rpms / freerdp

Clone
Source Code
GIT

Blame SOURCES/Fixed-missing-length-check-in-video-channel.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   Fixed-missing-length-check-in-video-channel.patch
Blob History Raw
083b3c 
From bf28ea249de57acc6dfadbd778afef2093c1c283 Mon Sep 17 00:00:00 2001
083b3c 
From: akallabeth <akallabeth@posteo.net>
083b3c 
Date: Thu, 6 Oct 2022 09:15:40 +0200
083b3c 
Subject: [PATCH] Fixed missing length check in video channel
083b3c
083b3c 
Data received in video redirection channel was not checked for
083b3c 
proper length.
083b3c
083b3c 
(cherry picked from commit eeffd1050e9284d1464b58e049b2b4d88726632b)
083b3c 
---
083b3c 
 channels/video/client/video_main.c | 2 ++
083b3c 
 1 file changed, 2 insertions(+)
083b3c
083b3c 
diff --git a/channels/video/client/video_main.c b/channels/video/client/video_main.c
083b3c 
index a21e7cdf2..a8031fc86 100644
083b3c 
--- a/channels/video/client/video_main.c
083b3c 
+++ b/channels/video/client/video_main.c
083b3c 
@@ -930,6 +930,8 @@ static UINT video_data_on_data_received(IWTSVirtualChannelCallback* pChannelCall
083b3c 
 	Stream_Read_UINT16(s, data.PacketsInSample);
083b3c 
 	Stream_Read_UINT32(s, data.SampleNumber);
083b3c 
 	Stream_Read_UINT32(s, data.cbSample);
083b3c 
+	if (!Stream_CheckAndLogRequiredLength(TAG, s, data.cbSample))
083b3c 
+		return ERROR_INVALID_DATA;
083b3c 
 	data.pSample = Stream_Pointer(s);
083b3c
083b3c 
 	/*
083b3c 
--
083b3c 
2.37.1
083b3c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation