Merge pull request #11288 from akallabeth/tsg-fix

[core,gateway] add tsg checks
2026-04-15 00:44:19 +09:00 · 2025-03-05 14:17:45 +01:00
parent d451be1358 9be8518873
commit 0f45b5e40c
2 changed files with 53 additions and 36 deletions
--- a/client/common/cmdline.c
+++ b/client/common/cmdline.c
@@ -3987,6 +3987,8 @@ static BOOL parse_gateway_cred_option(rdpSettings* settings, const char* value,

 static BOOL parse_gateway_type_option(rdpSettings* settings, const char* value)
 {
+	BOOL rc = FALSE;
+
 	WINPR_ASSERT(settings);
 	WINPR_ASSERT(value);

@@ -3997,6 +3999,7 @@ static BOOL parse_gateway_type_option(rdpSettings* settings, const char* value)
 		    !freerdp_settings_set_bool(settings, FreeRDP_GatewayHttpUseWebsockets, FALSE) ||
 		    !freerdp_settings_set_bool(settings, FreeRDP_GatewayArmTransport, FALSE))
 			return FALSE;
+		rc = TRUE;
 	}
 	else
 	{
@@ -4006,6 +4009,7 @@ static BOOL parse_gateway_type_option(rdpSettings* settings, const char* value)
 			    !freerdp_settings_set_bool(settings, FreeRDP_GatewayHttpTransport, TRUE) ||
 			    !freerdp_settings_set_bool(settings, FreeRDP_GatewayArmTransport, FALSE))
 				return FALSE;
+			rc = TRUE;
 		}
 		else if (option_equals(value, "auto"))
 		{
@@ -4013,6 +4017,7 @@ static BOOL parse_gateway_type_option(rdpSettings* settings, const char* value)
 			    !freerdp_settings_set_bool(settings, FreeRDP_GatewayHttpTransport, TRUE) ||
 			    !freerdp_settings_set_bool(settings, FreeRDP_GatewayArmTransport, FALSE))
 				return FALSE;
+			rc = TRUE;
 		}
 		else if (option_equals(value, "arm"))
 		{
@@ -4021,9 +4026,10 @@ static BOOL parse_gateway_type_option(rdpSettings* settings, const char* value)
 			    !freerdp_settings_set_bool(settings, FreeRDP_GatewayHttpUseWebsockets, FALSE) ||
 			    !freerdp_settings_set_bool(settings, FreeRDP_GatewayArmTransport, TRUE))
 				return FALSE;
+			rc = TRUE;
 		}
 	}
-	return TRUE;
+	return rc;
 }

 static BOOL parse_gateway_usage_option(rdpSettings* settings, const char* value)
--- a/libfreerdp/core/gateway/tsg.c
+++ b/libfreerdp/core/gateway/tsg.c
@@ -1504,7 +1504,6 @@ static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream
 static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
                                        UINT32* tunnelId)
 {
-
 	if (!tsg_stream_align(log, s, 4))
 		return FALSE;

@@ -1553,7 +1552,19 @@ static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream*
 		Stream_Read_UINT32(s, MsgId);              /* MsgId (4 bytes) */
 		Stream_Read_UINT32(s, MsgType);            /* MsgType (4 bytes) */
 		Stream_Read_UINT32(s, IsMessagePresent);   /* IsMessagePresent (4 bytes) */
+		if (IsMessagePresent != 0)
+		{
+
 			Stream_Read_UINT32(s, MessageSwitchValue); /* MessageSwitchValue (4 bytes) */
+
+			(void)MsgId; /* [MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgId is unused */
+			if (MsgType != MessageSwitchValue)
+			{
+				WLog_ERR(TAG,
+				         "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
+				         "] != MessageSwitchValue [0x%08" PRIx32 "]",
+				         MsgType, MessageSwitchValue);
+				goto fail;
 			}

 			{
@@ -1568,10 +1579,8 @@ static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream*
 			{
 				case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
 				case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
-		{
 					if (!tsg_ndr_read_consent_message(log, context, s, index))
 						goto fail;
-		}
 					break;

 				case TSG_ASYNC_MESSAGE_REAUTH:
@@ -1591,6 +1600,8 @@ static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream*
 					           MessageSwitchValue);
 					goto fail;
 			}
+		}
+	}

 	return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
 fail: