rpms / freerdp

Clone
Source Code
GIT

Blame SOURCES/Fixed-missing-length-check-in-video-channel.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8-beta
  2.   SOURCES
  3.   Fixed-missing-length-check-in-video-channel.patch
Blob History Raw
1069f6 
From bf28ea249de57acc6dfadbd778afef2093c1c283 Mon Sep 17 00:00:00 2001
1069f6 
From: akallabeth <akallabeth@posteo.net>
1069f6 
Date: Thu, 6 Oct 2022 09:15:40 +0200
1069f6 
Subject: [PATCH] Fixed missing length check in video channel
1069f6
1069f6 
Data received in video redirection channel was not checked for
1069f6 
proper length.
1069f6
1069f6 
(cherry picked from commit eeffd1050e9284d1464b58e049b2b4d88726632b)
1069f6 
---
1069f6 
 channels/video/client/video_main.c | 2 ++
1069f6 
 1 file changed, 2 insertions(+)
1069f6
1069f6 
diff --git a/channels/video/client/video_main.c b/channels/video/client/video_main.c
1069f6 
index a21e7cdf2..a8031fc86 100644
1069f6 
--- a/channels/video/client/video_main.c
1069f6 
+++ b/channels/video/client/video_main.c
1069f6 
@@ -930,6 +930,8 @@ static UINT video_data_on_data_received(IWTSVirtualChannelCallback* pChannelCall
1069f6 
 	Stream_Read_UINT16(s, data.PacketsInSample);
1069f6 
 	Stream_Read_UINT32(s, data.SampleNumber);
1069f6 
 	Stream_Read_UINT32(s, data.cbSample);
1069f6 
+	if (!Stream_CheckAndLogRequiredLength(TAG, s, data.cbSample))
1069f6 
+		return ERROR_INVALID_DATA;
1069f6 
 	data.pSample = Stream_Pointer(s);
1069f6
1069f6 
 	/*
1069f6 
--
1069f6 
2.37.1
1069f6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation