mirror of
https://github.com/morgan9e/FreeRDP
synced 2026-04-15 00:44:19 +09:00
[winpr,stream] Fix Stream_SetPosition return checks
This commit is contained in:
Armin Novak
@@ -279,7 +279,8 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c
|
||||
Stream_Write_UINT8(out, MSG_SNDIN_FORMATS); /* Header (1 byte) */
|
||||
Stream_Write_UINT32(out, callback->formats_count); /* NumFormats (4 bytes) */
|
||||
Stream_Write_UINT32(out, cbSizeFormatsPacket); /* cbSizeFormatsPacket (4 bytes) */
|
||||
Stream_SetPosition(out, cbSizeFormatsPacket);
|
||||
if (!Stream_SetPosition(out, cbSizeFormatsPacket))
|
||||
goto out;
|
||||
error = audin_channel_write_and_free(callback, out, FALSE);
|
||||
out:
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ CliprdrClientContext* cliprdr_get_client_interface(cliprdrPlugin* cliprdr)
|
||||
*/
|
||||
static UINT cliprdr_packet_send(cliprdrPlugin* cliprdr, wStream* s)
|
||||
{
|
||||
UINT status = CHANNEL_RC_OK;
|
||||
UINT status = ERROR_INVALID_DATA;
|
||||
|
||||
WINPR_ASSERT(cliprdr);
|
||||
WINPR_ASSERT(s);
|
||||
@@ -71,16 +71,16 @@ static UINT cliprdr_packet_send(cliprdrPlugin* cliprdr, wStream* s)
|
||||
|
||||
const uint32_t dataLen = WINPR_ASSERTING_INT_CAST(uint32_t, pos - 8UL);
|
||||
|
||||
Stream_SetPosition(s, 4);
|
||||
if (!Stream_SetPosition(s, 4))
|
||||
goto fail;
|
||||
Stream_Write_UINT32(s, dataLen);
|
||||
Stream_SetPosition(s, pos);
|
||||
if (!Stream_SetPosition(s, pos))
|
||||
goto fail;
|
||||
|
||||
WLog_Print(cliprdr->log, WLOG_DEBUG, "Cliprdr Sending (%" PRIuz " bytes)", pos);
|
||||
|
||||
if (!cliprdr)
|
||||
{
|
||||
status = CHANNEL_RC_BAD_INIT_HANDLE;
|
||||
}
|
||||
else
|
||||
{
|
||||
WINPR_ASSERT(cliprdr->channelEntryPoints.pVirtualChannelWriteEx);
|
||||
@@ -89,6 +89,7 @@ static UINT cliprdr_packet_send(cliprdrPlugin* cliprdr, wStream* s)
|
||||
(UINT32)Stream_GetPosition(s), s);
|
||||
}
|
||||
|
||||
fail:
|
||||
if (status != CHANNEL_RC_OK)
|
||||
{
|
||||
Stream_Free(s, TRUE);
|
||||
|
||||
@@ -94,7 +94,8 @@ static UINT cliprdr_server_packet_send(CliprdrServerPrivate* cliprdr, wStream* s
|
||||
}
|
||||
|
||||
dataLen = (UINT32)(pos - 8);
|
||||
Stream_SetPosition(s, 4);
|
||||
if (!Stream_SetPosition(s, 4))
|
||||
goto fail;
|
||||
Stream_Write_UINT32(s, dataLen);
|
||||
|
||||
WINPR_ASSERT(pos <= UINT32_MAX);
|
||||
@@ -1116,7 +1117,8 @@ static UINT cliprdr_server_read(CliprdrServerContext* context)
|
||||
return CHANNEL_RC_NO_MEMORY;
|
||||
}
|
||||
|
||||
Stream_SetPosition(s, position);
|
||||
if (!Stream_SetPosition(s, position))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
if (Stream_GetPosition(s) < (header.dataLen + CLIPRDR_HEADER_LENGTH))
|
||||
{
|
||||
@@ -1147,9 +1149,11 @@ static UINT cliprdr_server_read(CliprdrServerContext* context)
|
||||
|
||||
if (Stream_GetPosition(s) >= (header.dataLen + CLIPRDR_HEADER_LENGTH))
|
||||
{
|
||||
Stream_SetPosition(s, (header.dataLen + CLIPRDR_HEADER_LENGTH));
|
||||
if (!Stream_SetPosition(s, (header.dataLen + CLIPRDR_HEADER_LENGTH)))
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_SealLength(s);
|
||||
Stream_SetPosition(s, CLIPRDR_HEADER_LENGTH);
|
||||
if (!Stream_SetPosition(s, CLIPRDR_HEADER_LENGTH))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
