From 075506f6c8d71393a792a69d104da6f38a47a5b2 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Tue, 24 Jan 2023 14:53:36 +0100 Subject: [PATCH] [winpr,stream] use new Stream_CheckAndLogRequiredLength* --- channels/disp/server/disp_main.c | 4 ++-- channels/encomsp/client/encomsp_main.c | 2 +- channels/encomsp/server/encomsp_main.c | 2 +- channels/rdpgfx/client/rdpgfx_codec.c | 4 ++-- channels/rdpgfx/client/rdpgfx_main.c | 10 +++++----- channels/rdpgfx/server/rdpgfx_main.c | 2 +- channels/rdpsnd/client/rdpsnd_main.c | 2 +- channels/rdpsnd/server/rdpsnd_main.c | 2 +- channels/urbdrc/client/data_transfer.c | 5 ++++- libfreerdp/codec/clear.c | 4 ++-- libfreerdp/codec/progressive.c | 2 +- libfreerdp/codec/rfx.c | 6 +++--- libfreerdp/codec/zgfx.c | 2 +- libfreerdp/core/activation.c | 2 +- libfreerdp/core/gateway/rts.c | 2 +- libfreerdp/core/gcc.c | 2 +- libfreerdp/core/input.c | 2 +- libfreerdp/core/orders.c | 13 +++++++------ libfreerdp/core/rdp.c | 2 +- libfreerdp/core/update.c | 4 ++-- libfreerdp/core/window.c | 7 ++++--- libfreerdp/gdi/gfx.c | 2 +- libfreerdp/utils/cliprdr_utils.c | 2 +- libfreerdp/utils/smartcard_pack.c | 2 +- server/proxy/channels/pf_channel_rdpdr.c | 16 +++++++++------- 25 files changed, 55 insertions(+), 48 deletions(-) diff --git a/channels/disp/server/disp_main.c b/channels/disp/server/disp_main.c index 4bbf14e9a..b9724cf10 100644 --- a/channels/disp/server/disp_main.c +++ b/channels/disp/server/disp_main.c @@ -154,8 +154,8 @@ static UINT disp_recv_display_control_monitor_layout_pdu(wStream* s, DispServerC return ERROR_INVALID_DATA; } - if (!Stream_CheckAndLogRequiredLength( - TAG, s, pdu.NumMonitors * 1ull * DISPLAY_CONTROL_MONITOR_LAYOUT_SIZE)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.NumMonitors, + DISPLAY_CONTROL_MONITOR_LAYOUT_SIZE)) return ERROR_INVALID_DATA; pdu.Monitors = (DISPLAY_CONTROL_MONITOR_LAYOUT*)calloc(pdu.NumMonitors, diff --git a/channels/encomsp/client/encomsp_main.c b/channels/encomsp/client/encomsp_main.c index 8caf4dddd..32b1196a2 100644 --- a/channels/encomsp/client/encomsp_main.c +++ b/channels/encomsp/client/encomsp_main.c @@ -92,7 +92,7 @@ static UINT encomsp_read_unicode_string(wStream* s, ENCOMSP_UNICODE_STRING* str) return ERROR_INVALID_DATA; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, sizeof(WCHAR) * str->cchString)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, str->cchString, sizeof(WCHAR))) return ERROR_INVALID_DATA; Stream_Read(s, &(str->wString), (str->cchString * 2)); /* String (variable) */ diff --git a/channels/encomsp/server/encomsp_main.c b/channels/encomsp/server/encomsp_main.c index 3caf0aa82..593f41e1b 100644 --- a/channels/encomsp/server/encomsp_main.c +++ b/channels/encomsp/server/encomsp_main.c @@ -67,7 +67,7 @@ static int encomsp_read_unicode_string(wStream* s, ENCOMSP_UNICODE_STRING* str) if (str->cchString > 1024) return -1; - if (!Stream_CheckAndLogRequiredLength(TAG, s, (str->cchString * 2ull))) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, str->cchString, sizeof(WCHAR))) return -1; Stream_Read(s, &(str->wString), (str->cchString * 2)); /* String (variable) */ diff --git a/channels/rdpgfx/client/rdpgfx_codec.c b/channels/rdpgfx/client/rdpgfx_codec.c index 7de6f6f79..12ef5e538 100644 --- a/channels/rdpgfx/client/rdpgfx_codec.c +++ b/channels/rdpgfx/client/rdpgfx_codec.c @@ -51,7 +51,7 @@ static UINT rdpgfx_read_h264_metablock(RDPGFX_PLUGIN* gfx, wStream* s, RDPGFX_H2 Stream_Read_UINT32(s, meta->numRegionRects); /* numRegionRects (4 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * meta->numRegionRects)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, meta->numRegionRects, 8ull)) goto error_out; meta->regionRects = (RECTANGLE_16*)calloc(meta->numRegionRects, sizeof(RECTANGLE_16)); @@ -91,7 +91,7 @@ static UINT rdpgfx_read_h264_metablock(RDPGFX_PLUGIN* gfx, wStream* s, RDPGFX_H2 index, regionRect->left, regionRect->top, regionRect->right, regionRect->bottom); } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 2ull * meta->numRegionRects)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, meta->numRegionRects, 2ull)) { error = ERROR_INVALID_DATA; goto error_out; diff --git a/channels/rdpgfx/client/rdpgfx_main.c b/channels/rdpgfx/client/rdpgfx_main.c index a1879965a..0e63b9fd0 100644 --- a/channels/rdpgfx/client/rdpgfx_main.c +++ b/channels/rdpgfx/client/rdpgfx_main.c @@ -521,7 +521,7 @@ static UINT rdpgfx_recv_reset_graphics_pdu(GENERIC_CHANNEL_CALLBACK* callback, w Stream_Read_UINT32(s, pdu.height); /* height (4 bytes) */ Stream_Read_UINT32(s, pdu.monitorCount); /* monitorCount (4 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 20ull * pdu.monitorCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.monitorCount, 20ull)) return ERROR_INVALID_DATA; pdu.monitorDefArray = (MONITOR_DEF*)calloc(pdu.monitorCount, sizeof(MONITOR_DEF)); @@ -1001,7 +1001,7 @@ static UINT rdpgfx_recv_cache_import_reply_pdu(GENERIC_CHANNEL_CALLBACK* callbac Stream_Read_UINT16(s, pdu.importedEntriesCount); /* cacheSlot (2 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 2ull * pdu.importedEntriesCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.importedEntriesCount, 2ull)) return ERROR_INVALID_DATA; if (pdu.importedEntriesCount > RDPGFX_CACHE_ENTRY_MAX_COUNT) @@ -1477,7 +1477,7 @@ static UINT rdpgfx_recv_solid_fill_pdu(GENERIC_CHANNEL_CALLBACK* callback, wStre Stream_Read_UINT16(s, pdu.fillRectCount); /* fillRectCount (2 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * pdu.fillRectCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.fillRectCount, 8ull)) return ERROR_INVALID_DATA; pdu.fillRects = (RECTANGLE_16*)calloc(pdu.fillRectCount, sizeof(RECTANGLE_16)); @@ -1547,7 +1547,7 @@ static UINT rdpgfx_recv_surface_to_surface_pdu(GENERIC_CHANNEL_CALLBACK* callbac Stream_Read_UINT16(s, pdu.destPtsCount); /* destPtsCount (2 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 4ULL * pdu.destPtsCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.destPtsCount, 4ull)) return ERROR_INVALID_DATA; pdu.destPts = (RDPGFX_POINT16*)calloc(pdu.destPtsCount, sizeof(RDPGFX_POINT16)); @@ -1663,7 +1663,7 @@ static UINT rdpgfx_recv_cache_to_surface_pdu(GENERIC_CHANNEL_CALLBACK* callback, Stream_Read_UINT16(s, pdu.surfaceId); /* surfaceId (2 bytes) */ Stream_Read_UINT16(s, pdu.destPtsCount); /* destPtsCount (2 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 4ull * pdu.destPtsCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.destPtsCount, 4ull)) return ERROR_INVALID_DATA; pdu.destPts = (RDPGFX_POINT16*)calloc(pdu.destPtsCount, sizeof(RDPGFX_POINT16)); diff --git a/channels/rdpgfx/server/rdpgfx_main.c b/channels/rdpgfx/server/rdpgfx_main.c index a0a2dca6a..4d6adc52f 100644 --- a/channels/rdpgfx/server/rdpgfx_main.c +++ b/channels/rdpgfx/server/rdpgfx_main.c @@ -1141,7 +1141,7 @@ static UINT rdpgfx_recv_cache_import_offer_pdu(RdpgfxServerContext* context, wSt return ERROR_INVALID_DATA; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 12ull * pdu.cacheEntriesCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, pdu.cacheEntriesCount, 12ull)) return ERROR_INVALID_DATA; for (index = 0; index < pdu.cacheEntriesCount; index++) diff --git a/channels/rdpsnd/client/rdpsnd_main.c b/channels/rdpsnd/client/rdpsnd_main.c index c009507c3..5232ff47b 100644 --- a/channels/rdpsnd/client/rdpsnd_main.c +++ b/channels/rdpsnd/client/rdpsnd_main.c @@ -281,7 +281,7 @@ static UINT rdpsnd_recv_server_audio_formats_pdu(rdpsndPlugin* rdpsnd, wStream* Stream_Seek_UINT8(s); /* bPad */ rdpsnd->NumberOfServerFormats = wNumberOfFormats; - if (!Stream_CheckAndLogRequiredLength(TAG, s, 14ull * wNumberOfFormats)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, wNumberOfFormats, 14ull)) return ERROR_BAD_LENGTH; if (rdpsnd->NumberOfServerFormats > 0) diff --git a/channels/rdpsnd/server/rdpsnd_main.c b/channels/rdpsnd/server/rdpsnd_main.c index 6b8aa553e..a6e2749d8 100644 --- a/channels/rdpsnd/server/rdpsnd_main.c +++ b/channels/rdpsnd/server/rdpsnd_main.c @@ -198,7 +198,7 @@ static UINT rdpsnd_server_recv_formats(RdpsndServerContext* context, wStream* s) Stream_Seek_UINT8(s); /* bPad */ /* this check is only a guess as cbSize can influence the size of a format record */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 18ull * context->num_client_formats)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, context->num_client_formats, 18ull)) return ERROR_INVALID_DATA; if (!context->num_client_formats) diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c index e06af1801..1144682cf 100644 --- a/channels/urbdrc/client/data_transfer.c +++ b/channels/urbdrc/client/data_transfer.c @@ -825,11 +825,14 @@ static UINT urb_isoch_transfer(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBACK* callbac Stream_Read_UINT32(s, NumberOfPackets); /** NumberOfPackets */ Stream_Read_UINT32(s, ErrorCount); /** ErrorCount */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, NumberOfPackets * 12ULL + 4ULL)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, NumberOfPackets, 12ull)) return ERROR_INVALID_DATA; packetDescriptorData = Stream_Pointer(s); Stream_Seek(s, NumberOfPackets * 12); + + if (!Stream_CheckAndLogRequiredLength(TAG, s, sizeof(UINT32))) + return ERROR_INVALID_DATA; Stream_Read_UINT32(s, OutputBufferSize); if (transferDir == USBD_TRANSFER_DIRECTION_OUT) diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c index 7ef29d1b0..c41a51977 100644 --- a/libfreerdp/codec/clear.c +++ b/libfreerdp/codec/clear.c @@ -176,7 +176,7 @@ static BOOL clear_decompress_subcode_rlex(wStream* s, UINT32 bitmapDataByteCount return FALSE; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 3ull * paletteCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, paletteCount, 3ull)) return FALSE; for (i = 0; i < paletteCount; i++) @@ -689,7 +689,7 @@ static BOOL clear_decompress_bands_data(CLEAR_CONTEXT* clear, wStream* s, UINT32 return FALSE; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 3ull * vBarShortPixelCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, vBarShortPixelCount, 3ull)) return FALSE; if (clear->ShortVBarStorageCursor >= CLEARCODEC_VBAR_SHORT_SIZE) diff --git a/libfreerdp/codec/progressive.c b/libfreerdp/codec/progressive.c index 830666d78..d1b0317be 100644 --- a/libfreerdp/codec/progressive.c +++ b/libfreerdp/codec/progressive.c @@ -2253,7 +2253,7 @@ static INLINE INT32 progressive_wb_read_region_header(PROGRESSIVE_CONTEXT* progr } len = Stream_GetRemainingLength(s); - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * region->numRects)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, region->numRects, 8ull)) { WLog_Print(progressive->log, WLOG_ERROR, "ProgressiveRegion data short for region->rects"); return -1015; diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c index 09576beab..baf18ddd4 100644 --- a/libfreerdp/codec/rfx.c +++ b/libfreerdp/codec/rfx.c @@ -516,7 +516,7 @@ static BOOL rfx_process_message_channels(RFX_CONTEXT* context, wStream* s) return FALSE; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 5ull * numChannels)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, numChannels, 5ull)) return FALSE; /* RFX_CHANNELT */ @@ -679,7 +679,7 @@ static BOOL rfx_process_message_region(RFX_CONTEXT* context, RFX_MESSAGE* messag return TRUE; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * message->numRects)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, message->numRects, 8ull)) return FALSE; tmpRects = realloc(message->rects, message->numRects * sizeof(RFX_RECT)); @@ -796,7 +796,7 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa quants = context->quants = (UINT32*)pmem; /* quantVals */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 5ull * context->numQuant)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, context->numQuant, 5ull)) return FALSE; for (i = 0; i < context->numQuant; i++) diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c index f0f839b9c..3f31aca24 100644 --- a/libfreerdp/codec/zgfx.c +++ b/libfreerdp/codec/zgfx.c @@ -421,7 +421,7 @@ int zgfx_decompress(ZGFX_CONTEXT* zgfx, const BYTE* pSrcData, UINT32 SrcSize, BY Stream_Read_UINT16(stream, segmentCount); /* segmentCount (2 bytes) */ Stream_Read_UINT32(stream, uncompressedSize); /* uncompressedSize (4 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, stream, sizeof(UINT32) * segmentCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, stream, segmentCount, sizeof(UINT32))) goto fail; pConcatenated = aligned_zgfx_malloc(uncompressedSize); diff --git a/libfreerdp/core/activation.c b/libfreerdp/core/activation.c index e2908fd91..ca3af6242 100644 --- a/libfreerdp/core/activation.c +++ b/libfreerdp/core/activation.c @@ -46,7 +46,7 @@ static BOOL rdp_recv_sync_pdu(rdpRdp* rdp, wStream* s, const char* what) UINT16 msgType, targetUser; WINPR_UNUSED(rdp); - if (!Stream_CheckAndLogRequiredLengthEx(TAG, WLOG_WARN, s, 4, "%s(%s:%" PRIuz ") %s", + if (!Stream_CheckAndLogRequiredLengthEx(TAG, WLOG_WARN, s, 4, 1, "%s(%s:%" PRIuz ") %s", __FUNCTION__, __FILE__, (size_t)__LINE__, what)) return FALSE; Stream_Read_UINT16(s, msgType); diff --git a/libfreerdp/core/gateway/rts.c b/libfreerdp/core/gateway/rts.c index c0820441f..a428ed8cb 100644 --- a/libfreerdp/core/gateway/rts.c +++ b/libfreerdp/core/gateway/rts.c @@ -371,7 +371,7 @@ static BOOL rts_read_version(wStream* s, p_rt_version_t* version) WINPR_ASSERT(s); WINPR_ASSERT(version); - if (!Stream_CheckAndLogRequiredLength(TAG, s, 2 * sizeof(UINT8))) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, 2, sizeof(UINT8))) return FALSE; Stream_Read_UINT8(s, version->major); Stream_Read_UINT8(s, version->minor); diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c index 65c20e3e4..cc3bd807c 100644 --- a/libfreerdp/core/gcc.c +++ b/libfreerdp/core/gcc.c @@ -2024,7 +2024,7 @@ BOOL gcc_read_server_network_data(wStream* s, rdpMcs* mcs) mcs->channelCount = channelCount; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 2ull * channelCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, channelCount, 2ull)) return FALSE; for (UINT32 i = 0; i < parsedChannelCount; i++) diff --git a/libfreerdp/core/input.c b/libfreerdp/core/input.c index 77149fcaa..5de34470a 100644 --- a/libfreerdp/core/input.c +++ b/libfreerdp/core/input.c @@ -692,7 +692,7 @@ BOOL input_recv(rdpInput* input, wStream* s) Stream_Seek(s, 2); /* pad2Octets (2 bytes) */ /* Each input event uses 6 exactly bytes. */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 6ull * numberEvents)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, numberEvents, 6ull)) return FALSE; for (i = 0; i < numberEvents; i++) diff --git a/libfreerdp/core/orders.c b/libfreerdp/core/orders.c index b5851cfed..ee604c390 100644 --- a/libfreerdp/core/orders.c +++ b/libfreerdp/core/orders.c @@ -2457,7 +2457,7 @@ static CACHE_COLOR_TABLE_ORDER* update_read_cache_color_table_order(rdpUpdate* u goto fail; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 4ull * cache_color_table->numberColors)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cache_color_table->numberColors, 4ull)) goto fail; colorTable = (UINT32*)&cache_color_table->colorTable; @@ -2557,7 +2557,8 @@ static CACHE_GLYPH_ORDER* update_read_cache_glyph_order(rdpUpdate* update, wStre if (!cache_glyph_order->unicodeCharacters) goto fail; - if (!Stream_CheckAndLogRequiredLength(TAG, s, sizeof(WCHAR) * cache_glyph_order->cGlyphs)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cache_glyph_order->cGlyphs, + sizeof(WCHAR))) goto fail; Stream_Read_UTF16_String(s, cache_glyph_order->unicodeCharacters, @@ -2664,7 +2665,7 @@ static CACHE_GLYPH_V2_ORDER* update_read_cache_glyph_v2_order(rdpUpdate* update, if (!cache_glyph_v2->unicodeCharacters) goto fail; - if (!Stream_CheckAndLogRequiredLength(TAG, s, sizeof(WCHAR) * cache_glyph_v2->cGlyphs)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cache_glyph_v2->cGlyphs, sizeof(WCHAR))) goto fail; Stream_Read_UTF16_String(s, cache_glyph_v2->unicodeCharacters, cache_glyph_v2->cGlyphs); @@ -2729,7 +2730,7 @@ static BOOL update_decompress_brush(wStream* s, BYTE* output, size_t outSize, BY const BYTE* palette = Stream_Pointer(s) + 16; const size_t bytesPerPixel = ((bpp + 1) / 8); - if (!Stream_CheckAndLogRequiredLength(TAG, s, 16ULL + bytesPerPixel * 4ULL)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, 4ULL + bytesPerPixel, 4ULL)) return FALSE; for (y = 7; y >= 0; y--) @@ -2829,7 +2830,7 @@ static CACHE_BRUSH_ORDER* update_read_cache_brush_order(rdpUpdate* update, wStre /* uncompressed brush */ UINT32 scanline = (cache_brush->bpp / 8) * 8; - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * scanline)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, scanline, 8ull)) goto fail; for (i = 7; i >= 0; i--) @@ -2967,7 +2968,7 @@ update_read_create_offscreen_bitmap_order(wStream* s, deleteList->indices = new_indices; } - if (!Stream_CheckAndLogRequiredLength(TAG, s, 2ull * deleteList->cIndices)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, deleteList->cIndices, 2ull)) return FALSE; for (i = 0; i < deleteList->cIndices; i++) diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c index df0a23560..66e216503 100644 --- a/libfreerdp/core/rdp.c +++ b/libfreerdp/core/rdp.c @@ -948,7 +948,7 @@ static BOOL rdp_recv_monitor_layout_pdu(rdpRdp* rdp, wStream* s) Stream_Read_UINT32(s, monitorCount); /* monitorCount (4 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 20ull * monitorCount)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, monitorCount, 20ull)) return FALSE; monitorDefArray = (MONITOR_DEF*)calloc(monitorCount, sizeof(MONITOR_DEF)); diff --git a/libfreerdp/core/update.c b/libfreerdp/core/update.c index 0688075f3..4e7d415ea 100644 --- a/libfreerdp/core/update.c +++ b/libfreerdp/core/update.c @@ -274,7 +274,7 @@ PALETTE_UPDATE* update_read_palette(rdpUpdate* update, wStream* s) if (palette_update->number > 256) palette_update->number = 256; - if (!Stream_CheckAndLogRequiredLength(TAG, s, 3ull * palette_update->number)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, palette_update->number, 3ull)) goto fail; /* paletteEntries */ @@ -2341,7 +2341,7 @@ BOOL update_read_refresh_rect(rdpUpdate* update, wStream* s) Stream_Read_UINT8(s, numberOfAreas); Stream_Seek(s, 3); /* pad3Octects */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * numberOfAreas)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, numberOfAreas, 8ull)) return FALSE; for (BYTE index = 0; index < numberOfAreas; index++) diff --git a/libfreerdp/core/window.c b/libfreerdp/core/window.c index a64371f97..ac5cc896a 100644 --- a/libfreerdp/core/window.c +++ b/libfreerdp/core/window.c @@ -372,7 +372,7 @@ static BOOL update_read_window_state_order(wStream* s, WINDOW_ORDER_INFO* orderI windowState->windowRects = newRect; - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * windowState->numWindowRects)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, windowState->numWindowRects, 8ull)) return FALSE; /* windowRects */ @@ -416,7 +416,8 @@ static BOOL update_read_window_state_order(wStream* s, WINDOW_ORDER_INFO* orderI windowState->visibilityRects = newRect; - if (!Stream_CheckAndLogRequiredLength(TAG, s, 8ull * windowState->numVisibilityRects)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, windowState->numVisibilityRects, + 8ull)) return FALSE; /* visibilityRects */ @@ -912,7 +913,7 @@ static BOOL update_read_desktop_actively_monitored_order(wStream* s, WINDOW_ORDE Stream_Read_UINT8(s, monitored_desktop->numWindowIds); /* numWindowIds (1 byte) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, 4ull * monitored_desktop->numWindowIds)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, monitored_desktop->numWindowIds, 4ull)) return FALSE; if (monitored_desktop->numWindowIds > 0) diff --git a/libfreerdp/gdi/gfx.c b/libfreerdp/gdi/gfx.c index 4d027cb46..68bb21084 100644 --- a/libfreerdp/gdi/gfx.c +++ b/libfreerdp/gdi/gfx.c @@ -841,7 +841,7 @@ static UINT gdi_SurfaceCommand_Alpha(rdpGdi* gdi, RdpgfxClientContext* context, if (compressed == 0) { - if (!Stream_CheckAndLogRequiredLength(TAG, s, cmd->height * cmd->width * 