Add some more warnings and sanity checks.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@1425 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
parent
b60949987c
commit
2e16fa661d
2
disk.c
2
disk.c
@ -802,7 +802,7 @@ disk_set_information(RD_NTHANDLE handle, uint32 info_class, STREAM in, STREAM ou
|
||||
|
||||
if (length && (length / 2) < 256)
|
||||
{
|
||||
rdp_in_unistr(in, newname, length);
|
||||
rdp_in_unistr(in, newname, sizeof(newname), length);
|
||||
convert_to_unix_filename(newname);
|
||||
}
|
||||
else
|
||||
|
@ -245,8 +245,8 @@ printercache_process(STREAM s)
|
||||
|
||||
/* NOTE - 'driver' doesn't contain driver, it contains the new printer name */
|
||||
|
||||
rdp_in_unistr(s, printer, printer_length);
|
||||
rdp_in_unistr(s, driver, driver_length);
|
||||
rdp_in_unistr(s, printer, sizeof(printer), printer_length);
|
||||
rdp_in_unistr(s, driver, sizeof(driver), driver_length);
|
||||
|
||||
printercache_rename_blob(printer, driver);
|
||||
break;
|
||||
@ -254,7 +254,7 @@ printercache_process(STREAM s)
|
||||
case 3: /* delete item */
|
||||
in_uint8(s, printer_unicode_length);
|
||||
in_uint8s(s, 0x3); /* padding */
|
||||
printer_length = rdp_in_unistr(s, printer, printer_unicode_length);
|
||||
rdp_in_unistr(s, printer, sizeof(printer), printer_unicode_length);
|
||||
printercache_unlink_blob(printer);
|
||||
break;
|
||||
|
||||
@ -264,7 +264,7 @@ printercache_process(STREAM s)
|
||||
|
||||
if (printer_unicode_length < 2 * 255)
|
||||
{
|
||||
rdp_in_unistr(s, printer, printer_unicode_length);
|
||||
rdp_in_unistr(s, printer, sizeof(printer), printer_unicode_length);
|
||||
printercache_save_blob(printer, s->p, blob_length);
|
||||
}
|
||||
break;
|
||||
|
4
proto.h
4
proto.h
@ -111,7 +111,7 @@ void generate_random(uint8 * random);
|
||||
void *xmalloc(int size);
|
||||
void exit_if_null(void *ptr);
|
||||
char *xstrdup(const char *s);
|
||||
void *xrealloc(void *oldmem, int size);
|
||||
void *xrealloc(void *oldmem, size_t size);
|
||||
void xfree(void *mem);
|
||||
void error(char *format, ...);
|
||||
void warning(char *format, ...);
|
||||
@ -137,7 +137,7 @@ RD_BOOL rd_lock_file(int fd, int start, int len);
|
||||
void rdp5_process(STREAM s);
|
||||
/* rdp.c */
|
||||
void rdp_out_unistr(STREAM s, char *string, int len);
|
||||
int rdp_in_unistr(STREAM s, char *string, int uni_len);
|
||||
int rdp_in_unistr(STREAM s, char *string, int str_len, int in_len);
|
||||
void rdp_send_input(uint32 time, uint16 message_type, uint16 device_flags, uint16 param1,
|
||||
uint16 param2);
|
||||
void rdp_send_client_window_status(int status);
|
||||
|
@ -1131,16 +1131,16 @@ xstrdup(const char *s)
|
||||
|
||||
/* realloc; exit if out of memory */
|
||||
void *
|
||||
xrealloc(void *oldmem, int size)
|
||||
xrealloc(void *oldmem, size_t size)
|
||||
{
|
||||
void *mem;
|
||||
|
||||
if (size < 1)
|
||||
if (size == 0)
|
||||
size = 1;
|
||||
mem = realloc(oldmem, size);
|
||||
if (mem == NULL)
|
||||
{
|
||||
error("xrealloc %d\n", size);
|
||||
error("xrealloc %ld\n", size);
|
||||
exit(1);
|
||||
}
|
||||
return mem;
|
||||
|
53
rdp.c
53
rdp.c
@ -243,10 +243,10 @@ rdp_out_unistr(STREAM s, char *string, int len)
|
||||
* Returns str_len of string
|
||||
*/
|
||||
int
|
||||
rdp_in_unistr(STREAM s, char *string, int uni_len)
|
||||
rdp_in_unistr(STREAM s, char *string, int str_size, int in_len)
|
||||
{
|
||||
#ifdef HAVE_ICONV
|
||||
size_t ibl = uni_len, obl = uni_len;
|
||||
size_t ibl = in_len, obl = str_size-1;
|
||||
char *pin = (char *) s->p, *pout = string;
|
||||
static iconv_t iconv_h = (iconv_t) - 1;
|
||||
|
||||
@ -260,37 +260,56 @@ rdp_in_unistr(STREAM s, char *string, int uni_len)
|
||||
WINDOWS_CODEPAGE, g_codepage, iconv_h);
