From 384425f79f39a257936f7e16fdcf337263d7bc8c Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Thu, 5 Sep 2013 14:37:50 -0700
Subject: [PATCH] VUL: fix some possible buffer overruns

---
 libxrdp/xrdp_mcs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c
index 06a38418..9839cb06 100644
--- a/libxrdp/xrdp_mcs.c
+++ b/libxrdp/xrdp_mcs.c
@@ -324,6 +324,11 @@ xrdp_mcs_recv_connect_initial(struct xrdp_mcs* self)
     free_stream(s);
     return 1;
   }
+  if (!s_check_rem(s, len))
+  {
+    free_stream(s);
+    return 1;
+  }
   /* make a copy of client mcs data */
   init_stream(self->client_mcs_data, len);
   out_uint8a(self->client_mcs_data, s->p, len);