[warnings] improve array bound checks

channels/cliprdr/cliprdr_common.c

@@ -509,6 +509,9 @@ UINT cliprdr_read_format_list(wStream* s, CLIPRDR_FORMAT_LIST* formatList, BOOL
 
 		while (Stream_GetRemainingLength(sub2) >= 4)
 		{
+			if (index >= formatList->numFormats)
+				goto error_out;
+
 			size_t rest = 0;
 			CLIPRDR_FORMAT* format = &formats[index];
 

libfreerdp/core/errbase.c

@@ -43,18 +43,14 @@ static const ERRINFO ERRBASE_CODES[] = { ERRBASE_DEFINE(SUCCESS),
 
 const char* freerdp_get_error_base_string(UINT32 code)
 {
-	const ERRINFO* errInfo = NULL;
-
-	errInfo = &ERRBASE_CODES[0];
-
-	while (errInfo->code != ERRBASE_NONE)
+	for (size_t x = 0; x < ARRAYSIZE(ERRBASE_CODES); x++)
 	{
+		const ERRINFO* errInfo = &ERRBASE_CODES[x];
+
 		if (code == errInfo->code)
 		{
 			return errInfo->info;
 		}
-
-		errInfo++;
 	}
 
 	return "ERRBASE_UNKNOWN";
@@ -62,18 +58,13 @@ const char* freerdp_get_error_base_string(UINT32 code)
 
 const char* freerdp_get_error_base_category(UINT32 code)
 {
-	const ERRINFO* errInfo = NULL;
-
-	errInfo = &ERRBASE_CODES[0];
-
-	while (errInfo->code != ERRBASE_NONE)
+	for (size_t x = 0; x < ARRAYSIZE(ERRBASE_CODES); x++)
 	{
+		const ERRINFO* errInfo = &ERRBASE_CODES[x];
 		if (code == errInfo->code)
 		{
 			return errInfo->category;
 		}
-
-		errInfo++;
 	}
 
 	return "ERRBASE_UNKNOWN";
@@ -81,18 +72,13 @@ const char* freerdp_get_error_base_category(UINT32 code)
 
 const char* freerdp_get_error_base_name(UINT32 code)
 {
-	const ERRINFO* errInfo = NULL;
-
-	errInfo = &ERRBASE_CODES[0];
-
-	while (errInfo->code != ERRBASE_NONE)
+	for (size_t x = 0; x < ARRAYSIZE(ERRBASE_CODES); x++)
 	{
+		const ERRINFO* errInfo = &ERRBASE_CODES[x];
 		if (code == errInfo->code)
 		{
 			return errInfo->name;
 		}
-
-		errInfo++;
 	}
 
 	return "ERRBASE_UNKNOWN";

libfreerdp/core/gateway/rpc_client.c

@@ -1128,6 +1128,12 @@ BOOL rpc_client_write_call(rdpRpc* rpc, wStream* s, UINT16 opnum)
 	if (!credssp_auth_encrypt(auth, &plaintext, &ciphertext, &size, rpc->SendSeqNum++))
 		goto fail;
 
+	if (offset + size > request_pdu.header.frag_length)
+	{
+		sspi_SecBufferFree(&ciphertext);
+		goto fail;
+	}
+
 	CopyMemory(&buffer[offset], ciphertext.pvBuffer, size);
 	offset += size;
 

libfreerdp/core/gateway/tsg.c

@@ -585,6 +585,13 @@ static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
 	if (!tsg_stream_align(log, s, 4))
 		return FALSE;
 
+	if (caps->numCapabilities > 1)
+	{
+		WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
+		         caps->numCapabilities);
+		return FALSE;
+	}
+
 	return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
 }
 
@@ -600,6 +607,13 @@ static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
 
 	if (!Stream_EnsureRemainingCapacity(s, 10))
 		return FALSE;
+
+	if (caps->numCapabilities > 1)
+	{
+		WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
+		         caps->numCapabilities);
+		return FALSE;
+	}
 	Stream_Write_UINT32(s, caps->numCapabilities);
 	Stream_Write_UINT16(s, caps->majorVersion);
 	Stream_Write_UINT16(s, caps->minorVersion);
@@ -855,6 +869,13 @@ static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
 	if (!tsg_print(buffer, length, " "))
 		return FALSE;
 
+	if (caps->numCapabilities > 1)
+	{
+		WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
+		         caps->numCapabilities);
+		return FALSE;
+	}
+
 	if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
 		return FALSE;
 

libfreerdp/core/window.c

@@ -1043,6 +1043,11 @@ static BOOL update_read_desktop_actively_monitored_order(wStream* s,
 				Stream_Read_UINT32(s, monitored_desktop->windowIds[i]);
 			}
 		}
+		else
+		{
+			free(monitored_desktop->windowIds);
+			monitored_desktop->windowIds = NULL;
+		}
 	}
 
 	return TRUE;
@@ -1070,6 +1075,7 @@ static void dump_monitored_desktop(wLog* log, const char* msg, const WINDOW_ORDE
 		DUMP_APPEND(buffer, bufferSize, " windows=(");
 		for (UINT32 i = 0; i < monitored->numWindowIds; i++)
 		{
+			WINPR_ASSERT(monitored->windowIds);
 			DUMP_APPEND(buffer, bufferSize, "0x%" PRIx32 ",", monitored->windowIds[i]);
 		}
 		DUMP_APPEND(buffer, bufferSize, ")");

libfreerdp/crypto/certificate.c

@@ -1459,7 +1459,13 @@ static BOOL bio_read_pem(BIO* bio, char** ppem, size_t* plength)
 			break;
 		length += blocksize;
 	}
-	pem[offset] = '\0';
+
+	if (pem)
+	{
+		if (offset >= length)
+			goto fail;
+		pem[offset] = '\0';
+	}
 	*ppem = pem;
 	if (plength)
 		*plength = offset;

server/shadow/shadow_subsystem_builtin.c

@@ -29,12 +29,12 @@ typedef struct
 extern int ShadowSubsystemEntry(RDP_SHADOW_ENTRY_POINTS* pEntryPoints);
 extern const char* ShadowSubsystemName(void);
 
-static RDP_SHADOW_SUBSYSTEM g_Subsystems[] = {
+static const RDP_SHADOW_SUBSYSTEM g_Subsystems[] = {
 
 	{ ShadowSubsystemName, ShadowSubsystemEntry }
 };
 
-static size_t g_SubsystemCount = ARRAYSIZE(g_Subsystems);
+static const size_t g_SubsystemCount = ARRAYSIZE(g_Subsystems);
 
 static pfnShadowSubsystemEntry shadow_subsystem_load_static_entry(const char* name)
 {

winpr/libwinpr/ncrypt/ncrypt_pkcs11.c

@@ -130,12 +130,17 @@ static SECURITY_STATUS NCryptP11StorageProvider_dtor(NCRYPT_HANDLE handle)
 
 static void fix_padded_string(char* str, size_t maxlen)
 {
-	char* ptr = str + maxlen - 1;
+	if (maxlen == 0)
+		return;
 
-	while (ptr > str && *ptr == ' ')
+	WINPR_ASSERT(str);
+	char* ptr = &str[maxlen - 1];
+
+	while ((ptr > str) && (*ptr == ' '))
+	{
+		*ptr = '\0';
 		ptr--;
-	ptr++;
-	*ptr = 0;
+	}
 }
 
 static BOOL attributes_have_unallocated_buffers(CK_ATTRIBUTE_PTR attributes, CK_ULONG count)