mirrors
/
xrdp
mirror of https://github.com/neutrinolabs/xrdp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

VUL: make sure cache entries are in range

This commit is contained in:
Jay Sorg 2013-09-10 16:18:21 -07:00
parent 06d92b787a
commit f75b9143e2
5 changed files with 43 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/xrdp_constants.h
View File

@ -559,4 +559,7 @@
#define CMDTYPE_FRAME_MARKER 0x0004
#define CMDTYPE_STREAM_SURFACE_BITS 0x0006
#define XRDP_MAX_BITMAP_CACHE_ID 3
#define XRDP_MAX_BITMAP_CACHE_IDX 2000
#endif

29
libxrdp/xrdp_rdp.c
View File

@ -915,13 +915,27 @@ static int APP_CC
xrdp_process_capset_bmpcache(struct xrdp_rdp *self, struct stream *s,
int len)
{
int i;
self->client_info.bitmap_cache_version |= 1;
in_uint8s(s, 24);
in_uint16_le(s, self->client_info.cache1_entries);
/* cache 1 */
in_uint16_le(s, i);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache1_entries = i;
in_uint16_le(s, self->client_info.cache1_size);
in_uint16_le(s, self->client_info.cache2_entries);
/* cache 2 */
in_uint16_le(s, i);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache2_entries = i;
in_uint16_le(s, self->client_info.cache2_size);
in_uint16_le(s, self->client_info.cache3_entries);
/* caceh 3 */
in_uint16_le(s, i);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache3_entries = i;
in_uint16_le(s, self->client_info.cache3_size);
DEBUG(("cache1 entries %d size %d", self->client_info.cache1_entries,
self->client_info.cache1_size));
@ -947,16 +961,19 @@ xrdp_process_capset_bmpcache2(struct xrdp_rdp *self, struct stream *s,
self->client_info.bitmap_cache_persist_enable = i;
in_uint8s(s, 2); /* number of caches in set, 3 */
in_uint32_le(s, i);
i = MIN(i, 2000);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache1_entries = i;
self->client_info.cache1_size = 256 * Bpp;
in_uint32_le(s, i);
i = MIN(i, 2000);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache2_entries = i;
self->client_info.cache2_size = 1024 * Bpp;
in_uint32_le(s, i);
i = i & 0x7fffffff;
i = MIN(i, 2000);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache3_entries = i;
self->client_info.cache3_size = 4096 * Bpp;
DEBUG(("cache1 entries %d size %d", self->client_info.cache1_entries,

2
xrdp/xrdp.h
View File

@ -27,8 +27,8 @@
#include "trans.h"
#include "list.h"
#include "libxrdpinc.h"
#include "xrdp_types.h"
#include "xrdp_constants.h"
#include "xrdp_types.h"
#include "defines.h"
#include "os_calls.h"
#include "ssl_calls.h"

17
xrdp/xrdp_cache.c
View File

@ -33,16 +33,27 @@ xrdp_cache_create(struct xrdp_wm *owner,
self->wm = owner;
self->session = session;
self->use_bitmap_comp = client_info->use_bitmap_comp;
self->cache1_entries = client_info->cache1_entries;
self->cache1_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
client_info->cache1_entries);
self->cache1_entries = MAX(self->cache1_entries, 0);
self->cache1_size = client_info->cache1_size;
self->cache2_entries = client_info->cache2_entries;
self->cache2_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
client_info->cache2_entries);
self->cache2_entries = MAX(self->cache2_entries, 0);
self->cache2_size = client_info->cache2_size;
self->cache3_entries = client_info->cache3_entries;
self->cache3_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
client_info->cache3_entries);
self->cache3_entries = MAX(self->cache3_entries, 0);
self->cache3_size = client_info->cache3_size;
self->bitmap_cache_persist_enable = client_info->bitmap_cache_persist_enable;
self->bitmap_cache_version = client_info->bitmap_cache_version;
self->pointer_cache_entries = client_info->pointer_cache_entries;
self->xrdp_os_del_list = list_create();
return self;
}

3
xrdp/xrdp_types.h
View File

@ -195,7 +195,8 @@ struct xrdp_cache
struct xrdp_palette_item palette_items[6];
/* bitmap */
int bitmap_stamp;
struct xrdp_bitmap_item bitmap_items[3][2000];
struct xrdp_bitmap_item bitmap_items[XRDP_MAX_BITMAP_CACHE_ID]
[XRDP_MAX_BITMAP_CACHE_IDX];
int use_bitmap_comp;
int cache1_entries;
int cache1_size;