morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-14 16:34:18 +09:00
Code Issues Packages Projects Releases Wiki Activity

[winpr,stream] Check Stream_SetLength return

Browse Source
This commit is contained in:
Armin Novak
2026-03-02 10:54:55 +01:00
parent b8c32fbdd5
commit 5a532269ef
20 changed files with 106 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
channels/ainput/server/ainput_main.c
View File

@@ -478,7 +478,9 @@ static UINT ainput_process_message(ainput_server* ainput)
goto out; goto out;
} }
Stream_SetLength(s, ActualBytesReturned); if (!Stream_SetLength(s, ActualBytesReturned))
goto out;
{ {
const UINT16 MessageId = Stream_Get_UINT16(s); const UINT16 MessageId = Stream_Get_UINT16(s);

7
channels/audin/server/audin.c
View File

@@ -400,7 +400,12 @@ static DWORD WINAPI audin_server_thread_func(LPVOID arg)
break; break;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
{
error = ERROR_INTERNAL_ERROR;
break;
}
if (!Stream_CheckAndLogRequiredLengthWLog(audin->log, s, SNDIN_HEADER_SIZE)) if (!Stream_CheckAndLogRequiredLengthWLog(audin->log, s, SNDIN_HEADER_SIZE))
{ {
error = ERROR_INTERNAL_ERROR; error = ERROR_INTERNAL_ERROR;

4
channels/disp/server/disp_main.c
View File

@@ -322,7 +322,9 @@ static UINT disp_server_handle_messages(DispServerContext* context)
return ERROR_INTERNAL_ERROR; return ERROR_INTERNAL_ERROR;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
return ERROR_INTERNAL_ERROR;
Stream_ResetPosition(s); Stream_ResetPosition(s);
while (Stream_GetPosition(s) < Stream_Length(s)) while (Stream_GetPosition(s) < Stream_Length(s))

4
channels/gfxredir/server/gfxredir_main.c
View File

@@ -252,7 +252,9 @@ static UINT gfxredir_server_handle_messages(GfxRedirServerContext* context)
return ERROR_INTERNAL_ERROR; return ERROR_INTERNAL_ERROR;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
return ERROR_INTERNAL_ERROR;
Stream_ResetPosition(s); Stream_ResetPosition(s);
while (Stream_GetPosition(s) < Stream_Length(s)) while (Stream_GetPosition(s) < Stream_Length(s))

4
channels/location/server/location_main.c
View File

@@ -348,7 +348,9 @@ static UINT location_process_message(location_server* location)
goto out; goto out;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
goto out;
if (!Stream_CheckAndLogRequiredLength(TAG, s, LOCATION_HEADER_SIZE)) if (!Stream_CheckAndLogRequiredLength(TAG, s, LOCATION_HEADER_SIZE))
return ERROR_NO_DATA; return ERROR_NO_DATA;

6
channels/rdpdr/server/rdpdr_main.c
View File

@@ -2250,7 +2250,11 @@ static DWORD WINAPI rdpdr_server_thread(LPVOID arg)
if (BytesReturned >= RDPDR_HEADER_LENGTH) if (BytesReturned >= RDPDR_HEADER_LENGTH)
{ {
Stream_ResetPosition(s); Stream_ResetPosition(s);
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
{
error = ERROR_INTERNAL_ERROR;
goto out_stream;
}
while (Stream_GetRemainingLength(s) >= RDPDR_HEADER_LENGTH) while (Stream_GetRemainingLength(s) >= RDPDR_HEADER_LENGTH)
{ {

4
channels/rdpecam/server/camera_device_enumerator_main.c
View File

@@ -298,7 +298,9 @@ static UINT enumerator_process_message(enumerator_server* enumerator)
goto out; goto out;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
return ERROR_INTERNAL_ERROR;
if (!Stream_CheckAndLogRequiredLength(TAG, s, CAM_HEADER_SIZE)) if (!Stream_CheckAndLogRequiredLength(TAG, s, CAM_HEADER_SIZE))
return ERROR_NO_DATA; return ERROR_NO_DATA;

