{
uint16 lengthSourceDescriptor;
- stream_read_uint32(s, rdp->settings->share_id); /* shareId (4 bytes) */
- stream_read_uint16(s, lengthSourceDescriptor); /* lengthSourceDescriptor (2 bytes) */
- stream_seek(s, lengthSourceDescriptor); /* sourceDescriptor (should be 0x00) */
+ /*
+ * Windows XP can send short DEACTIVATE_ALL PDU that doesn't contain
+ * the following fields.
+ */
+ if (stream_get_left(s) > 0)
+ {
+ stream_read_uint32(s, rdp->settings->share_id); /* shareId (4 bytes) */
+ stream_read_uint16(s, lengthSourceDescriptor); /* lengthSourceDescriptor (2 bytes) */
+ stream_seek(s, lengthSourceDescriptor); /* sourceDescriptor (should be 0x00) */
+ }
rdp->state = CONNECTION_STATE_CAPABILITY;
return false;
stream_read_uint16(s, *type); /* pduType */
- stream_read_uint16(s, *channel_id); /* pduSource */
*type &= 0x0F; /* type is in the 4 least significant bits */
+ if (*length > 4)
+ stream_read_uint16(s, *channel_id); /* pduSource */
+ else /* Windows XP can send such short DEACTIVATE_ALL PDUs. */
+ *channel_id = 0;
+
return true;
}