Checks that the fragmentation buffer is not bigger than negociated value

diff --git a/libfreerdp/core/fastpath.c b/libfreerdp/core/fastpath.c
index af727fd..f2e67a9 100644 (file)
--- a/libfreerdp/core/fastpath.c
+++ b/libfreerdp/core/fastpath.c
@@ -340,7 +340,11 @@ static int fastpath_recv_update_data(rdpFastPath* fastpath, STREAM* s)
 
                stream_check_size(fastpath->updateData, size);
                stream_copy(fastpath->updateData, comp_stream, size);
-               /* TODO: add a limit on the fragmentation buffer size */
+               if (stream_get_size(fastpath->updateData) > rdp->settings->MultifragMaxRequestSize)
+               {
+                       printf("fastpath PDU is bigger than MultifragMaxRequestSize\n");
+                       return -1;
+               }
 
                if (fragmentation == FASTPATH_FRAGMENT_LAST)
                {