morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12408 from akallabeth/stream-return

Browse Source 
[winpr,stream] fix Stream_Write_UTF16_String return checks
This commit is contained in:
akallabeth
2026-03-02 18:06:14 +01:00
committed by GitHub
parent a16e6a632f 8316bca9dd
commit 9774cd06f5
6 changed files with 45 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
channels/rail/client/rail_orders.c
View File

@@ -151,9 +151,10 @@ static UINT rail_read_server_get_appid_resp_order(wStream* s,
return ERROR_INVALID_DATA; return ERROR_INVALID_DATA;
Stream_Read_UINT32(s, getAppidResp->windowId); /* windowId (4 bytes) */ Stream_Read_UINT32(s, getAppidResp->windowId); /* windowId (4 bytes) */
Stream_Read_UTF16_String( if (!Stream_Read_UTF16_String(
s, getAppidResp->applicationId, s, getAppidResp->applicationId,
ARRAYSIZE(getAppidResp->applicationId)); /* applicationId (260 UNICODE chars) */ ARRAYSIZE(getAppidResp->applicationId))) /* applicationId (260 UNICODE chars) */
return ERROR_INVALID_DATA;
return CHANNEL_RC_OK; return CHANNEL_RC_OK;
} }

21
channels/rail/server/rail_main.c
View File

@@ -235,9 +235,10 @@ static UINT rail_write_get_app_id_resp_order(wStream* s,
return ERROR_INVALID_PARAMETER; return ERROR_INVALID_PARAMETER;
Stream_Write_UINT32(s, getAppidResp->windowId); /* WindowId (4 bytes) */ Stream_Write_UINT32(s, getAppidResp->windowId); /* WindowId (4 bytes) */
Stream_Write_UTF16_String( if (!Stream_Write_UTF16_String(
s, getAppidResp->applicationId, s, getAppidResp->applicationId,
ARRAYSIZE(getAppidResp->applicationId)); /* ApplicationId (512 bytes) */ ARRAYSIZE(getAppidResp->applicationId))) /* ApplicationId (512 bytes) */
return ERROR_INVALID_DATA;
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
@@ -253,13 +254,15 @@ static UINT rail_write_get_appid_resp_ex_order(wStream* s,
return ERROR_INVALID_PARAMETER; return ERROR_INVALID_PARAMETER;
Stream_Write_UINT32(s, getAppidRespEx->windowID); /* WindowId (4 bytes) */ Stream_Write_UINT32(s, getAppidRespEx->windowID); /* WindowId (4 bytes) */
Stream_Write_UTF16_String( if (!Stream_Write_UTF16_String(
s, getAppidRespEx->applicationID, s, getAppidRespEx->applicationID,
ARRAYSIZE(getAppidRespEx->applicationID)); /* ApplicationId (520 bytes) */ ARRAYSIZE(getAppidRespEx->applicationID))) /* ApplicationId (520 bytes) */
return ERROR_INVALID_DATA;
Stream_Write_UINT32(s, getAppidRespEx->processId); /* ProcessId (4 bytes) */ Stream_Write_UINT32(s, getAppidRespEx->processId); /* ProcessId (4 bytes) */
Stream_Write_UTF16_String( if (!Stream_Write_UTF16_String(
s, getAppidRespEx->processImageName, s, getAppidRespEx->processImageName,
ARRAYSIZE(getAppidRespEx->processImageName)); /* ProcessImageName (520 bytes) */ ARRAYSIZE(getAppidRespEx->processImageName))) /* ProcessImageName (520 bytes) */
return ERROR_INVALID_DATA;
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }

40
libfreerdp/core/gateway/rdg.c
View File

@@ -514,7 +514,7 @@ static BOOL rdg_send_extauth_sspi(rdpRdg* rdg)
static BOOL rdg_send_tunnel_request(rdpRdg* rdg) static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
{ {
wStream* s = nullptr; wStream* s = nullptr;
BOOL status = 0; BOOL status = FALSE;
UINT32 packetSize = 16; UINT32 packetSize = 16;
UINT16 fieldsPresent = 0; UINT16 fieldsPresent = 0;
WCHAR* PAACookie = nullptr; WCHAR* PAACookie = nullptr;
@@ -529,10 +529,7 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen); ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen);
if (!PAACookie || (PAACookieLen > UINT16_MAX / sizeof(WCHAR))) if (!PAACookie || (PAACookieLen > UINT16_MAX / sizeof(WCHAR)))
{ goto fail;
free(PAACookie);
return FALSE;
}
PAACookieLen += 1; /* include \0 */ PAACookieLen += 1; /* include \0 */
packetSize += 2 + (UINT32)(PAACookieLen) * sizeof(WCHAR); packetSize += 2 + (UINT32)(PAACookieLen) * sizeof(WCHAR);
@@ -542,10 +539,7 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
s = Stream_New(nullptr, packetSize); s = Stream_New(nullptr, packetSize);
if (!s) if (!s)
{ goto fail;
free(PAACookie);
return FALSE;
}
Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE); /* Type (2 bytes) */ Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE); /* Type (2 bytes) */
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */ Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
@@ -557,11 +551,14 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
if (PAACookie) if (PAACookie)
{ {
Stream_Write_UINT16(s, (UINT16)PAACookieLen * sizeof(WCHAR)); /* PAA cookie string length */ Stream_Write_UINT16(s, (UINT16)PAACookieLen * sizeof(WCHAR)); /* PAA cookie string length */
Stream_Write_UTF16_String(s, PAACookie, PAACookieLen); if (!Stream_Write_UTF16_String(s, PAACookie, PAACookieLen))
goto fail;
} }
Stream_SealLength(s); Stream_SealLength(s);
status = rdg_write_packet(rdg, s); status = rdg_write_packet(rdg, s);
fail:
Stream_Free(s, TRUE); Stream_Free(s, TRUE);
free(PAACookie); free(PAACookie);
@@ -576,7 +573,7 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg) static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
{ {
wStream* s = nullptr; wStream* s = nullptr;
BOOL status = 0; BOOL status = FALSE;
WINPR_ASSERT(rdg); WINPR_ASSERT(rdg);
size_t clientNameLen = 0; size_t clientNameLen = 0;
WCHAR* clientName = freerdp_settings_get_string_as_utf16( WCHAR* clientName = freerdp_settings_get_string_as_utf16(
@@ -586,34 +583,29 @@ static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
const size_t packetSize = 12ull + clientNameLen * sizeof(WCHAR); const size_t packetSize = 12ull + clientNameLen * sizeof(WCHAR);
if (!clientName || (clientNameLen >= UINT16_MAX / sizeof(WCHAR)) || (packetSize > UINT32_MAX)) if (!clientName || (clientNameLen >= UINT16_MAX / sizeof(WCHAR)) || (packetSize > UINT32_MAX))
{ goto fail;
free(clientName);
return FALSE;
}
s = Stream_New(nullptr, packetSize); s = Stream_New(nullptr, packetSize);
if (!s) if (!s)
{ goto fail;
free(clientName);
return FALSE;
}
Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH); /* Type (2 bytes) */ Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH); /* Type (2 bytes) */
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */ Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
Stream_Write_UINT32(s, (UINT32)packetSize); /* PacketLength (4 bytes) */ Stream_Write_UINT32(s, (UINT32)packetSize); /* PacketLength (4 bytes) */
Stream_Write_UINT16(s, 0); /* FieldsPresent (2 bytes) */ Stream_Write_UINT16(s, 0); /* FieldsPresent (2 bytes) */
Stream_Write_UINT16(s, (UINT16)clientNameLen * sizeof(WCHAR)); /* Client name string length */ Stream_Write_UINT16(s, (UINT16)clientNameLen * sizeof(WCHAR)); /* Client name string length */
Stream_Write_UTF16_String(s, clientName, clientNameLen); if (!Stream_Write_UTF16_String(s, clientName, clientNameLen))
goto fail;
Stream_SealLength(s); Stream_SealLength(s);
status = rdg_write_packet(rdg, s); status = rdg_write_packet(rdg, s);
fail:
Stream_Free(s, TRUE); Stream_Free(s, TRUE);
free(clientName); free(clientName);
if (status) if (status)
{
rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE; rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE;
}
return status; return status;
} }
@@ -648,7 +640,9 @@ static BOOL rdg_send_channel_create(rdpRdg* rdg)
(UINT16)rdg->context->settings->ServerPort); /* Resource port (2 bytes) */ (UINT16)rdg->context->settings->ServerPort); /* Resource port (2 bytes) */
Stream_Write_UINT16(s, 3); /* Protocol number (2 bytes) */ Stream_Write_UINT16(s, 3); /* Protocol number (2 bytes) */
Stream_Write_UINT16(s, (UINT16)serverNameLen * sizeof(WCHAR)); Stream_Write_UINT16(s, (UINT16)serverNameLen * sizeof(WCHAR));
Stream_Write_UTF16_String(s, serverName, serverNameLen); if (!Stream_Write_UTF16_String(s, serverName, serverNameLen))
goto fail;
Stream_SealLength(s); Stream_SealLength(s);
status = rdg_write_packet(rdg, s); status = rdg_write_packet(rdg, s);
fail: fail:

3
libfreerdp/core/gateway/tsg.c
View File

@@ -451,7 +451,8 @@ static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const
Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */ Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */ Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */ Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
Stream_Write_UTF16_String(s, str, length); /* Array */ if (!Stream_Write_UTF16_String(s, str, length)) /* Array */
return FALSE;
Stream_Zero(s, pad); Stream_Zero(s, pad);
return TRUE; return TRUE;
} }

9
libfreerdp/core/orders.c
View File

@@ -2856,8 +2856,9 @@ static CACHE_GLYPH_ORDER* update_read_cache_glyph_order(rdpUpdate* update, wStre
sizeof(WCHAR))) sizeof(WCHAR)))
goto fail; goto fail;
Stream_Read_UTF16_String(s, cache_glyph_order->unicodeCharacters, if (!Stream_Read_UTF16_String(s, cache_glyph_order->unicodeCharacters,
cache_glyph_order->cGlyphs); cache_glyph_order->cGlyphs))
goto fail;
} }
return cache_glyph_order; return cache_glyph_order;
@@ -2959,7 +2960,9 @@ static CACHE_GLYPH_V2_ORDER* update_read_cache_glyph_v2_order(rdpUpdate* update,
if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cache_glyph_v2->cGlyphs, sizeof(WCHAR))) if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cache_glyph_v2->cGlyphs, sizeof(WCHAR)))
goto fail; goto fail;
Stream_Read_UTF16_String(s, cache_glyph_v2->unicodeCharacters, cache_glyph_v2->cGlyphs); if (!Stream_Read_UTF16_String(s, cache_glyph_v2->unicodeCharacters,
cache_glyph_v2->cGlyphs))
goto fail;
} }
return cache_glyph_v2; return cache_glyph_v2;

10
libfreerdp/utils/cliprdr_utils.c
View File

@@ -137,9 +137,8 @@ BOOL cliprdr_read_filedescriptor(wStream* s, FILEDESCRIPTORW* descriptor)
descriptor->ftLastWriteTime = uint64_to_filetime(tmp); descriptor->ftLastWriteTime = uint64_to_filetime(tmp);
Stream_Read_UINT32(s, descriptor->nFileSizeHigh); /* fileSizeHigh (4 bytes) */ Stream_Read_UINT32(s, descriptor->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
Stream_Read_UINT32(s, descriptor->nFileSizeLow); /* fileSizeLow (4 bytes) */ Stream_Read_UINT32(s, descriptor->nFileSizeLow); /* fileSizeLow (4 bytes) */
Stream_Read_UTF16_String(s, descriptor->cFileName, return Stream_Read_UTF16_String(s, descriptor->cFileName,
ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */ ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */
return TRUE;
} }
BOOL cliprdr_write_filedescriptor(wStream* s, const FILEDESCRIPTORW* descriptor) BOOL cliprdr_write_filedescriptor(wStream* s, const FILEDESCRIPTORW* descriptor)
@@ -166,9 +165,8 @@ BOOL cliprdr_write_filedescriptor(wStream* s, const FILEDESCRIPTORW* descriptor)
s, filetime_to_uint64(descriptor->ftLastWriteTime)); /* lastWriteTime (8 bytes) */ s, filetime_to_uint64(descriptor->ftLastWriteTime)); /* lastWriteTime (8 bytes) */
Stream_Write_UINT32(s, descriptor->nFileSizeHigh); /* fileSizeHigh (4 bytes) */ Stream_Write_UINT32(s, descriptor->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
Stream_Write_UINT32(s, descriptor->nFileSizeLow); /* fileSizeLow (4 bytes) */ Stream_Write_UINT32(s, descriptor->nFileSizeLow); /* fileSizeLow (4 bytes) */
Stream_Write_UTF16_String(s, descriptor->cFileName, return Stream_Write_UTF16_String(s, descriptor->cFileName,
ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */ ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */
return TRUE;
} }
/** /**