4
channels/rdpecam/server/camera_device_main.c
View File

@@ -504,7 +504,9 @@ static UINT device_process_message(device_server* device)
goto out; goto out;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
goto out;
if (!Stream_CheckAndLogRequiredLength(TAG, s, CAM_HEADER_SIZE)) if (!Stream_CheckAndLogRequiredLength(TAG, s, CAM_HEADER_SIZE))
return ERROR_NO_DATA; return ERROR_NO_DATA;

4
channels/rdpemsc/server/mouse_cursor_main.c
View File

@@ -271,7 +271,9 @@ static UINT mouse_cursor_process_message(mouse_cursor_server* mouse_cursor)
goto out; goto out;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
goto out;
if (!Stream_CheckAndLogRequiredLength(TAG, s, RDPEMSC_HEADER_SIZE)) if (!Stream_CheckAndLogRequiredLength(TAG, s, RDPEMSC_HEADER_SIZE))
return ERROR_NO_DATA; return ERROR_NO_DATA;

4
channels/rdpgfx/server/rdpgfx_main.c
View File

@@ -1869,7 +1869,9 @@ UINT rdpgfx_server_handle_messages(RdpgfxServerContext* context)
return ERROR_INTERNAL_ERROR; return ERROR_INTERNAL_ERROR;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
return ERROR_INTERNAL_ERROR;
Stream_ResetPosition(s); Stream_ResetPosition(s);
while (Stream_GetPosition(s) < Stream_Length(s)) while (Stream_GetPosition(s) < Stream_Length(s))

4
channels/telemetry/server/telemetry_main.c
View File

@@ -181,7 +181,9 @@ static UINT telemetry_process_message(telemetry_server* telemetry)
goto out; goto out;
} }
Stream_SetLength(s, BytesReturned); if (!Stream_SetLength(s, BytesReturned))
goto out;
if (!Stream_CheckAndLogRequiredLength(TAG, s, 2)) if (!Stream_CheckAndLogRequiredLength(TAG, s, 2))
return ERROR_NO_DATA; return ERROR_NO_DATA;

4
libfreerdp/codec/dsp.c
View File

@@ -287,7 +287,9 @@ static BOOL freerdp_dsp_resample(FREERDP_DSP_CONTEXT* WINPR_RESTRICT context,
error = error =
soxr_process(context->sox, src, sframes, &idone, Stream_Buffer(context->common.resample), soxr_process(context->sox, src, sframes, &idone, Stream_Buffer(context->common.resample),
Stream_Capacity(context->common.resample) / rbytes, &odone); Stream_Capacity(context->common.resample) / rbytes, &odone);
Stream_SetLength(context->common.resample, odone * rbytes); if (!Stream_SetLength(context->common.resample, odone * rbytes))
return FALSE;
*data = Stream_Buffer(context->common.resample); *data = Stream_Buffer(context->common.resample);
*length = Stream_Length(context->common.resample); *length = Stream_Length(context->common.resample);
return (error == 0) != 0; return (error == 0) != 0;

6
libfreerdp/core/freerdp.c
View File

@@ -268,7 +268,11 @@ BOOL freerdp_connect(freerdp* instance)
record.data = Stream_Buffer(s); record.data = Stream_Buffer(s);
if (!pcap_get_next_record_content(update->pcap_rfx, &record)) if (!pcap_get_next_record_content(update->pcap_rfx, &record))
break; break;
Stream_SetLength(s, record.length); if (!Stream_SetLength(s, record.length))
{
status = FALSE;
continue;
}
Stream_ResetPosition(s); Stream_ResetPosition(s);
if (!update_begin_paint(&update->common)) if (!update_begin_paint(&update->common))

