From bd0558c47fe1178c6c767fab18a023197549184e Mon Sep 17 00:00:00 2001 From: akallabeth Date: Fri, 22 Jan 2021 08:24:16 +0100 Subject: [PATCH] Fixed missing check for fastpath input messages Input events are only allowed after a connection was established (connection state is active) This check aborts input sending when done before that. (cherry picked from commit 102869f6a860140174da9dd3189babf6966c9149) --- libfreerdp/core/connection.c | 7 +++++++ libfreerdp/core/connection.h | 1 + libfreerdp/core/fastpath.c | 15 ++++++++++++--- libfreerdp/core/fastpath.h | 2 +- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 7a66e8e..bbc6031 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -1589,3 +1589,10 @@ const char* rdp_server_connection_state_string(int state) return "UNKNOWN"; } } + +int rdp_client_get_state(rdpRdp* rdp) +{ + if (!rdp) + return -1; + return rdp->state; +} diff --git a/libfreerdp/core/connection.h b/libfreerdp/core/connection.h index ee60696..8458c60 100644 --- a/libfreerdp/core/connection.h +++ b/libfreerdp/core/connection.h @@ -67,6 +67,7 @@ FREERDP_LOCAL int rdp_client_connect_license(rdpRdp* rdp, wStream* s); FREERDP_LOCAL int rdp_client_connect_demand_active(rdpRdp* rdp, wStream* s); FREERDP_LOCAL int rdp_client_transition_to_state(rdpRdp* rdp, int state); FREERDP_LOCAL const char* rdp_client_connection_state_string(int state); +FREERDP_LOCAL int rdp_client_get_state(rdpRdp* rdp); FREERDP_LOCAL BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s); FREERDP_LOCAL BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s); diff --git a/libfreerdp/core/fastpath.c b/libfreerdp/core/fastpath.c index 6e815c2..2271be3 100644 --- a/libfreerdp/core/fastpath.c +++ b/libfreerdp/core/fastpath.c @@ -934,8 +934,9 @@ wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE ev return s; } -BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNumEvents) +BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t iNumEvents) { + int state; BOOL rc = FALSE; rdpRdp* rdp; UINT16 length; @@ -944,8 +945,17 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu if (!s) return FALSE; - if (!fastpath || !fastpath->rdp) + if (!fastpath) + goto fail; + + rdp = fastpath->rdp; + state = rdp_client_get_state(rdp); + if (state != CONNECTION_STATE_ACTIVE) + { + WLog_WARN(TAG, "[%s] called before activation [%s]", __FUNCTION__, + rdp_client_connection_state_string(state)); goto fail; + } /* * A maximum of 15 events are allowed per request @@ -955,7 +965,6 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu if (iNumEvents > 15) goto fail; - rdp = fastpath->rdp; length = Stream_GetPosition(s); if (length >= (2 << 14)) diff --git a/libfreerdp/core/fastpath.h b/libfreerdp/core/fastpath.h index 752a92e..4a044bd 100644 --- a/libfreerdp/core/fastpath.h +++ b/libfreerdp/core/fastpath.h @@ -160,7 +160,7 @@ FREERDP_LOCAL wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath); FREERDP_LOCAL wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE eventCode); FREERDP_LOCAL BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, - int iEventCount); + size_t iEventCount); FREERDP_LOCAL BOOL fastpath_send_input_pdu(rdpFastPath* fastpath, wStream* s); FREERDP_LOCAL wStream* fastpath_update_pdu_init(rdpFastPath* fastpath); -- 2.7.4