VUL: make sure cache entries are in range

This commit is contained in:
Jay Sorg 2013-09-10 11:19:12 -07:00
parent 854446d432
commit de82974e53
5 changed files with 43 additions and 11 deletions

View File

@ -454,4 +454,7 @@
#define CB_ITEMCHANGE 300
#define XRDP_MAX_BITMAP_CACHE_ID 3
#define XRDP_MAX_BITMAP_CACHE_IDX 2000
#endif

View File

@ -638,12 +638,26 @@ static int APP_CC
xrdp_process_capset_bmpcache(struct xrdp_rdp* self, struct stream* s,
int len)
{
int i;
in_uint8s(s, 24);
in_uint16_le(s, self->client_info.cache1_entries);
/* cache 1 */
in_uint16_le(s, i);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache1_entries = i;
in_uint16_le(s, self->client_info.cache1_size);
in_uint16_le(s, self->client_info.cache2_entries);
/* cache 2 */
in_uint16_le(s, i);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache2_entries = i;
in_uint16_le(s, self->client_info.cache2_size);
in_uint16_le(s, self->client_info.cache3_entries);
/* caceh 3 */
in_uint16_le(s, i);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache3_entries = i;
in_uint16_le(s, self->client_info.cache3_size);
DEBUG(("cache1 entries %d size %d", self->client_info.cache1_entries,
self->client_info.cache1_size));
@ -669,16 +683,19 @@ xrdp_process_capset_bmpcache2(struct xrdp_rdp* self, struct stream* s,
self->client_info.bitmap_cache_persist_enable = i;
in_uint8s(s, 2); /* number of caches in set, 3 */
in_uint32_le(s, i);
i = MIN(i, 2000);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache1_entries = i;
self->client_info.cache1_size = 256 * Bpp;
in_uint32_le(s, i);
i = MIN(i, 2000);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache2_entries = i;
self->client_info.cache2_size = 1024 * Bpp;
in_uint32_le(s, i);
i = i & 0x7fffffff;
i = MIN(i, 2000);
i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
i = MAX(i, 0);
self->client_info.cache3_entries = i;
self->client_info.cache3_size = 4096 * Bpp;
DEBUG(("cache1 entries %d size %d", self->client_info.cache1_entries,

View File

@ -28,8 +28,8 @@
#include "parse.h"
#include "trans.h"
#include "libxrdpinc.h"
#include "xrdp_types.h"
#include "xrdp_constants.h"
#include "xrdp_types.h"
#include "defines.h"
#include "os_calls.h"
#include "ssl_calls.h"

View File

@ -34,15 +34,26 @@ xrdp_cache_create(struct xrdp_wm* owner,
self->wm = owner;
self->session = session;
self->use_bitmap_comp = client_info->use_bitmap_comp;
self->cache1_entries = client_info->cache1_entries;
self->cache1_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
client_info->cache1_entries);
self->cache1_entries = MAX(self->cache1_entries, 0);
self->cache1_size = client_info->cache1_size;
self->cache2_entries = client_info->cache2_entries;
self->cache2_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
client_info->cache2_entries);
self->cache2_entries = MAX(self->cache2_entries, 0);
self->cache2_size = client_info->cache2_size;
self->cache3_entries = client_info->cache3_entries;
self->cache3_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
client_info->cache3_entries);
self->cache3_entries = MAX(self->cache3_entries, 0);
self->cache3_size = client_info->cache3_size;
self->bitmap_cache_persist_enable = client_info->bitmap_cache_persist_enable;
self->bitmap_cache_version = client_info->bitmap_cache_version;
self->pointer_cache_entries = client_info->pointer_cache_entries;
return self;
}

View File

@ -150,7 +150,8 @@ struct xrdp_cache
struct xrdp_palette_item palette_items[6];
/* bitmap */
int bitmap_stamp;
struct xrdp_bitmap_item bitmap_items[3][2000];
struct xrdp_bitmap_item bitmap_items[XRDP_MAX_BITMAP_CACHE_ID]
[XRDP_MAX_BITMAP_CACHE_IDX];
int use_bitmap_comp;
int cache1_entries;
int cache1_size;