1ULL)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cmd->height, cmd->width)) return ERROR_INVALID_DATA; for (UINT32 y = cmd->top; y < cmd->top + cmd->height; y++) diff --git a/libfreerdp/utils/cliprdr_utils.c b/libfreerdp/utils/cliprdr_utils.c index 001845cee..cec2f622c 100644 --- a/libfreerdp/utils/cliprdr_utils.c +++ b/libfreerdp/utils/cliprdr_utils.c @@ -82,7 +82,7 @@ UINT cliprdr_parse_file_list(const BYTE* format_data, UINT32 format_data_length, Stream_Read_UINT32(s, count); /* cItems (4 bytes) */ - if (!Stream_CheckAndLogRequiredLength(TAG, s, CLIPRDR_FILEDESCRIPTOR_SIZE * count * 1ull)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, count, CLIPRDR_FILEDESCRIPTOR_SIZE)) { result = ERROR_INCORRECT_SIZE; goto out; diff --git a/libfreerdp/utils/smartcard_pack.c b/libfreerdp/utils/smartcard_pack.c index 61335d0ae..d234ed463 100644 --- a/libfreerdp/utils/smartcard_pack.c +++ b/libfreerdp/utils/smartcard_pack.c @@ -160,7 +160,7 @@ static LONG smartcard_ndr_read(wStream* s, BYTE** data, size_t min, size_t eleme if (len > SIZE_MAX / 2) return STATUS_BUFFER_TOO_SMALL; - if (!Stream_CheckAndLogRequiredLength(TAG, s, len * elementSize * 1ull)) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, len, elementSize)) return STATUS_BUFFER_TOO_SMALL; len *= elementSize; diff --git a/server/proxy/channels/pf_channel_rdpdr.c b/server/proxy/channels/pf_channel_rdpdr.c index 519219cbc..15bf93c29 100644 --- a/server/proxy/channels/pf_channel_rdpdr.c +++ b/server/proxy/channels/pf_channel_rdpdr.c @@ -133,22 +133,24 @@ typedef struct } while (0) #define Stream_CheckAndLogRequiredLengthSrv(log, s, len) \ - Stream_CheckAndLogRequiredLengthWLogEx(log, WLOG_WARN, s, len, \ + Stream_CheckAndLogRequiredLengthWLogEx(log, WLOG_WARN, s, len, 1, \ proxy_client_rx " %s(%s:%" PRIuz ")", __FUNCTION__, \ __FILE__, (size_t)__LINE__) #define Stream_CheckAndLogRequiredLengthClient(log, s, len) \ - Stream_CheckAndLogRequiredLengthWLogEx(log, WLOG_WARN, s, len, \ + Stream_CheckAndLogRequiredLengthWLogEx(log, WLOG_WARN, s, len, 1, \ proxy_server_rx " %s(%s:%" PRIuz ")", __FUNCTION__, \ __FILE__, (size_t)__LINE__) #define Stream_CheckAndLogRequiredLengthRx(srv, log, s, len) \ - Stream_CheckAndLogRequiredLengthRx_(srv, log, s, len, __FUNCTION__, __FILE__, __LINE__) -static BOOL Stream_CheckAndLogRequiredLengthRx_(BOOL srv, wLog* log, wStream* s, size_t len, - const char* fkt, const char* file, size_t line) + Stream_CheckAndLogRequiredLengthRx_(srv, log, s, len, 1, __FUNCTION__, __FILE__, __LINE__) +static BOOL Stream_CheckAndLogRequiredLengthRx_(BOOL srv, wLog* log, wStream* s, size_t nmemb, + size_t size, const char* fkt, const char* file, + size_t line) { const char* fmt = srv ? proxy_server_rx " %s(%s:%" PRIuz ")" : proxy_client_rx " %s(%s:%" PRIuz ")"; - return Stream_CheckAndLogRequiredLengthWLogEx(log, WLOG_WARN, s, len, fmt, fkt, file, line); + return Stream_CheckAndLogRequiredLengthWLogEx(log, WLOG_WARN, s, nmemb, size, fmt, fkt, file, + line); } static const char* rdpdr_server_state_to_string(pf_channel_server_state state) @@ -1526,7 +1528,7 @@ static BOOL filter_smartcard_device_list_remove(pf_channel_server_context* rdpdr if (count == 0) return TRUE; - if (!Stream_CheckAndLogRequiredLength(TAG, s, count * sizeof(UINT32))) + if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, count, sizeof(UINT32))) return TRUE; for (x = 0; x < count; x++)