|
||||
|
||||
g_iconv_works = False;
|
||||
return rdp_in_unistr(s, string, uni_len);
|
||||
return rdp_in_unistr(s, string, str_size, in_len);
|
||||
}
|
||||
}
|
||||
|
||||
if (iconv(iconv_h, (ICONV_CONST char **) &pin, &ibl, &pout, &obl) == (size_t) - 1)
|
||||
{
|
||||
if (errno == E2BIG)
|
||||
{
|
||||
warning("server sent an unexpectedly long string, truncating\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
iconv_close(iconv_h);
|
||||
iconv_h = (iconv_t) - 1;
|
||||
warning("rdp_in_unistr: iconv fail, errno %d\n", errno);
|
||||
|
||||
g_iconv_works = False;
|
||||
return rdp_in_unistr(s, string, uni_len);
|
||||
return rdp_in_unistr(s, string, str_size, in_len);
|
||||
}
|
||||
}
|
||||
|
||||
/* we must update the location of the current STREAM for future reads of s->p */
|
||||
s->p += uni_len;
|
||||
s->p += in_len;
|
||||
|
||||
*pout = 0;
|
||||
return pout - string;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
int i = 0;
|
||||
int len = in_len/2;
|
||||
int rem = 0;
|
||||
|
||||
while (i < uni_len / 2)
|
||||
if (len > str_size-1)
|
||||
{
|
||||
warning("server sent an unexpectedly long string, truncating\n");
|
||||
len = str_size-1;
|
||||
rem = in_len - 2*len;
|
||||
}
|
||||
|
||||
while (i < len)
|
||||
{
|
||||
in_uint8a(s, &string[i++], 1);
|
||||
in_uint8s(s, 1);
|
||||
}
|
||||
|
||||
return i - 1;
|
||||
in_uint8s(s, rem);
|
||||
string[len] = 0;
|
||||
return len;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1325,32 +1344,44 @@ process_redirect_pdu(STREAM s /*, uint32 * ext_disc_reason */ )
|
||||
in_uint32_le(s, len);
|
||||
|
||||
/* read ip string */
|
||||
rdp_in_unistr(s, g_redirect_server, len);
|
||||
rdp_in_unistr(s, g_redirect_server, sizeof(g_redirect_server), len);
|
||||
|
||||
/* read length of cookie string */
|
||||
in_uint32_le(s, len);
|
||||
|
||||
/* read cookie string (plain ASCII) */
|
||||
if (len > sizeof(g_redirect_cookie)-1)
|
||||
{
|
||||
uint32 rem = len - (sizeof(g_redirect_cookie)-1);
|
||||
len = sizeof(g_redirect_cookie)-1;
|
||||
|
||||
warning("Unexpectedly large redirection cookie\n");
|
||||
in_uint8a(s, g_redirect_cookie, len);
|
||||
in_uint8s(s, rem);
|
||||
}
|
||||
else
|
||||
{
|
||||
in_uint8a(s, g_redirect_cookie, len);
|
||||
}
|
||||
g_redirect_cookie[len] = 0;
|
||||
|
||||
/* read length of username string */
|
||||
in_uint32_le(s, len);
|
||||
|
||||
/* read username string */
|
||||
rdp_in_unistr(s, g_redirect_username, len);
|
||||
rdp_in_unistr(s, g_redirect_username, sizeof(g_redirect_username), len);
|
||||
|
||||
/* read length of domain string */
|
||||
in_uint32_le(s, len);
|
||||
|
||||
/* read domain string */
|
||||
rdp_in_unistr(s, g_redirect_domain, len);
|
||||
rdp_in_unistr(s, g_redirect_domain, sizeof(g_redirect_domain), len);
|
||||
|
||||
/* read length of password string */
|
||||
in_uint32_le(s, len);
|
||||
|
||||
/* read password string */
|
||||
rdp_in_unistr(s, g_redirect_password, len);
|
||||
rdp_in_unistr(s, g_redirect_password, sizeof(g_redirect_password), len);
|
||||
|
||||
g_redirect = True;
|
||||
|
||||
|
4
rdpdr.c
4
rdpdr.c
@ -429,7 +429,7 @@ rdpdr_process_irp(STREAM s)
|
||||
|
||||
if (length && (length / 2) < 256)
|
||||
{
|
||||
rdp_in_unistr(s, filename, length);
|
||||
rdp_in_unistr(s, filename, sizeof(filename), length);
|
||||
convert_to_unix_filename(filename);
|
||||
}
|
||||
else
|
||||
@ -622,7 +622,7 @@ rdpdr_process_irp(STREAM s)
|
||||
in_uint8s(s, 0x17);
|
||||
if (length && length < 2 * 255)
|
||||
{
|
||||
rdp_in_unistr(s, filename, length);
|
||||
rdp_in_unistr(s, filename, sizeof(filename), length);
|
||||
convert_to_unix_filename(filename);
|
||||
}
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user