uLab
/
xrdp-proprietary
mirror of https://mirror.git.trinitydesktop.org/gitea/uLab/xrdp-proprietary
0
0
Fork 0
Code Issues Releases Wiki Activity

libxrdp: fastpath, add stream check (all stack)

Browse Source
ulab-next
speidy 10 years ago
parent d610101521
commit 44d831f05e
2 changed files with 51 additions and 8 deletions
Show Stats Download Patch File Download Diff File

47
libxrdp/xrdp_fastpath.c
Unescape View File

@ -57,24 +57,37 @@ int APP_CC
xrdp_fastpath_recv(struct xrdp_fastpath *self, struct stream *s)
{
int fp_hdr;
int len = 0;
int len = 0; /* unused */
int byte;
DEBUG((" in xrdp_fastpath_recv"));
if (!s_check_rem(s, 2))
{
return 1;
}
in_uint8(s, fp_hdr); /* fpInputHeader (1 byte) */
in_uint8(s, byte); /* length 1 (1 byte) */
self->numEvents = (fp_hdr & 0x3C) >> 2;
self->secFlags = (fp_hdr & 0xC0) >> 6;
in_uint8(s, byte); /* length 1 (1 byte) */
if (byte & 0x80)
{
byte &= ~(0x80);
len = (byte << 8);
if (!s_check_rem(s, 1))
{
return 1;
}
in_uint8(s, byte); /* length 2 (1 byte) */
len += byte;
}
else
{
len = byte;
}
DEBUG((" out xrdp_fastpath_recv"));
@ -243,8 +256,11 @@ xrdp_fastpath_process_EVENT_SCANCODE(struct xrdp_fastpath *self, int eventFlags,
int code;
flags = 0;
if (!s_check_rem(s, 1))
{
return 1;
}
in_uint8(s, code); /* keyCode (1 byte) */
//g_writeln("scan code detected: %d", code);
if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_RELEASE))
flags |= KBD_FLAG_UP;
@ -276,6 +292,10 @@ xrdp_fastpath_process_EVENT_MOUSE(struct xrdp_fastpath *self, int eventFlags, st
int xPos;
int yPos;
if (!s_check_rem(s, 2 + 2 + 2))
{
return 1;
}
in_uint16_le(s, pointerFlags); /* pointerFlags (2 bytes) */
in_uint16_le(s, xPos); /* xPos (2 bytes) */
in_uint16_le(s, yPos); /* yPos (2 bytes) */
@ -302,6 +322,10 @@ xrdp_fastpath_process_EVENT_MOUSEX(struct xrdp_fastpath *self, int eventFlags, s
int xPos;
int yPos;
if (!s_check_rem(s, 2 + 2 + 2))
{
return 1;
}
in_uint16_le(s, pointerFlags); /* pointerFlags (2 bytes) */
in_uint16_le(s, xPos); /* xPos (2 bytes) */
in_uint16_le(s, yPos); /* yPos (2 bytes) */
@ -347,6 +371,10 @@ xrdp_fastpath_process_EVENT_SYNC(struct xrdp_fastpath *self, int eventCode, int
int APP_CC
xrdp_fastpath_process_EVENT_UNICODE(struct xrdp_fastpath *self, int eventFlags, struct stream *s)
{
if (!s_check_rem(s, 2))
{
return 1;
}
in_uint8s(s, 2);
return 0;
}
@ -362,13 +390,17 @@ xrdp_fastpath_process_input_event(struct xrdp_fastpath *self, struct stream *s)
// process fastpath input events
for (i = 0 ; i < self->numEvents ; i++) {
if (!s_check_rem(s, 1))
{
return 1;
}
in_uint8(s, eventHeader);
eventFlags = (eventHeader & 0x1F);
eventCode = (eventHeader >> 5);
// g_writeln("eventCode= %d, eventFlags= %d, numEvents= %d",
// eventCode, eventFlags, self->sec_layer->fastpath_layer->numEvents);
//DEBUG(("xrdp_fastpath_process_input_event: eventCode= %d, eventFlags= %d, numEvents= %d",
// eventCode, eventFlags, self->sec_layer->fastpath_layer->numEvents));
switch (eventCode)
{
@ -402,10 +434,9 @@ xrdp_fastpath_process_input_event(struct xrdp_fastpath *self, struct stream *s)
{
return 1;
}
break;
default:
g_writeln("xrdp_rdp_process_fastpath_data_input: unknown eventCode %d", eventCode);
g_writeln("xrdp_fastpath_process_input_event: unknown eventCode %d", eventCode);
break;
}

12
libxrdp/xrdp_sec.c
Unescape View File

@ -961,9 +961,17 @@ xrdp_sec_recv_fastpath(struct xrdp_sec *self, struct stream *s)
if (self->crypt_level == CRYPT_LEVEL_FIPS)
{
if (!s_check_rem(s, 4))
{
return 1;
}
in_uint8s(s, 4); /* fipsInformation (4 bytes) */
}
if (!s_check_rem(s, 8))
{
return 1;
}
in_uint8s(s, 8); /* dataSignature (8 bytes), skip for now */
if (self->fastpath_layer->secFlags & FASTPATH_INPUT_ENCRYPTED)
@ -976,6 +984,10 @@ xrdp_sec_recv_fastpath(struct xrdp_sec *self, struct stream *s)
* If numberEvents is not provided in fpInputHeader, it will be provided
* as one additional byte here.
*/
if (!s_check_rem(s, 8))
{
return 1;
}
in_uint8(s, self->fastpath_layer->numEvents); /* numEvents (1 byte) (optional) */
}

Write Preview
Loading…
Cancel
Save