client confirm active PDU parsing
This commit is contained in:
matt335672 2022-12-07 10:40:25 +00:00
parent b5b047458e
commit bc6b052959
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libxrdp/xrdp_caps.c
View File

@ -680,13 +680,27 @@ xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
int len;
char *p;
if (!s_check_rem_and_log(s, 10,
"Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
" - header"))
{
return 1;
}
in_uint8s(s, 4); /* rdp_shareid */
in_uint8s(s, 2); /* userid */
in_uint16_le(s, source_len); /* sizeof RDP_SOURCE */
in_uint16_le(s, cap_len);
if (!s_check_rem_and_log(s, source_len + 2 + 2,
"Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
" - header2"))
{
return 1;
}
in_uint8s(s, source_len);
in_uint16_le(s, num_caps);
in_uint8s(s, 2); /* pad */
LOG_DEVEL(LOG_LEVEL_TRACE, "Received [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU "
"shareID (ignored), originatorID (ignored), lengthSourceDescriptor %d, "
"lengthCombinedCapabilities %d, sourceDescriptor (ignored), "