if ((error = cliprdr_server_receive_pdu(context, s, &header)))
|
||||
{
|
||||
|
||||
@@ -251,7 +251,8 @@ static UINT disp_server_receive_pdu(DispServerContext* context, wStream* s)
|
||||
{
|
||||
WLog_ERR(TAG, "Unexpected DISP pdu end: Actual: %" PRIuz ", Expected: %" PRIuz "", end,
|
||||
(beg + header.length));
|
||||
Stream_SetPosition(s, (beg + header.length));
|
||||
if (!Stream_SetPosition(s, (beg + header.length)))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
return error;
|
||||
|
||||
@@ -966,7 +966,6 @@ static UINT drdynvc_send(drdynvcPlugin* drdynvc, wStream* s)
|
||||
static UINT drdynvc_write_data(drdynvcPlugin* drdynvc, UINT32 ChannelId, const BYTE* data,
|
||||
UINT32 dataSize, BOOL* close)
|
||||
{
|
||||
wStream* data_out = nullptr;
|
||||
size_t pos = 0;
|
||||
UINT8 cbChId = 0;
|
||||
UINT8 cbLen = 0;
|
||||
@@ -981,7 +980,7 @@ static UINT drdynvc_write_data(drdynvcPlugin* drdynvc, UINT32 ChannelId, const B
|
||||
|
||||
WLog_Print(drdynvc->log, WLOG_TRACE, "write_data: ChannelId=%" PRIu32 " size=%" PRIu32 "",
|
||||
ChannelId, dataSize);
|
||||
data_out = StreamPool_Take(dvcman->pool, CHANNEL_CHUNK_LENGTH);
|
||||
wStream* data_out = StreamPool_Take(dvcman->pool, CHANNEL_CHUNK_LENGTH);
|
||||
|
||||
if (!data_out)
|
||||
{
|
||||
@@ -989,7 +988,11 @@ static UINT drdynvc_write_data(drdynvcPlugin* drdynvc, UINT32 ChannelId, const B
|
||||
return CHANNEL_RC_NO_MEMORY;
|
||||
}
|
||||
|
||||
Stream_SetPosition(data_out, 1);
|
||||
if (!Stream_SetPosition(data_out, 1))
|
||||
{
|
||||
Stream_Release(data_out);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
cbChId = drdynvc_write_variable_uint(data_out, ChannelId);
|
||||
pos = Stream_GetPosition(data_out);
|
||||
|
||||
@@ -1003,7 +1006,11 @@ static UINT drdynvc_write_data(drdynvcPlugin* drdynvc, UINT32 ChannelId, const B
|
||||
{
|
||||
Stream_ResetPosition(data_out);
|
||||
Stream_Write_UINT8(data_out, (DATA_PDU << 4) | cbChId);
|
||||
Stream_SetPosition(data_out, pos);
|
||||
if (!Stream_SetPosition(data_out, pos))
|
||||
{
|
||||
Stream_Release(data_out);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
Stream_Write(data_out, data, dataSize);
|
||||
status = drdynvc_send(drdynvc, data_out);
|
||||
}
|
||||
@@ -1016,7 +1023,11 @@ static UINT drdynvc_write_data(drdynvcPlugin* drdynvc, UINT32 ChannelId, const B
|
||||
|
||||
const INT32 pdu = (DATA_FIRST_PDU << 4) | cbChId | (cbLen << 2);
|
||||
Stream_Write_UINT8(data_out, WINPR_ASSERTING_INT_CAST(UINT8, pdu));
|
||||
Stream_SetPosition(data_out, pos);
|
||||
if (!Stream_SetPosition(data_out, pos))
|
||||
{
|
||||
Stream_Release(data_out);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
{
|
||||
WINPR_ASSERT(pos <= CHANNEL_CHUNK_LENGTH);
|
||||
@@ -1039,12 +1050,21 @@ static UINT drdynvc_write_data(drdynvcPlugin* drdynvc, UINT32 ChannelId, const B
|
||||
return CHANNEL_RC_NO_MEMORY;
|
||||
}
|
||||
|
||||
Stream_SetPosition(data_out, 1);
|
||||
if (!Stream_SetPosition(data_out, 1))
|
||||
{
|
||||
Stream_Release(data_out);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
cbChId = drdynvc_write_variable_uint(data_out, ChannelId);
|
||||
pos = Stream_GetPosition(data_out);
|
||||
Stream_ResetPosition(data_out);
|
||||
Stream_Write_UINT8(data_out, (DATA_PDU << 4) | cbChId);
|
