From: Martin Fleisz <martin.fleisz@thincast.com>
Date: Thu, 19 Nov 2015 13:12:26 +0000 (+0100)
Subject: cliprdr/server: Fix parsing of file contents request PDU
X-Git-Tag: 2.0.0-beta1+android10~386^2~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3070cab0faa868ecf8339a2aa93750dd69e079f9;p=platform%2Fupstream%2Ffreerdp.git

cliprdr/server: Fix parsing of file contents request PDU
---

diff --git a/channels/cliprdr/server/cliprdr_main.c b/channels/cliprdr/server/cliprdr_main.c
index a73b2b9..4ffa71e 100644
--- a/channels/cliprdr/server/cliprdr_main.c
+++ b/channels/cliprdr/server/cliprdr_main.c
@@ -955,7 +955,7 @@ static UINT cliprdr_server_receive_filecontents_request(CliprdrServerContext* co
 	request.msgFlags = header->msgFlags;
 	request.dataLen = header->dataLen;
 
-	if (Stream_GetRemainingLength(s) < 28)
+	if (Stream_GetRemainingLength(s) < 24)
 	{
 		WLog_ERR(TAG, "not enought data in stream!");
 		return ERROR_INVALID_DATA;
@@ -967,7 +967,10 @@ static UINT cliprdr_server_receive_filecontents_request(CliprdrServerContext* co
 	Stream_Read_UINT32(s, request.nPositionLow); /* nPositionLow (4 bytes) */
 	Stream_Read_UINT32(s, request.nPositionHigh); /* nPositionHigh (4 bytes) */
 	Stream_Read_UINT32(s, request.cbRequested); /* cbRequested (4 bytes) */
-	Stream_Read_UINT32(s, request.clipDataId); /* clipDataId (4 bytes) */
+	if (Stream_GetRemainingLength(s) < 4) /* clipDataId (4 bytes) optional */
+		request.clipDataId = 0;
+	else
+		Stream_Read_UINT32(s, request.clipDataId);
 
 	IFCALLRET(context->ClientFileContentsRequest, error, context, &request);
 	if (error)