From 3070cab0faa868ecf8339a2aa93750dd69e079f9 Mon Sep 17 00:00:00 2001
From: Martin Fleisz <martin.fleisz@thincast.com>
Date: Thu, 19 Nov 2015 14:12:26 +0100
Subject: [PATCH] cliprdr/server: Fix parsing of file contents request PDU

---
 channels/cliprdr/server/cliprdr_main.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/channels/cliprdr/server/cliprdr_main.c b/channels/cliprdr/server/cliprdr_main.c
index a73b2b9..4ffa71e 100644
--- a/channels/cliprdr/server/cliprdr_main.c
+++ b/channels/cliprdr/server/cliprdr_main.c
@@ -955,7 +955,7 @@ static UINT cliprdr_server_receive_filecontents_request(CliprdrServerContext* co
 	request.msgFlags = header->msgFlags;
 	request.dataLen = header->dataLen;
 
-	if (Stream_GetRemainingLength(s) < 28)
+	if (Stream_GetRemainingLength(s) < 24)
 	{
 		WLog_ERR(TAG, "not enought data in stream!");
 		return ERROR_INVALID_DATA;
@@ -967,7 +967,10 @@ static UINT cliprdr_server_receive_filecontents_request(CliprdrServerContext* co
 	Stream_Read_UINT32(s, request.nPositionLow); /* nPositionLow (4 bytes) */
 	Stream_Read_UINT32(s, request.nPositionHigh); /* nPositionHigh (4 bytes) */
 	Stream_Read_UINT32(s, request.cbRequested); /* cbRequested (4 bytes) */
-	Stream_Read_UINT32(s, request.clipDataId); /* clipDataId (4 bytes) */
+	if (Stream_GetRemainingLength(s) < 4) /* clipDataId (4 bytes) optional */
+		request.clipDataId = 0;
+	else
+		Stream_Read_UINT32(s, request.clipDataId);
 
 	IFCALLRET(context->ClientFileContentsRequest, error, context, &request);
 	if (error)
-- 
2.7.4