||||
Stream_SetPosition(data_out, pos);
|
||||
if (!Stream_SetPosition(data_out, pos))
|
||||
{
|
||||
Stream_Release(data_out);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
uint32_t chunkLength = dataSize;
|
||||
|
||||
@@ -1246,7 +1266,8 @@ static UINT drdynvc_process_create_request(drdynvcPlugin* drdynvc, UINT8 Sp, UIN
|
||||
}
|
||||
|
||||
Stream_Write_UINT8(data_out, (CREATE_REQUEST_PDU << 4) | cbChId);
|
||||
Stream_SetPosition(s, 1);
|
||||
if (!Stream_SetPosition(s, 1))
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_Copy(s, data_out, pos - 1);
|
||||
|
||||
channel =
|
||||
|
||||
@@ -176,7 +176,8 @@ static UINT encomsp_recv_filter_updated_pdu(encomspPlugin* encomsp, wStream* s,
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->FilterUpdated, error, context, &pdu);
|
||||
@@ -237,7 +238,8 @@ static UINT encomsp_recv_application_created_pdu(encomspPlugin* encomsp, wStream
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ApplicationCreated, error, context, &pdu);
|
||||
@@ -290,7 +292,8 @@ static UINT encomsp_recv_application_removed_pdu(encomspPlugin* encomsp, wStream
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ApplicationRemoved, error, context, &pdu);
|
||||
@@ -352,7 +355,8 @@ static UINT encomsp_recv_window_created_pdu(encomspPlugin* encomsp, wStream* s,
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->WindowCreated, error, context, &pdu);
|
||||
@@ -405,7 +409,8 @@ static UINT encomsp_recv_window_removed_pdu(encomspPlugin* encomsp, wStream* s,
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->WindowRemoved, error, context, &pdu);
|
||||
@@ -458,7 +463,8 @@ static UINT encomsp_recv_show_window_pdu(encomspPlugin* encomsp, wStream* s,
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ShowWindow, error, context, &pdu);
|
||||
@@ -520,7 +526,8 @@ static UINT encomsp_recv_participant_created_pdu(encomspPlugin* encomsp, wStream
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ParticipantCreated, error, context, &pdu);
|
||||
@@ -572,7 +579,8 @@ static UINT encomsp_recv_participant_removed_pdu(encomspPlugin* encomsp, wStream
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ParticipantRemoved, error, context, &pdu);
|
||||
@@ -626,7 +634,8 @@ static UINT encomsp_recv_change_participant_control_level_pdu(encomspPlugin* enc
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ChangeParticipantControlLevel, error, context, &pdu);
|
||||
@@ -713,7 +722,8 @@ static UINT encomsp_recv_graphics_stream_paused_pdu(encomspPlugin* encomsp, wStr
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->GraphicsStreamPaused, error, context, &pdu);
|
||||
@@ -762,7 +772,8 @@ static UINT encomsp_recv_graphics_stream_resumed_pdu(encomspPlugin* encomsp, wSt
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)(body - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, body);
|
||||
if (!Stream_SetPosition(s, body))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->GraphicsStreamResumed, error, context, &pdu);
|
||||
|
||||
@@ -84,7 +84,8 @@ static UINT encomsp_recv_change_participant_control_level_pdu(EncomspServerConte
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, s, (size_t)((beg + header->Length) - end)))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_SetPosition(s, (beg + header->Length));
|
||||
if (!Stream_SetPosition(s, (beg + header->Length)))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
IFCALLRET(context->ChangeParticipantControlLevel, error, context, &pdu);
|
||||
|
||||
@@ -179,7 +179,8 @@ static UINT gfxredir_server_receive_pdu(GfxRedirServerContext* context, wStream*
|
||||
{
|
||||
WLog_ERR(TAG, "Unexpected GFXREDIR pdu end: Actual: %" PRIuz ", Expected: %" PRIuz "", end,
|
||||
(beg + header.length));
|
||||
Stream_SetPosition(s, (beg + header.length));
|
||||
if (!Stream_SetPosition(s, (beg + header.length)))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
return error;
|
||||
|
||||
@@ -103,7 +103,8 @@ static UINT location_channel_send(IWTSVirtualChannel* channel, wStream* s)
|
||||
if (len > UINT32_MAX)
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
|
||||
Stream_SetPosition(s, 2);
|
||||
if (!Stream_SetPosition(s, 2))
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_Write_UINT32(s, (UINT32)len);
|
||||
|
||||
WINPR_ASSERT(channel);
|
||||
|
||||
@@ -42,7 +42,6 @@ static BOOL rail_is_feature_supported(const rdpContext* context, UINT32 featureM
|
||||
UINT rail_send_pdu(railPlugin* rail, wStream* s, UINT16 orderType)
|
||||
{
|
||||
char buffer[128] = WINPR_C_ARRAY_INIT;
|
||||
UINT16 orderLength = 0;
|
||||
|
||||
if (!rail || !s)
|
||||
{
|
||||
@@ -50,13 +49,19 @@ UINT rail_send_pdu(railPlugin* rail, wStream* s, UINT16 orderType)
|
||||
return ERROR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
orderLength = (UINT16)Stream_GetPosition(s);
|
||||
const UINT16 orderLength = (UINT16)Stream_GetPosition(s);
|
||||
Stream_ResetPosition(s);
|
||||
rail_write_pdu_header(s, orderType, orderLength);
|
||||
Stream_SetPosition(s, orderLength);
|
||||
if (!rail_write_pdu_header(s, orderType, orderLength))
|
||||
goto fail;
|
||||
if (!Stream_SetPosition(s, orderLength))
|
||||
goto fail;
|
||||
WLog_Print(rail->log, WLOG_DEBUG, "Sending %s PDU, length: %" PRIu16 "",
|
||||
rail_get_order_type_string_full(orderType, buffer, sizeof(buffer)), orderLength);
|
||||
return rail_send_channel_data(rail, s);
|
||||
|
||||
fail:
|
||||
Stream_Free(s, TRUE);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -113,10 +113,13 @@ UINT rail_read_pdu_header(wStream* s, UINT16* orderType, UINT16* orderLength)
|
||||
return CHANNEL_RC_OK;
|
||||
}
|
||||
|
||||
void rail_write_pdu_header(wStream* s, UINT16 orderType, UINT16 orderLength)
|
||||
BOOL rail_write_pdu_header(wStream* s, UINT16 orderType, UINT16 orderLength)
|
||||
{
|
||||
if (!Stream_EnsureRemainingCapacity(s, 4))
|
||||
return FALSE;
|
||||
Stream_Write_UINT16(s, orderType); /* orderType (2 bytes) */
|
||||
Stream_Write_UINT16(s, orderLength); /* orderLength (2 bytes) */
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
wStream* rail_pdu_init(size_t length)
|
||||
|
||||
@@ -72,8 +72,9 @@ WINPR_ATTR_NODISCARD FREERDP_LOCAL wStream* rail_pdu_init(size_t length);
|
||||
WINPR_ATTR_NODISCARD FREERDP_LOCAL UINT rail_read_pdu_header(wStream* s, UINT16* orderType,
|
||||
UINT16* orderLength);
|
||||
|
||||
WINPR_ATTR_NODISCARD
|
||||
FREERDP_LOCAL
|
||||
void rail_write_pdu_header(wStream* s, UINT16 orderType, UINT16 orderLength);
|
||||
BOOL rail_write_pdu_header(wStream* s, UINT16 orderType, UINT16 orderLength);
|
||||
|
||||
WINPR_ATTR_NODISCARD FREERDP_LOCAL UINT
|
||||
rail_write_unicode_string(wStream* s, const RAIL_UNICODE_STRING* unicode_string);
|
||||
|
||||
@@ -71,11 +71,17 @@ static UINT rail_server_send_pdu(RailServerContext* context, wStream* s, UINT16
|
||||
|
||||
orderLength = (UINT16)Stream_GetPosition(s);
|
||||
Stream_ResetPosition(s);
|
||||
rail_write_pdu_header(s, orderType, orderLength);
|
||||
Stream_SetPosition(s, orderLength);
|
||||
if (!rail_write_pdu_header(s, orderType, orderLength))
|
||||
goto fail;
|
||||
if (!Stream_SetPosition(s, orderLength))
|
||||
goto fail;
|
||||
WLog_DBG(TAG, "Sending %s PDU, length: %" PRIu16 "",
|
||||
rail_get_order_type_string_full(orderType, buffer, sizeof(buffer)), orderLength);
|
||||
return rail_send(context, s, orderLength);
|
||||
|
||||
fail:
|
||||
Stream_Free(s, TRUE);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -68,14 +68,18 @@ static UINT irp_complete(IRP* irp)
|
||||
rdpdrPlugin* rdpdr = (rdpdrPlugin*)irp->devman->plugin;
|
||||
WINPR_ASSERT(rdpdr);
|
||||
|
||||
UINT error = ERROR_INVALID_DATA;
|
||||
|
||||
const size_t pos = Stream_GetPosition(irp->output);
|
||||
Stream_SetPosition(irp->output, RDPDR_DEVICE_IO_RESPONSE_LENGTH - 4);
|
||||
if (!Stream_SetPosition(irp->output, RDPDR_DEVICE_IO_RESPONSE_LENGTH - 4))
|
||||
goto fail;
|
||||
Stream_Write_INT32(irp->output, irp->IoStatus); /* IoStatus (4 bytes) */
|
||||
Stream_SetPosition(irp->output, pos);
|
||||
if (!Stream_SetPosition(irp->output, pos))
|
||||
goto fail;
|
||||
|
||||
const UINT error = rdpdr_send(rdpdr, irp->output);
|
||||
error = rdpdr_send(rdpdr, irp->output);
|
||||
irp->output = nullptr;
|
||||
|
||||
fail:
|
||||
irp_free(irp);
|
||||
return error;
|
||||
}
|
||||
|
||||
@@ -1482,9 +1482,17 @@ static UINT rdpdr_send_device_list_announce_request(rdpdrPlugin* rdpdr, BOOL use
|
||||
return CHANNEL_RC_OK;
|
||||
}
|
||||
pos = Stream_GetPosition(s);
|
||||
Stream_SetPosition(s, count_pos);
|
||||
if (!Stream_SetPosition(s, count_pos))
|
||||
{
|
||||
Stream_Release(s);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
Stream_Write_UINT32(s, arg.count);
|
||||
Stream_SetPosition(s, pos);
|
||||
if (!Stream_SetPosition(s, pos))
|
||||
{
|
||||
Stream_Release(s);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
Stream_SealLength(s);
|
||||
return rdpdr_send(rdpdr, s);
|
||||
}
|
||||
@@ -1514,7 +1522,11 @@ static UINT dummy_irp_response(rdpdrPlugin* rdpdr, wStream* s)
|
||||
return CHANNEL_RC_NO_MEMORY;
|
||||
}
|
||||
|
||||
Stream_SetPosition(s, 4); /* see "rdpdr_process_receive" */
|
||||
if (!Stream_SetPosition(s, 4)) /* see "rdpdr_process_receive" */
|
||||
{
|
||||
Stream_Release(output);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
const uint32_t DeviceId = Stream_Get_UINT32(s); /* DeviceId (4 bytes) */
|
||||
const uint32_t FileId = Stream_Get_UINT32(s); /* FileId (4 bytes) */
|
||||
|
||||
@@ -233,7 +233,8 @@ static UINT rdpei_send_pdu(GENERIC_CHANNEL_CALLBACK* callback, wStream* s, UINT1
|
||||
Stream_ResetPosition(s);
|
||||
Stream_Write_UINT16(s, eventId); /* eventId (2 bytes) */
|
||||
Stream_Write_UINT32(s, (UINT32)pduLength); /* pduLength (4 bytes) */
|
||||
Stream_SetPosition(s, Stream_Length(s));
|
||||
if (!Stream_SetPosition(s, Stream_Length(s)))
|
||||
return ERROR_INVALID_DATA;
|
||||
const UINT status = callback->channel->Write(callback->channel, (UINT32)Stream_Length(s),
|
||||
Stream_Buffer(s), nullptr);
|
||||
#ifdef WITH_DEBUG_RDPEI
|
||||
|
||||
@@ -2001,7 +2001,8 @@ static UINT rdpgfx_recv_pdu(GENERIC_CHANNEL_CALLBACK* callback, wStream* s)
|
||||
{
|
||||
WLog_Print(gfx->log, WLOG_ERROR, "Error while processing GFX cmdId: %s (0x%04" PRIX16 ")",
|
||||
rdpgfx_get_cmd_id_string(header.cmdId), header.cmdId);
|
||||
Stream_SetPosition(s, (beg + header.pduLength));
|
||||
if (!Stream_SetPosition(s, (beg + header.pduLength)))
|
||||
return ERROR_INVALID_DATA;
|
||||
return error;
|
||||
}
|
||||
|
||||
@@ -2012,7 +2013,8 @@ static UINT rdpgfx_recv_pdu(GENERIC_CHANNEL_CALLBACK* callback, wStream* s)
|
||||
WLog_Print(gfx->log, WLOG_ERROR,
|
||||
"Unexpected gfx pdu end: Actual: %" PRIuz ", Expected: %" PRIuz, end,
|
||||
(beg + header.pduLength));
|
||||
Stream_SetPosition(s, (beg + header.pduLength));
|
||||
if (!Stream_SetPosition(s, (beg + header.pduLength)))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
return error;
|
||||
|
||||
@@ -102,10 +102,10 @@ static inline BOOL rdpgfx_server_packet_complete_header(wStream* s, size_t start
|
||||
if ((start > UINT32_MAX) || (current < start))
|
||||
return FALSE;
|
||||
/* Fill actual length */
|
||||
Stream_SetPosition(s, start + RDPGFX_HEADER_SIZE - sizeof(UINT32));
|
||||
if (!Stream_SetPosition(s, start + RDPGFX_HEADER_SIZE - sizeof(UINT32)))
|
||||
return FALSE;
|
||||
Stream_Write_UINT32(s, (UINT32)(current - start)); /* pduLength (4 bytes) */
|
||||
Stream_SetPosition(s, current);
|
||||
return TRUE;
|
||||
return Stream_SetPosition(s, current);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -312,7 +312,11 @@ static UINT rdpgfx_send_reset_graphics_pdu(RdpgfxServerContext* context,
|
||||
}
|
||||
|
||||
/* pad (total size must be 340 bytes) */
|
||||
Stream_SetPosition(s, RDPGFX_RESET_GRAPHICS_PDU_SIZE);
|
||||
if (!Stream_SetPosition(s, RDPGFX_RESET_GRAPHICS_PDU_SIZE))
|
||||
{
|
||||
Stream_Free(s, TRUE);
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
return rdpgfx_server_single_packet_send(context, s);
|
||||
}
|
||||
|
||||
@@ -764,7 +768,8 @@ static UINT rdpgfx_write_surface_command(wLog* log, wStream* s, const RDPGFX_SUR
|
||||
if (bitmapDataLength > UINT32_MAX)
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
|
||||
Stream_SetPosition(s, bitmapDataStart - sizeof(UINT32));
|
||||
if (!Stream_SetPosition(s, bitmapDataStart - sizeof(UINT32)))
|
||||
return ERROR_INVALID_DATA;
|
||||
if (!Stream_EnsureRemainingCapacity(s, 4))
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
Stream_Write_UINT32(s, (UINT32)bitmapDataLength); /* bitmapDataLength (4 bytes) */
|
||||
@@ -1481,7 +1486,8 @@ static UINT rdpgfx_server_receive_pdu(RdpgfxServerContext* context, wStream* s)
|
||||
WLog_Print(context->priv->log, WLOG_ERROR,
|
||||
"Unexpected gfx pdu end: Actual: %" PRIuz ", Expected: %" PRIuz "", end,
|
||||
(beg + header.pduLength));
|
||||
Stream_SetPosition(s, (beg + header.pduLength));
|
||||
if (!Stream_SetPosition(s, (beg + header.pduLength)))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
return error;
|
||||
|
