From 55f200f1b515ac9943d91bfdef4e02abb206e511 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 11 Jan 2024 11:13:34 +0100
Subject: [PATCH] [core,tpkt] log too large tpkt stream length

---
 libfreerdp/core/tpkt.c | 8 +++++++-
 libfreerdp/core/tpkt.h | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libfreerdp/core/tpkt.c b/libfreerdp/core/tpkt.c
index 0e124911a..6e137a65c 100644
--- a/libfreerdp/core/tpkt.c
+++ b/libfreerdp/core/tpkt.c
@@ -132,8 +132,14 @@ BOOL tpkt_read_header(wStream* s, UINT16* length)
 	return TRUE;
 }
 
-BOOL tpkt_ensure_stream_consumed_(wStream* s, UINT16 length, const char* fkt)
+BOOL tpkt_ensure_stream_consumed_(wStream* s, size_t length, const char* fkt)
 {
+	if (length > UINT16_MAX)
+	{
+		WLog_ERR(TAG, "[%s] length %" PRIuz " > %" PRIu16, fkt, length, UINT16_MAX);
+		return FALSE;
+	}
+
 	size_t rem = Stream_GetRemainingLength(s);
 	if (rem > 0)
 	{
diff --git a/libfreerdp/core/tpkt.h b/libfreerdp/core/tpkt.h
index d7408b696..9bb278198 100644
--- a/libfreerdp/core/tpkt.h
+++ b/libfreerdp/core/tpkt.h
@@ -32,6 +32,6 @@ FREERDP_LOCAL int tpkt_verify_header(wStream* s);
 FREERDP_LOCAL BOOL tpkt_read_header(wStream* s, UINT16* length);
 FREERDP_LOCAL BOOL tpkt_write_header(wStream* s, UINT16 length);
 #define tpkt_ensure_stream_consumed(s, length) tpkt_ensure_stream_consumed_((s), (length), __func__)
-FREERDP_LOCAL BOOL tpkt_ensure_stream_consumed_(wStream* s, UINT16 length, const char* fkt);
+FREERDP_LOCAL BOOL tpkt_ensure_stream_consumed_(wStream* s, size_t length, const char* fkt);
 
 #endif /* FREERDP_LIB_CORE_TPKT_H */