From 18df3176e1977c08a6ba6d05d0344c745669f408 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Fri, 16 Jun 2023 08:21:16 +0200
Subject: [PATCH] [common,assistance] fix assistance file parser

* ensure a valid delimiter is following the token searched for
* add a test case to ensure this works
---
 libfreerdp/common/assistance.c                | 17 +++++++++++++++
 libfreerdp/common/test/TestCommonAssistance.c | 21 +++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/libfreerdp/common/assistance.c b/libfreerdp/common/assistance.c
index 8a9199578..ff35e335e 100644
--- a/libfreerdp/common/assistance.c
+++ b/libfreerdp/common/assistance.c
@@ -511,6 +511,23 @@ static char* freerdp_assistance_contains_element(char* input, size_t ilen, const
 		return NULL;
 
 	char* data = tag + strnlen(bkey, sizeof(bkey));
+
+	/* Ensure there is a valid delimiter following our token */
+	switch (data[0])
+	{
+		case '>':
+		case '/':
+		case ' ':
+		case '\t':
+			break;
+		default:
+			WLog_ERR(TAG,
+			         "Failed to parse ASSISTANCE file: ConnectionString2 missing delimiter after "
+			         "field %s",
+			         bkey);
+			return NULL;
+	}
+
 	char* start = strstr(tag, ">");
 
 	if (!start || (start > input + ilen))
diff --git a/libfreerdp/common/test/TestCommonAssistance.c b/libfreerdp/common/test/TestCommonAssistance.c
index aa5d87876..b6d52217e 100644
--- a/libfreerdp/common/test/TestCommonAssistance.c
+++ b/libfreerdp/common/test/TestCommonAssistance.c
@@ -93,6 +93,24 @@ static const char connectionstr2[] =
     "</C>\n"
     "</E>";
 
+static const char fail_uploadinfo_str[] =
+    "<UPLOADINFOTYPE=\"Escalated\"><UPLOADDATARCTICKET=\"65538,1, ,*,,*,*,\"/></UPLOADINFO>";
+
+static BOOL run_test_parse(wLog* log, const char* input, size_t len, const char* password,
+                           BOOL expect)
+{
+	rdpAssistanceFile* file = freerdp_assistance_file_new();
+	if (!file)
+		return FALSE;
+
+	const int status = freerdp_assistance_parse_file_buffer(file, input, len, password);
+	const BOOL success = status >= 0;
+
+	freerdp_assistance_print_file(file, log, WLOG_INFO);
+	freerdp_assistance_file_free(file);
+	return success == expect;
+}
+
 static BOOL test_msrsc_incident_file_type1(wLog* log)
 {
 	BOOL rc = FALSE;
@@ -195,6 +213,9 @@ int TestCommonAssistance(int argc, char* argv[])
 	log = WLog_Get(__FUNCTION__);
 	winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
 
+	if (!run_test_parse(log, fail_uploadinfo_str, sizeof(fail_uploadinfo_str), NULL, FALSE))
+		return -1;
+
 	if (!test_msrsc_incident_file_type1(log))
 	{
 		WLog_Print(log, WLOG_ERROR, "test_msrsc_incident_file_type1 failed");