jh163888/xrdp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1662 from aquesnel/fix_chunk_assembly

Browse Source 
Adding checks to prevent buffer overruns during data chunk re-assembly
This commit is contained in:
metalefty 2020-09-01 08:37:11 +09:00 committed by GitHub
commit 8822771169
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libxrdp/xrdp_channel.c
View File

@ -463,6 +463,10 @@ xrdp_channel_process_drdynvc(struct xrdp_channel *self,
{
case 0:
length = (int) (s->end - s->p);
if (!s_check_rem_out(self->s, length))
{
return 1;
}
out_uint8a(self->s, s->p, length);
in_uint8s(s, length);
return 0;
@ -471,11 +475,19 @@ xrdp_channel_process_drdynvc(struct xrdp_channel *self,
make_stream(self->s);
init_stream(self->s, total_length);
length = (int) (s->end - s->p);
if (!s_check_rem_out(self->s, length))
{
return 1;
}
out_uint8a(self->s, s->p, length);
in_uint8s(s, length);
return 0;
case 2:
length = (int) (s->end - s->p);
if (!s_check_rem_out(self->s, length))
{
return 1;
}
out_uint8a(self->s, s->p, length);
in_uint8s(s, length);
ls = self->s;