mirror of
https://github.com/morgan9e/FreeRDP
synced 2026-04-14 00:14:11 +09:00
Merge pull request #12408 from akallabeth/stream-return
[winpr,stream] fix Stream_Write_UTF16_String return checks
This commit is contained in:
akallabeth
@@ -151,9 +151,10 @@ static UINT rail_read_server_get_appid_resp_order(wStream* s,
|
||||
return ERROR_INVALID_DATA;
|
||||
|
||||
Stream_Read_UINT32(s, getAppidResp->windowId); /* windowId (4 bytes) */
|
||||
Stream_Read_UTF16_String(
|
||||
s, getAppidResp->applicationId,
|
||||
ARRAYSIZE(getAppidResp->applicationId)); /* applicationId (260 UNICODE chars) */
|
||||
if (!Stream_Read_UTF16_String(
|
||||
s, getAppidResp->applicationId,
|
||||
ARRAYSIZE(getAppidResp->applicationId))) /* applicationId (260 UNICODE chars) */
|
||||
return ERROR_INVALID_DATA;
|
||||
return CHANNEL_RC_OK;
|
||||
}
|
||||
|
||||
|
||||
@@ -235,9 +235,10 @@ static UINT rail_write_get_app_id_resp_order(wStream* s,
|
||||
return ERROR_INVALID_PARAMETER;
|
||||
|
||||
Stream_Write_UINT32(s, getAppidResp->windowId); /* WindowId (4 bytes) */
|
||||
Stream_Write_UTF16_String(
|
||||
s, getAppidResp->applicationId,
|
||||
ARRAYSIZE(getAppidResp->applicationId)); /* ApplicationId (512 bytes) */
|
||||
if (!Stream_Write_UTF16_String(
|
||||
s, getAppidResp->applicationId,
|
||||
ARRAYSIZE(getAppidResp->applicationId))) /* ApplicationId (512 bytes) */
|
||||
return ERROR_INVALID_DATA;
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -253,13 +254,15 @@ static UINT rail_write_get_appid_resp_ex_order(wStream* s,
|
||||
return ERROR_INVALID_PARAMETER;
|
||||
|
||||
Stream_Write_UINT32(s, getAppidRespEx->windowID); /* WindowId (4 bytes) */
|
||||
Stream_Write_UTF16_String(
|
||||
s, getAppidRespEx->applicationID,
|
||||
ARRAYSIZE(getAppidRespEx->applicationID)); /* ApplicationId (520 bytes) */
|
||||
if (!Stream_Write_UTF16_String(
|
||||
s, getAppidRespEx->applicationID,
|
||||
ARRAYSIZE(getAppidRespEx->applicationID))) /* ApplicationId (520 bytes) */
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_Write_UINT32(s, getAppidRespEx->processId); /* ProcessId (4 bytes) */
|
||||
Stream_Write_UTF16_String(
|
||||
s, getAppidRespEx->processImageName,
|
||||
ARRAYSIZE(getAppidRespEx->processImageName)); /* ProcessImageName (520 bytes) */
|
||||
if (!Stream_Write_UTF16_String(
|
||||
s, getAppidRespEx->processImageName,
|
||||
ARRAYSIZE(getAppidRespEx->processImageName))) /* ProcessImageName (520 bytes) */
|
||||
return ERROR_INVALID_DATA;
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
@@ -514,7 +514,7 @@ static BOOL rdg_send_extauth_sspi(rdpRdg* rdg)
|
||||
static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
|
||||
{
|
||||
wStream* s = nullptr;
|
||||
BOOL status = 0;
|
||||
BOOL status = FALSE;
|
||||
UINT32 packetSize = 16;
|
||||
UINT16 fieldsPresent = 0;
|
||||
WCHAR* PAACookie = nullptr;
|
||||
@@ -529,10 +529,7 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
|
||||
ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen);
|
||||
|
||||
if (!PAACookie || (PAACookieLen > UINT16_MAX / sizeof(WCHAR)))
|
||||
{
|
||||
free(PAACookie);
|
||||
return FALSE;
|
||||
}
|
||||
goto fail;
|
||||
|
||||
PAACookieLen += 1; /* include \0 */
|
||||
packetSize += 2 + (UINT32)(PAACookieLen) * sizeof(WCHAR);
|
||||
@@ -542,10 +539,7 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
|
||||
s = Stream_New(nullptr, packetSize);
|
||||
|
||||
if (!s)
|
||||
{
|
||||
free(PAACookie);
|
||||
return FALSE;
|
||||
}
|
||||
goto fail;
|
||||
|
||||
Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE); /* Type (2 bytes) */
|
||||
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
||||
@@ -557,11 +551,14 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
|
||||
if (PAACookie)
|
||||
{
|
||||
Stream_Write_UINT16(s, (UINT16)PAACookieLen * sizeof(WCHAR)); /* PAA cookie string length */
|
||||
Stream_Write_UTF16_String(s, PAACookie, PAACookieLen);
|
||||
if (!Stream_Write_UTF16_String(s, PAACookie, PAACookieLen))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
Stream_SealLength(s);
|
||||
status = rdg_write_packet(rdg, s);
|
||||
|
||||
fail:
|
||||
Stream_Free(s, TRUE);
|
||||
free(PAACookie);
|
||||
|
||||
@@ -576,7 +573,7 @@ static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
|
||||
static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
|
||||
{
|
||||
wStream* s = nullptr;
|
||||
BOOL status = 0;
|
||||
BOOL status = FALSE;
|
||||
WINPR_ASSERT(rdg);
|
||||
size_t clientNameLen = 0;
|
||||
WCHAR* clientName = freerdp_settings_get_string_as_utf16(
|
||||
@@ -586,34 +583,29 @@ static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
|
||||
|
||||
const size_t packetSize = 12ull + clientNameLen * sizeof(WCHAR);
|
||||
if (!clientName || (clientNameLen >= UINT16_MAX / sizeof(WCHAR)) || (packetSize > UINT32_MAX))
|
||||
{
|
||||
free(clientName);
|
||||
return FALSE;
|
||||
}
|
||||
goto fail;
|
||||
|
||||
s = Stream_New(nullptr, packetSize);
|
||||
|
||||
if (!s)
|
||||
{
|
||||
free(clientName);
|
||||
return FALSE;
|
||||
}
|
||||
goto fail;
|
||||
|
||||
Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH); /* Type (2 bytes) */
|
||||
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
||||
Stream_Write_UINT32(s, (UINT32)packetSize); /* PacketLength (4 bytes) */
|
||||
Stream_Write_UINT16(s, 0); /* FieldsPresent (2 bytes) */
|
||||
Stream_Write_UINT16(s, (UINT16)clientNameLen * sizeof(WCHAR)); /* Client name string length */
|
||||
Stream_Write_UTF16_String(s, clientName, clientNameLen);
|
||||
if (!Stream_Write_UTF16_String(s, clientName, clientNameLen))
|
||||
goto fail;
|
||||
Stream_SealLength(s);
|
||||
status = rdg_write_packet(rdg, s);
|
||||
|
||||
fail:
|
||||
Stream_Free(s, TRUE);
|
||||
free(clientName);
|
||||
|
||||
if (status)
|
||||
{
|
||||
rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE;
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -648,7 +640,9 @@ static BOOL rdg_send_channel_create(rdpRdg* rdg)
|
||||
(UINT16)rdg->context->settings->ServerPort); /* Resource port (2 bytes) */
|
||||
Stream_Write_UINT16(s, 3); /* Protocol number (2 bytes) */
|
||||
Stream_Write_UINT16(s, (UINT16)serverNameLen * sizeof(WCHAR));
|
||||
Stream_Write_UTF16_String(s, serverName, serverNameLen);
|
||||
if (!Stream_Write_UTF16_String(s, serverName, serverNameLen))
|
||||
goto fail;
|
||||
|
||||
Stream_SealLength(s);
|
||||
status = rdg_write_packet(rdg, s);
|
||||
fail:
|
||||
|
||||
@@ -451,7 +451,8 @@ static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const
|
||||
Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
|
||||
Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
|
||||
Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
|
||||
Stream_Write_UTF16_String(s, str, length); /* Array */
|
||||
if (!Stream_Write_UTF16_String(s, str, length)) /* Array */
|
||||
return FALSE;
|
||||
Stream_Zero(s, pad);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -2856,8 +2856,9 @@ static CACHE_GLYPH_ORDER* update_read_cache_glyph_order(rdpUpdate* update, wStre
|
||||
sizeof(WCHAR)))
|
||||
goto fail;
|
||||
|
||||
Stream_Read_UTF16_String(s, cache_glyph_order->unicodeCharacters,
|
||||
cache_glyph_order->cGlyphs);
|
||||
if (!Stream_Read_UTF16_String(s, cache_glyph_order->unicodeCharacters,
|
||||
cache_glyph_order->cGlyphs))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
return cache_glyph_order;
|
||||
@@ -2959,7 +2960,9 @@ static CACHE_GLYPH_V2_ORDER* update_read_cache_glyph_v2_order(rdpUpdate* update,
|
||||
if (!Stream_CheckAndLogRequiredLengthOfSize(TAG, s, cache_glyph_v2->cGlyphs, sizeof(WCHAR)))
|
||||
goto fail;
|
||||
|
||||
Stream_Read_UTF16_String(s, cache_glyph_v2->unicodeCharacters, cache_glyph_v2->cGlyphs);
|
||||
if (!Stream_Read_UTF16_String(s, cache_glyph_v2->unicodeCharacters,
|
||||
cache_glyph_v2->cGlyphs))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
return cache_glyph_v2;
|
||||
|
||||
@@ -137,9 +137,8 @@ BOOL cliprdr_read_filedescriptor(wStream* s, FILEDESCRIPTORW* descriptor)
|
||||
descriptor->ftLastWriteTime = uint64_to_filetime(tmp);
|
||||
Stream_Read_UINT32(s, descriptor->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
|
||||
Stream_Read_UINT32(s, descriptor->nFileSizeLow); /* fileSizeLow (4 bytes) */
|
||||
Stream_Read_UTF16_String(s, descriptor->cFileName,
|
||||
ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */
|
||||
return TRUE;
|
||||
return Stream_Read_UTF16_String(s, descriptor->cFileName,
|
||||
ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */
|
||||
}
|
||||
|
||||
BOOL cliprdr_write_filedescriptor(wStream* s, const FILEDESCRIPTORW* descriptor)
|
||||
@@ -166,9 +165,8 @@ BOOL cliprdr_write_filedescriptor(wStream* s, const FILEDESCRIPTORW* descriptor)
|
||||
s, filetime_to_uint64(descriptor->ftLastWriteTime)); /* lastWriteTime (8 bytes) */
|
||||
Stream_Write_UINT32(s, descriptor->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
|
||||
Stream_Write_UINT32(s, descriptor->nFileSizeLow); /* fileSizeLow (4 bytes) */
|
||||
Stream_Write_UTF16_String(s, descriptor->cFileName,
|
||||
ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */
|
||||
return TRUE;
|
||||
return Stream_Write_UTF16_String(s, descriptor->cFileName,
|
||||
ARRAYSIZE(descriptor->cFileName)); /* cFileName (520 bytes) */
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user