22
libfreerdp/core/gateway/rdg.c
View File

@@ -430,30 +430,26 @@ static wStream* rdg_receive_packet(rdpRdg* rdg)
return nullptr; return nullptr;
if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s), header, &rdg->transferEncoding)) if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s), header, &rdg->transferEncoding))
{ goto fail;
Stream_Free(s, TRUE);
return nullptr;
}
Stream_Seek(s, 4); Stream_Seek(s, 4);
Stream_Read_UINT32(s, packetLength); Stream_Read_UINT32(s, packetLength);
if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength) || if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength) ||
(packetLength < header)) (packetLength < header))
{ goto fail;
Stream_Free(s, TRUE);
return nullptr;
}
if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s) + header, packetLength - header, if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s) + header, packetLength - header,
&rdg->transferEncoding)) &rdg->transferEncoding))
{ goto fail;
Stream_Free(s, TRUE);
return nullptr;
}
Stream_SetLength(s, packetLength); if (!Stream_SetLength(s, packetLength))
goto fail;
return s; return s;
fail:
Stream_Free(s, TRUE);
return nullptr;
} }
static BOOL rdg_send_handshake(rdpRdg* rdg) static BOOL rdg_send_handshake(rdpRdg* rdg)

58
libfreerdp/core/gateway/rpc_client.c
View File

@@ -88,33 +88,15 @@ static const char* rpc_client_state_str(RPC_CLIENT_STATE state)
return str; return str;
} }
static void rpc_pdu_reset(RPC_PDU* pdu) WINPR_ATTR_NODISCARD
static BOOL rpc_pdu_reset(RPC_PDU* pdu)
{ {
WINPR_ASSERT(pdu);
pdu->Type = 0; pdu->Type = 0;
pdu->Flags = 0; pdu->Flags = 0;
pdu->CallId = 0; pdu->CallId = 0;
Stream_ResetPosition(pdu->s); Stream_ResetPosition(pdu->s);
Stream_SetLength(pdu->s, 0); return Stream_SetLength(pdu->s, 0);
}
static RPC_PDU* rpc_pdu_new(void)
{
RPC_PDU* pdu = nullptr;
pdu = (RPC_PDU*)malloc(sizeof(RPC_PDU));
if (!pdu)
return nullptr;
pdu->s = Stream_New(nullptr, 4096);
if (!pdu->s)
{
free(pdu);
return nullptr;
}
rpc_pdu_reset(pdu);
return pdu;
} }
static void rpc_pdu_free(RPC_PDU* pdu) static void rpc_pdu_free(RPC_PDU* pdu)
@@ -126,6 +108,29 @@ static void rpc_pdu_free(RPC_PDU* pdu)
free(pdu); free(pdu);
} }
WINPR_ATTR_MALLOC(rpc_pdu_free, 1)
static RPC_PDU* rpc_pdu_new(void)
{
RPC_PDU* pdu = (RPC_PDU*)calloc(1, sizeof(RPC_PDU));
if (!pdu)
return nullptr;
pdu->s = Stream_New(nullptr, 4096);
if (!pdu->s)
goto fail;
if (!rpc_pdu_reset(pdu))
goto fail;
return pdu;
fail:
rpc_pdu_free(pdu);
return nullptr;
}
static int rpc_client_receive_pipe_write(RpcClient* client, const BYTE* buffer, size_t length) static int rpc_client_receive_pipe_write(RpcClient* client, const BYTE* buffer, size_t length)
{ {
int status = 0; int status = 0;
@@ -477,7 +482,8 @@ static int rpc_client_recv_fragment(rdpRpc* rpc, wStream* fragment)
if (rpc_client_recv_pdu(rpc, pdu) < 0) if (rpc_client_recv_pdu(rpc, pdu) < 0)
goto fail; goto fail;
rpc_pdu_reset(pdu); if (!rpc_pdu_reset(pdu))
goto fail;
rpc->StubFragCount = 0; rpc->StubFragCount = 0;
rpc->StubCallId = 0; rpc->StubCallId = 0;
} }
@@ -517,7 +523,8 @@ static int rpc_client_recv_fragment(rdpRpc* rpc, wStream* fragment)
if (rpc_client_recv_pdu(rpc, pdu) < 0) if (rpc_client_recv_pdu(rpc, pdu) < 0)
goto fail; goto fail;
rpc_pdu_reset(pdu); if (!rpc_pdu_reset(pdu))
goto fail;
} }
else else
{ {
@@ -543,7 +550,8 @@ static int rpc_client_recv_fragment(rdpRpc* rpc, wStream* fragment)
if (rpc_client_recv_pdu(rpc, pdu) < 0) if (rpc_client_recv_pdu(rpc, pdu) < 0)
goto fail; goto fail;
rpc_pdu_reset(pdu); if (!rpc_pdu_reset(pdu))
goto fail;
goto success; goto success;
} }
else if (header.common.ptype == PTYPE_FAULT) else if (header.common.ptype == PTYPE_FAULT)

