while (length > 0)
{
pos = stream_get_pos(s);
- gcc_read_user_data_header(s, &type, &blockLength);
+ if(!gcc_read_user_data_header(s, &type, &blockLength))
+ return FALSE;
switch (type)
{
BOOL gcc_read_user_data_header(STREAM* s, UINT16* type, UINT16* length)
{
+ if (stream_get_left(s) < 4)
+ return FALSE;
+
stream_read_UINT16(s, *type); /* type */
stream_read_UINT16(s, *length); /* length */
- if (*length < 4)
- return FALSE;
-
if (stream_get_left(s) < *length - 4)
return FALSE;
UINT32 version;
UINT32 clientRequestedProtocols;
+ if(stream_get_left(s) < 8)
+ return FALSE;
stream_read_UINT32(s, version); /* version */
stream_read_UINT32(s, clientRequestedProtocols); /* clientRequestedProtocols */
BYTE* data;
UINT32 length;
+ if (stream_get_left(s) < 8)
+ return FALSE;
stream_read_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */
stream_read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
return TRUE;
}
+ if (stream_get_left(s) < 8)
+ return FALSE;
stream_read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
stream_read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */
+ if (stream_get_left(s) < settings->ServerRandomLength + settings->ServerCertificateLength)
+ return FALSE;
+
if (settings->ServerRandomLength > 0)
{
/* serverRandom */
UINT16 channelCount;
UINT16 channelId;
+ if(stream_get_left(s) < 4)
+ return FALSE;
stream_read_UINT16(s, MCSChannelId); /* MCSChannelId */
stream_read_UINT16(s, channelCount); /* channelCount */
settings->ChannelCount, channelCount);
}
+ if(stream_get_left(s) < channelCount * 2)
+ return FALSE;
+
for (i = 0; i < channelCount; i++)
{
stream_read_UINT16(s, channelId); /* channelId */
}
if (channelCount % 2 == 1)
- stream_seek(s, 2); /* padding */
+ return stream_skip(s, 2); /* padding */
return TRUE;
}
{
UINT32 flags;
- if (blockLength < 8)
+ if (blockLength < 4)
return FALSE;
stream_read_UINT32(s, flags); /* flags */
if ((flags & REDIRECTED_SESSIONID_FIELD_VALID))
+ {
+ if(blockLength < 8)
+ return FALSE;
stream_read_UINT32(s, settings->RedirectedSessionId); /* redirectedSessionID */
+ }
return TRUE;
}