From 837491ba24dca4e68c1c7eece9f40050af6745c3 Mon Sep 17 00:00:00 2001 From: David Fort Date: Tue, 21 Feb 2017 11:02:12 +0100 Subject: [PATCH] Limit the number of client announced monitors The specs says that only 16 are allowed, so let's make that limitation a reality. --- libfreerdp/core/gcc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c index 51d1de1ad..f55b8746d 100644 --- a/libfreerdp/core/gcc.c +++ b/libfreerdp/core/gcc.c @@ -1705,6 +1705,12 @@ BOOL gcc_read_client_monitor_data(wStream* s, rdpMcs* mcs, UINT16 blockLength) Stream_Read_UINT32(s, flags); /* flags */ Stream_Read_UINT32(s, monitorCount); /* monitorCount */ + if (monitorCount > 16) + { + WLog_ERR(TAG, "announced monitors(%"PRIu32") exceed the 16 limit", monitorCount); + return FALSE; + } + if (monitorCount > settings->MonitorDefArraySize) { WLog_ERR(TAG, "too many announced monitors(%"PRIu32"), clamping to %"PRIu32"", monitorCount,