rail: stream size checks and rail_read_sysparam_order fixes

diff --git a/channels/rail/rail_common.c b/channels/rail/rail_common.c
index bab9646..229029b 100644 (file)
--- a/channels/rail/rail_common.c
+++ b/channels/rail/rail_common.c
@@ -186,8 +186,12 @@ static UINT rail_read_high_contrast(wStream* s, RAIL_HIGH_CONTRAST* highContrast
        if (!s || !highContrast)
                return ERROR_INVALID_PARAMETER;
 
-       Stream_Read_UINT32(s, highContrast->flags);                   /* flags (4 bytes) */
-       Stream_Read_UINT32(s, highContrast->colorSchemeLength);       /* colorSchemeLength (4 bytes) */
+       if (Stream_GetRemainingLength(s) < 8)
+               return ERROR_INVALID_DATA;
+
+       Stream_Read_UINT32(s, highContrast->flags);             /* flags (4 bytes) */
+       Stream_Read_UINT32(s, highContrast->colorSchemeLength); /* colorSchemeLength (4 bytes) */
+
        if (!rail_read_unicode_string(s, &highContrast->colorScheme)) /* colorScheme */
                return ERROR_INTERNAL_ERROR;
        return CHANNEL_RC_OK;
@@ -219,6 +223,27 @@ static UINT rail_write_high_contrast(wStream* s, const RAIL_HIGH_CONTRAST* highC
  *
  * @return 0 on success, otherwise a Win32 error code
  */
+static UINT rail_read_filterkeys(wStream* s, TS_FILTERKEYS* filterKeys)
+{
+       if (!s || !filterKeys)
+               return ERROR_INVALID_PARAMETER;
+
+       if (Stream_GetRemainingLength(s) < 20)
+               return ERROR_INVALID_DATA;
+
+       Stream_Read_UINT32(s, filterKeys->Flags);
+       Stream_Read_UINT32(s, filterKeys->WaitTime);
+       Stream_Read_UINT32(s, filterKeys->DelayTime);
+       Stream_Read_UINT32(s, filterKeys->RepeatTime);
+       Stream_Read_UINT32(s, filterKeys->BounceTime);
+       return CHANNEL_RC_OK;
+}
+
+/**
+ * Function description
+ *
+ * @return 0 on success, otherwise a Win32 error code
+ */
 static UINT rail_write_filterkeys(wStream* s, const TS_FILTERKEYS* filterKeys)
 {
        if (!s || !filterKeys)
@@ -256,30 +281,38 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
 
        Stream_Read_UINT32(s, sysparam->param); /* systemParam (4 bytes) */
 
+       sysparam->params = 0; /* bitflags of received params */
+
        switch (sysparam->param)
        {
                /* Client sysparams */
                case SPI_SET_DRAG_FULL_WINDOWS:
+                       sysparam->params |= SPI_MASK_SET_DRAG_FULL_WINDOWS;
                        Stream_Read_UINT8(s, body); /* body (1 byte) */
                        sysparam->dragFullWindows = body != 0;
                        break;
 
                case SPI_SET_KEYBOARD_CUES:
+                       sysparam->params |= SPI_MASK_SET_KEYBOARD_CUES;
                        Stream_Read_UINT8(s, body); /* body (1 byte) */
                        sysparam->keyboardCues = body != 0;
                        break;
 
                case SPI_SET_KEYBOARD_PREF:
+                       sysparam->params |= SPI_MASK_SET_KEYBOARD_PREF;
                        Stream_Read_UINT8(s, body); /* body (1 byte) */
                        sysparam->keyboardPref = body != 0;
                        break;
 
                case SPI_SET_MOUSE_BUTTON_SWAP:
+                       sysparam->params |= SPI_MASK_SET_MOUSE_BUTTON_SWAP;
                        Stream_Read_UINT8(s, body); /* body (1 byte) */
                        sysparam->mouseButtonSwap = body != 0;
                        break;
 
                case SPI_SET_WORK_AREA:
+                       sysparam->params |= SPI_MASK_SET_WORK_AREA;
+
                        if (Stream_GetRemainingLength(s) < 8)
                        {
                                WLog_ERR(TAG, "Stream_GetRemainingLength failed!");
@@ -293,6 +326,8 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                        break;
 
                case SPI_DISPLAY_CHANGE:
+                       sysparam->params |= SPI_MASK_DISPLAY_CHANGE;
+
                        if (Stream_GetRemainingLength(s) < 8)
                        {
                                WLog_ERR(TAG, "Stream_GetRemainingLength failed!");
@@ -306,6 +341,8 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                        break;
 
                case SPI_TASKBAR_POS:
+                       sysparam->params |= SPI_MASK_TASKBAR_POS;
+
                        if (Stream_GetRemainingLength(s) < 8)
                        {
                                WLog_ERR(TAG, "Stream_GetRemainingLength failed!");
@@ -319,6 +356,7 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                        break;
 
                case SPI_SET_HIGH_CONTRAST:
+                       sysparam->params |= SPI_MASK_SET_HIGH_CONTRAST;
                        if (Stream_GetRemainingLength(s) < 8)
                        {
                                WLog_ERR(TAG, "Stream_GetRemainingLength failed!");
@@ -329,7 +367,9 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                        break;
 
                case SPI_SETCARETWIDTH:
-                       if (extendedSpiSupported)
+                       sysparam->params |= SPI_MASK_SET_CARET_WIDTH;
+
+                       if (!extendedSpiSupported)
                                return ERROR_INVALID_DATA;
 
                        if (Stream_GetRemainingLength(s) < 4)
@@ -346,7 +386,9 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                        break;
 
                case SPI_SETSTICKYKEYS:
-                       if (extendedSpiSupported)
+                       sysparam->params |= SPI_MASK_SET_STICKY_KEYS;
+
+                       if (!extendedSpiSupported)
                                return ERROR_INVALID_DATA;
 
                        if (Stream_GetRemainingLength(s) < 4)
@@ -355,11 +397,13 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                                return ERROR_INVALID_DATA;
                        }
 
-                       Stream_Write_UINT32(s, sysparam->stickyKeys);
+                       Stream_Read_UINT32(s, sysparam->stickyKeys);
                        break;
 
                case SPI_SETTOGGLEKEYS:
-                       if (extendedSpiSupported)
+                       sysparam->params |= SPI_MASK_SET_TOGGLE_KEYS;
+
+                       if (!extendedSpiSupported)
                                return ERROR_INVALID_DATA;
 
                        if (Stream_GetRemainingLength(s) < 4)
@@ -368,11 +412,13 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                                return ERROR_INVALID_DATA;
                        }
 
-                       Stream_Write_UINT32(s, sysparam->toggleKeys);
+                       Stream_Read_UINT32(s, sysparam->toggleKeys);
                        break;
 
                case SPI_SETFILTERKEYS:
-                       if (extendedSpiSupported)
+                       sysparam->params |= SPI_MASK_SET_FILTER_KEYS;
+
+                       if (!extendedSpiSupported)
                                return ERROR_INVALID_DATA;
 
                        if (Stream_GetRemainingLength(s) < 20)
@@ -381,16 +427,20 @@ UINT rail_read_sysparam_order(wStream* s, RAIL_SYSPARAM_ORDER* sysparam, BOOL ex
                                return ERROR_INVALID_DATA;
                        }
 
-                       error = rail_write_filterkeys(s, &sysparam->filterKeys);
+                       error = rail_read_filterkeys(s, &sysparam->filterKeys);
                        break;
 
                /* Server sysparams */
                case SPI_SETSCREENSAVEACTIVE:
+                       sysparam->params |= SPI_MASK_SET_SCREEN_SAVE_ACTIVE;
+
                        Stream_Read_UINT8(s, body); /* body (1 byte) */
                        sysparam->setScreenSaveActive = body != 0;
                        break;
 
                case SPI_SETSCREENSAVESECURE:
+                       sysparam->params |= SPI_MASK_SET_SET_SCREEN_SAVE_SECURE;
+
                        Stream_Read_UINT8(s, body); /* body (1 byte) */
                        sysparam->setScreenSaveSecure = body != 0;
                        break;

diff --git a/channels/rail/server/rail_main.c b/channels/rail/server/rail_main.c
index 817ce96..5bdfd23 100644 (file)
--- a/channels/rail/server/rail_main.c
+++ b/channels/rail/server/rail_main.c
@@ -105,15 +105,15 @@ static UINT rail_write_min_max_info_order(wStream* s, const RAIL_MINMAXINFO_ORDE
        if (!s || !minMaxInfo)
                return ERROR_INVALID_PARAMETER;
 
-       Stream_Write_UINT32(s, minMaxInfo->windowId);       /* WindowId (4 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->maxWidth);       /* MaxWidth (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->maxHeight);      /* MaxHeight (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->maxPosX);        /* MaxPosX (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->maxPosY);        /* MaxPosY (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->minTrackWidth);  /* MinTrackWidth (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->minTrackHeight); /* MinTrackHeight (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->maxTrackWidth);  /* MaxTrackWidth (2 bytes) */
-       Stream_Write_UINT16(s, minMaxInfo->maxTrackHeight); /* MaxTrackHeight (2 bytes) */
+       Stream_Write_UINT32(s, minMaxInfo->windowId);      /* WindowId (4 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->maxWidth);       /* MaxWidth (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->maxHeight);      /* MaxHeight (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->maxPosX);        /* MaxPosX (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->maxPosY);        /* MaxPosY (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->minTrackWidth);  /* MinTrackWidth (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->minTrackHeight); /* MinTrackHeight (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->maxTrackWidth);  /* MaxTrackWidth (2 bytes) */
+       Stream_Write_INT16(s, minMaxInfo->maxTrackHeight); /* MaxTrackHeight (2 bytes) */
        return ERROR_SUCCESS;
 }
 
@@ -796,10 +796,10 @@ static UINT rail_read_window_move_order(wStream* s, RAIL_WINDOW_MOVE_ORDER* wind
                return ERROR_INVALID_DATA;
 
        Stream_Read_UINT32(s, windowMove->windowId); /* WindowId (4 bytes) */
-       Stream_Read_UINT16(s, windowMove->left);     /* Left (2 bytes) */
-       Stream_Read_UINT16(s, windowMove->top);      /* Top (2 bytes) */
-       Stream_Read_UINT16(s, windowMove->right);    /* Right (2 bytes) */
-       Stream_Read_UINT16(s, windowMove->bottom);   /* Bottom (2 bytes) */
+       Stream_Read_INT16(s, windowMove->left);      /* Left (2 bytes) */
+       Stream_Read_INT16(s, windowMove->top);       /* Top (2 bytes) */
+       Stream_Read_INT16(s, windowMove->right);     /* Right (2 bytes) */
+       Stream_Read_INT16(s, windowMove->bottom);    /* Bottom (2 bytes) */
        return CHANNEL_RC_OK;
 }
 
@@ -814,10 +814,10 @@ static UINT rail_read_snap_arange_order(wStream* s, RAIL_SNAP_ARRANGE* snapArran
                return ERROR_INVALID_DATA;
 
        Stream_Read_UINT32(s, snapArrange->windowId); /* WindowId (4 bytes) */
-       Stream_Read_UINT16(s, snapArrange->left);     /* Left (2 bytes) */
-       Stream_Read_UINT16(s, snapArrange->top);      /* Top (2 bytes) */
-       Stream_Read_UINT16(s, snapArrange->right);    /* Right (2 bytes) */
-       Stream_Read_UINT16(s, snapArrange->bottom);   /* Bottom (2 bytes) */
+       Stream_Read_INT16(s, snapArrange->left);      /* Left (2 bytes) */
+       Stream_Read_INT16(s, snapArrange->top);       /* Top (2 bytes) */
+       Stream_Read_INT16(s, snapArrange->right);     /* Right (2 bytes) */
+       Stream_Read_INT16(s, snapArrange->bottom);    /* Bottom (2 bytes) */
        return CHANNEL_RC_OK;
 }