From bb4a15b5dcaf8668687d0b62d6b50985561c4155 Mon Sep 17 00:00:00 2001 From: jsorg71 Date: Wed, 23 Dec 2009 07:04:32 +0000 Subject: [PATCH] check for RDP PDU size too small and remove 0x8000 length check --- libxrdp/xrdp_rdp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index c8e9698b..1eea4f46 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -226,14 +226,16 @@ xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code) { s->p = s->next_packet; } - in_uint16_le(s, len); - if (len == 0x8000) + if (!s_check_rem(s, 6)) { - s->next_packet += 8; + s->next_packet = 0; *code = 0; DEBUG(("out xrdp_rdp_recv")); + len = (int)(s->end - s->p); + g_writeln("xrdp_rdp_recv: bad RDP packet, length [%d]", len); return 0; } + in_uint16_le(s, len); in_uint16_le(s, pdu_code); *code = pdu_code & 0xf; in_uint8s(s, 2); /* mcs user id */