4
libfreerdp/core/rdp.c
View File

@@ -1551,7 +1551,9 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
if (!security_fips_check_signature(Stream_ConstPointer(s), (size_t)padLength, sig, 8, rdp)) if (!security_fips_check_signature(Stream_ConstPointer(s), (size_t)padLength, sig, 8, rdp))
goto unlock; goto unlock;
Stream_SetLength(s, Stream_Length(s) - pad); if (!Stream_SetLength(s, Stream_Length(s) - pad))
goto unlock;
*pLength = (UINT16)padLength; *pLength = (UINT16)padLength;
} }
else else

3
libfreerdp/core/test/TestStreamDump.c
View File

@@ -48,7 +48,8 @@ static BOOL test_entry_read_write(void)
if (winpr_RAND(Stream_Buffer(sw), Stream_Capacity(sw)) < 0) if (winpr_RAND(Stream_Buffer(sw), Stream_Capacity(sw)) < 0)
goto fail; goto fail;
entrysize += Stream_Capacity(sw); entrysize += Stream_Capacity(sw);
Stream_SetLength(sw, Stream_Capacity(sw)); if (!Stream_SetLength(sw, Stream_Capacity(sw)))
goto fail;
fp = fopen(name, "wb"); fp = fopen(name, "wb");
if (!fp) if (!fp)

10
libfreerdp/emu/scard/smartcard_virtual_gids.c
View File

@@ -279,7 +279,8 @@ static vgidsEF* vgids_ef_new(vgidsContext* ctx, USHORT id)
WLog_ERR(TAG, "Failed to create file data stream"); WLog_ERR(TAG, "Failed to create file data stream");
goto create_failed; goto create_failed;
} }
Stream_SetLength(ef->data, 0); if (!Stream_SetLength(ef->data, 0))
goto create_failed;
if (!ArrayList_Append(ctx->files, ef)) if (!ArrayList_Append(ctx->files, ef))
{ {
@@ -1129,7 +1130,9 @@ static BOOL vgids_perform_digital_signature(vgidsContext* context)
goto sign_failed; goto sign_failed;
} }
Stream_SetLength(context->responseData, sigSize); if (!Stream_SetLength(context->responseData, sigSize))
goto sign_failed;
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);
break; break;
} }
@@ -1204,9 +1207,8 @@ static BOOL vgids_perform_decrypt(vgidsContext* context)
goto decrypt_failed; goto decrypt_failed;
} }
Stream_SetLength(context->responseData, outlen); rc = Stream_SetLength(context->responseData, outlen);
} }
rc = TRUE;
decrypt_failed: decrypt_failed:
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);

6
server/proxy/channels/pf_channel_rdpdr.c
View File

@@ -1743,7 +1743,11 @@ static void* stream_copy(const void* obj)
if (!dst) if (!dst)
return nullptr; return nullptr;
memcpy(Stream_Buffer(dst), Stream_ConstBuffer(src), Stream_Capacity(dst)); memcpy(Stream_Buffer(dst), Stream_ConstBuffer(src), Stream_Capacity(dst));
Stream_SetLength(dst, Stream_Length(src)); if (!Stream_SetLength(dst, Stream_Length(src)))
{
Stream_Free(dst, TRUE);
return nullptr;
}
Stream_SetPosition(dst, Stream_GetPosition(src)); Stream_SetPosition(dst, Stream_GetPosition(src));
return dst; return dst;
} }

3
winpr/libwinpr/utils/collections/StreamPool.c
View File

@@ -247,7 +247,8 @@ wStream* StreamPool_Take(wStreamPool* pool, size_t size)
else if (s) else if (s)
{ {
Stream_ResetPosition(s); Stream_ResetPosition(s);
Stream_SetLength(s, Stream_Capacity(s)); if (!Stream_SetLength(s, Stream_Capacity(s)))
goto out_fail;
StreamPool_ShiftAvailable(pool, foundIndex); StreamPool_ShiftAvailable(pool, foundIndex);
} }