diff options
| -rw-r--r-- | libxrdp/xrdp_orders.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/libxrdp/xrdp_orders.c b/libxrdp/xrdp_orders.c index 438151da..a76ecaea 100644 --- a/libxrdp/xrdp_orders.c +++ b/libxrdp/xrdp_orders.c @@ -205,11 +205,22 @@ xrdp_orders_check(struct xrdp_orders *self, int max_size) } size = (int)(self->out_s->p - self->order_count_ptr); - - if ((size < 0) || (size > max_packet_size)) + if (size < 0) { + g_writeln("error in xrdp_orders_check, size too small, its %d", size); return 1; } + if (size > max_packet_size) + { + // this suggests someone calls this function without passing the correct + // max_size so we end up putting more into the buffer than we indicate we can + g_writeln("error in xrdp_orders_check, size too big, its %d", size); + // We where getting called with size allready greater than max_packet_size + // Which I suspect was because the sending of text did not include the text len + // to check the buffer size. So attempt to send the data anyway. + // Lets write the data anyway, somewhere else may barf. + // return 1; + } if ((size + max_size + 100) > max_packet_size) { @@ -1591,7 +1602,8 @@ xrdp_orders_text(struct xrdp_orders *self, char *present_ptr = (char *)NULL; char *order_flags_ptr = (char *)NULL; - xrdp_orders_check(self, 100); + //xrdp_orders_check(self, 100); + xrdp_orders_check(self, 44+data_len); self->order_count++; order_flags = RDP_ORDER_STANDARD; |