||||
@@ -89,9 +89,11 @@ static UINT rdpsnd_server_send_formats(RdpsndServerContext* context)
|
||||
goto fail;
|
||||
|
||||
WINPR_ASSERT(pos >= 4);
|
||||
Stream_SetPosition(s, 2);
|
||||
if (!Stream_SetPosition(s, 2))
|
||||
goto fail;
|
||||
Stream_Write_UINT16(s, (UINT16)(pos - 4));
|
||||
Stream_SetPosition(s, pos);
|
||||
if (!Stream_SetPosition(s, pos))
|
||||
goto fail;
|
||||
|
||||
WINPR_ASSERT(context->priv);
|
||||
|
||||
@@ -457,7 +459,8 @@ static UINT rdpsnd_server_training(RdpsndServerContext* context, UINT16 timestam
|
||||
if ((end < 4) || (end > UINT16_MAX))
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
|
||||
Stream_SetPosition(s, 2);
|
||||
if (!Stream_SetPosition(s, 2))
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
Stream_Write_UINT16(s, (UINT16)(end - 4));
|
||||
|
||||
status = WTSVirtualChannelWrite(context->priv->ChannelHandle, Stream_BufferAs(s, char),
|
||||
@@ -536,9 +539,11 @@ static UINT rdpsnd_server_send_wave_pdu(RdpsndServerContext* context, UINT16 wTi
|
||||
const size_t pos = end - start + 8ULL;
|
||||
if (pos > UINT16_MAX)
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
Stream_SetPosition(s, 2);
|
||||
if (!Stream_SetPosition(s, 2))
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
Stream_Write_UINT16(s, (UINT16)pos);
|
||||
Stream_SetPosition(s, end);
|
||||
if (!Stream_SetPosition(s, end))
|
||||
return ERROR_INTERNAL_ERROR;
|
||||
|
||||
if (!WTSVirtualChannelWrite(context->priv->ChannelHandle, Stream_BufferAs(s, char),
|
||||
(UINT32)(start + 4), &written))
|
||||
@@ -554,9 +559,17 @@ static UINT rdpsnd_server_send_wave_pdu(RdpsndServerContext* context, UINT16 wTi
|
||||
goto out;
|
||||
}
|
||||
|
||||
Stream_SetPosition(s, start);
|
||||
if (!Stream_SetPosition(s, start))
|
||||
{
|
||||
error = ERROR_INTERNAL_ERROR;
|
||||
goto out;
|
||||
}
|
||||
Stream_Write_UINT32(s, 0); /* bPad */
|
||||
Stream_SetPosition(s, start);
|
||||
if (!Stream_SetPosition(s, start))
|
||||
{
|
||||
error = ERROR_INTERNAL_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
||||
WINPR_ASSERT((end - start) <= UINT32_MAX);
|
||||
if (!WTSVirtualChannelWrite(context->priv->ChannelHandle, Stream_Pointer(s),
|
||||
@@ -643,7 +656,11 @@ static UINT rdpsnd_server_send_wave2_pdu(RdpsndServerContext* context, UINT16 fo
|
||||
goto out;
|
||||
}
|
||||
|
||||
Stream_SetPosition(s, 2);
|
||||
if (!Stream_SetPosition(s, 2))
|
||||
{
|
||||
error = ERROR_INTERNAL_ERROR;
|
||||
goto out;
|
||||
}
|
||||
Stream_Write_UINT16(s, (UINT16)(end - 4));
|
||||
|
||||
status = WTSVirtualChannelWrite(context->priv->ChannelHandle, Stream_BufferAs(s, char),
|
||||
@@ -835,9 +852,11 @@ static UINT rdpsnd_server_close(RdpsndServerContext* context)
|
||||
Stream_Seek_UINT16(s);
|
||||
const size_t pos = Stream_GetPosition(s);
|
||||
WINPR_ASSERT(pos >= 4);
|
||||
Stream_SetPosition(s, 2);
|
||||
if (!Stream_SetPosition(s, 2))
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_Write_UINT16(s, WINPR_ASSERTING_INT_CAST(uint16_t, pos - 4));
|
||||
Stream_SetPosition(s, pos);
|
||||
if (!Stream_SetPosition(s, pos))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
const size_t len = Stream_GetPosition(s);
|
||||
WINPR_ASSERT(len <= UINT32_MAX);
|
||||
