From f5ce5e72dd40f7efed4a8021a8888459afb93138 Mon Sep 17 00:00:00 2001 From: David FORT Date: Thu, 3 Mar 2016 11:45:12 +0100 Subject: [PATCH] Fix parsing of saveSessionInfo PDU This should fix the case when no username is sent (issue #3186). --- libfreerdp/core/info.c | 49 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c index e7b2d46..25fe940 100644 --- a/libfreerdp/core/info.c +++ b/libfreerdp/core/info.c @@ -665,23 +665,32 @@ BOOL rdp_recv_logon_info_v1(rdpRdp* rdp, wStream* s, logon_info *info) UINT32 cbDomain; UINT32 cbUserName; + ZeroMemory(info, sizeof(*info)); + if (Stream_GetRemainingLength(s) < 576) return FALSE; Stream_Read_UINT32(s, cbDomain); /* cbDomain (4 bytes) */ if (cbDomain > 52) return FALSE; - ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbDomain, &info->domain, 0, NULL, FALSE); - if (!info->domain) - return FALSE; + if (cbDomain) + { + ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbDomain, &info->domain, 0, NULL, FALSE); + if (!info->domain) + return FALSE; + } + Stream_Seek(s, 52); /* domain (52 bytes) */ Stream_Read_UINT32(s, cbUserName); /* cbUserName (4 bytes) */ if (cbUserName > 512) goto error_username; - ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbUserName, &info->username, 0, NULL, FALSE); - if (!info->username) - goto error_username; + if (cbUserName) + { + ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbUserName, &info->username, 0, NULL, FALSE); + if (!info->username) + goto error_username; + } Stream_Seek(s, 512); /* userName (512 bytes) */ Stream_Read_UINT32(s, info->sessionId); /* SessionId (4 bytes) */ @@ -703,6 +712,8 @@ BOOL rdp_recv_logon_info_v2(rdpRdp* rdp, wStream* s, logon_info *info) UINT32 cbDomain; UINT32 cbUserName; + ZeroMemory(info, sizeof(*info)); + if (Stream_GetRemainingLength(s) < 576) return FALSE; @@ -716,19 +727,25 @@ BOOL rdp_recv_logon_info_v2(rdpRdp* rdp, wStream* s, logon_info *info) if (Stream_GetRemainingLength(s) < (cbDomain + cbUserName)) return FALSE; - ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbDomain, &info->domain, 0, NULL, FALSE); - if (!info->domain) - return FALSE; - Stream_Seek(s, cbDomain); /* domain */ + if (cbDomain) + { + ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbDomain, &info->domain, 0, NULL, FALSE); + if (!info->domain) + return FALSE; + Stream_Seek(s, cbDomain); /* domain */ + } - ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbUserName, &info->username, 0, NULL, FALSE); - if (!info->username) + if (cbUserName) { - free(info->domain); - info->domain = NULL; - return FALSE; + ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) Stream_Pointer(s), cbUserName, &info->username, 0, NULL, FALSE); + if (!info->username) + { + free(info->domain); + info->domain = NULL; + return FALSE; + } + Stream_Seek(s, cbUserName); /* userName */ } - Stream_Seek(s, cbUserName); /* userName */ WLog_DBG(TAG, "LogonInfoV2: SessionId: 0x%04X", info->sessionId); -- 2.7.4