diff options
Diffstat (limited to 'rdp')
| -rw-r--r-- | rdp/rdp_bitmap.c | 3 | ||||
| -rw-r--r-- | rdp/rdp_lic.c | 3 | ||||
| -rw-r--r-- | rdp/rdp_mcs.c | 4 | ||||
| -rw-r--r-- | rdp/rdp_rdp.c | 11 | ||||
| -rw-r--r-- | rdp/rdp_tcp.c | 3 |
5 files changed, 22 insertions, 2 deletions
diff --git a/rdp/rdp_bitmap.c b/rdp/rdp_bitmap.c index 0963588f..4ba821d3 100644 --- a/rdp/rdp_bitmap.c +++ b/rdp/rdp_bitmap.c @@ -164,6 +164,7 @@ bitmap_decompress1(char *output, int width, int height, char *input, int size) break; case 8: /* Bicolor */ color1 = CVAL(input); + /* fall through is intentional */ case 3: /* Color */ color2 = CVAL(input); break; @@ -435,6 +436,7 @@ bitmap_decompress2(char *output, int width, int height, char *input, int size) case 8: /* Bicolor */ color1[EIK0] = CVAL(input); color1[EIK1] = CVAL(input); + /* fall through is intentional */ case 3: /* Color */ color2[EIK0] = CVAL(input); color2[EIK1] = CVAL(input); @@ -752,6 +754,7 @@ bitmap_decompress3(char *output, int width, int height, char *input, int size) color1[0] = CVAL(input); color1[1] = CVAL(input); color1[2] = CVAL(input); + /* fall through is intentional */ case 3: /* Color */ color2[0] = CVAL(input); color2[1] = CVAL(input); diff --git a/rdp/rdp_lic.c b/rdp/rdp_lic.c index e3ff3a7e..2441bc7f 100644 --- a/rdp/rdp_lic.c +++ b/rdp/rdp_lic.c @@ -174,6 +174,8 @@ rdp_lic_process_demand(struct rdp_lic *self, struct stream *s) the security of licence negotiation isn't exactly paramount. */ g_memset(null_data, 0, sizeof(null_data)); rdp_lic_generate_keys(self, null_data, server_random, null_data); + +#if 0 licence_size = 0; /* todo load_licence(&licence_data); */ if (licence_size > 0) @@ -192,6 +194,7 @@ rdp_lic_process_demand(struct rdp_lic *self, struct stream *s) g_free(licence_data); return; } +#endif rdp_lic_send_request(self, null_data, null_data, self->sec_layer->rdp_layer->mod->username, diff --git a/rdp/rdp_mcs.c b/rdp/rdp_mcs.c index 55067b1f..18c33ac4 100644 --- a/rdp/rdp_mcs.c +++ b/rdp/rdp_mcs.c @@ -19,6 +19,7 @@ */ #include "rdp.h" +#include "common/log.h" /*****************************************************************************/ struct rdp_mcs *APP_CC @@ -598,7 +599,8 @@ failed")); int APP_CC rdp_mcs_init(struct rdp_mcs *self, struct stream *s) { - rdp_iso_init(self->iso_layer, s); + if (rdp_iso_init(self->iso_layer, s)) + log_message(LOG_LEVEL_ERROR, "rdp_mcs.c: rdp_iso_init() failed"); s_push_layer(s, mcs_hdr, 8); return 0; } diff --git a/rdp/rdp_rdp.c b/rdp/rdp_rdp.c index 973b8fe9..9ce63664 100644 --- a/rdp/rdp_rdp.c +++ b/rdp/rdp_rdp.c @@ -427,6 +427,12 @@ rdp_rdp_process_color_pointer_pdu(struct rdp_rdp *self, struct stream *s) return 1; } + /* there are only 32 cursors */ + if (cache_idx > 31) + { + return 1; + } + cursor = self->cursors + cache_idx; in_uint16_le(s, cursor->x); in_uint16_le(s, cursor->y); @@ -457,7 +463,7 @@ rdp_rdp_process_cached_pointer_pdu(struct rdp_rdp *self, struct stream *s) in_uint16_le(s, cache_idx); - if (cache_idx >= sizeof(self->cursors) / sizeof(cursor)) + if (cache_idx > 31) { return 1; } @@ -1164,6 +1170,9 @@ rdp_rec_check_file(struct rdp_rdp *self) } self->rec_fd = g_file_open(file_name); + if (self->rec_fd < 0) + return 1; + make_stream(s); init_stream(s, 8192); out_uint8a(s, "XRDPREC1", 8); diff --git a/rdp/rdp_tcp.c b/rdp/rdp_tcp.c index a919259e..f0a76d7d 100644 --- a/rdp/rdp_tcp.c +++ b/rdp/rdp_tcp.c @@ -157,7 +157,10 @@ int APP_CC rdp_tcp_connect(struct rdp_tcp *self, char *ip, char *port) { DEBUG((" in rdp_tcp_connect ip %s port %s", ip, port)); + self->sck = g_tcp_socket(); + if (self->sck < 0) + return 1; if (g_tcp_connect(self->sck, ip, port) == 0) { |