@@ -1099,7 +1118,7 @@ void rdpsnd_server_context_reset(RdpsndServerContext* context)
|
||||
|
||||
context->priv->expectedBytes = 4;
|
||||
context->priv->waitingHeader = TRUE;
|
||||
Stream_SetPosition(context->priv->input_stream, 0);
|
||||
Stream_ResetPosition(context->priv->input_stream);
|
||||
}
|
||||
|
||||
void rdpsnd_server_context_free(RdpsndServerContext* context)
|
||||
|
||||
@@ -594,7 +594,8 @@ BOOL tsmf_codec_check_media_type(const char* decoder_name, wStream* s)
|
||||
pos = Stream_GetPosition(s);
|
||||
if (decoderAvailable)
|
||||
ret = tsmf_codec_parse_media_type(&mediatype, s);
|
||||
Stream_SetPosition(s, pos);
|
||||
if (!Stream_SetPosition(s, pos))
|
||||
return FALSE;
|
||||
|
||||
if (ret)
|
||||
{
|
||||
|
||||
@@ -81,7 +81,8 @@ UINT tsmf_ifman_exchange_capability_request(TSMF_IFMAN* ifman)
|
||||
|
||||
const size_t xpos = Stream_GetPosition(ifman->output);
|
||||
Stream_Copy(ifman->input, ifman->output, ifman->input_size);
|
||||
Stream_SetPosition(ifman->output, xpos);
|
||||
if (!Stream_SetPosition(ifman->output, xpos))
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
if (!Stream_CheckAndLogRequiredLength(TAG, ifman->output, 4))
|
||||
return ERROR_INVALID_DATA;
|
||||
@@ -133,7 +134,8 @@ UINT tsmf_ifman_exchange_capability_request(TSMF_IFMAN* ifman)
|
||||
break;
|
||||
}
|
||||
|
||||
Stream_SetPosition(ifman->output, pos + cbCapabilityLength);
|
||||
if (!Stream_SetPosition(ifman->output, pos + cbCapabilityLength))
|
||||
return ERROR_INVALID_DATA;
|
||||
}
|
||||
|
||||
Stream_Write_UINT32(ifman->output, 0); /* Result */
|
||||
@@ -504,7 +506,8 @@ UINT tsmf_ifman_update_geometry_info(TSMF_IFMAN* ifman)
|
||||
Stream_Read_UINT32(ifman->input, Height);
|
||||
Stream_Read_UINT32(ifman->input, Left);
|
||||
Stream_Read_UINT32(ifman->input, Top);
|
||||
Stream_SetPosition(ifman->input, pos + numGeometryInfo);
|
||||
if (!Stream_SetPosition(ifman->input, pos + numGeometryInfo))
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_Read_UINT32(ifman->input, cbVisibleRect);
|
||||
const UINT32 num_rects = cbVisibleRect / 16;
|
||||
DEBUG_TSMF("numGeometryInfo %" PRIu32 " Width %" PRIu32 " Height %" PRIu32 " Left %" PRIu32
|
||||
|
||||
@@ -265,8 +265,9 @@ static void LIBUSB_CALL func_iso_callback(struct libusb_transfer* transfer)
|
||||
{
|
||||
UINT32 index = 0;
|
||||
BYTE* dataStart = Stream_Pointer(user_data->data);
|
||||
Stream_SetPosition(user_data->data,
|
||||
40); /* TS_URB_ISOCH_TRANSFER_RESULT IsoPacket offset */
|
||||
if (!Stream_SetPosition(user_data->data,
|
||||
40)) /* TS_URB_ISOCH_TRANSFER_RESULT IsoPacket offset */
|
||||
return;
|
||||
|
||||
for (uint32_t i = 0; i < WINPR_ASSERTING_INT_CAST(uint32_t, transfer->num_iso_packets);
|
||||
i++)
|
||||
|
||||
@@ -409,7 +409,8 @@ void urbdrc_dump_message(wLog* log, BOOL client, BOOL write, wStream* s)
|
||||
Stream_Read_UINT32(s, InterfaceId);
|
||||
Stream_Read_UINT32(s, MessageId);
|
||||
Stream_Read_UINT32(s, FunctionId);
|
||||
Stream_SetPosition(s, pos);
|
||||
if (!Stream_SetPosition(s, pos))
|
||||
WLog_Print(log, WLOG_ERROR, "Stream_SetPosition(%" PRIuz ") failed", pos);
|
||||
|
||||
WLog_Print(log, WLOG_DEBUG,
|
||||
"[%-5s] %s [%08" PRIx32 "] InterfaceId=%08" PRIx32 ", MessageId=%08" PRIx32
|
||||
|
||||
Reference in New Issue
Block a user