From 445e7d980005503913e77895f5b13097928b3437 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Tue, 10 Sep 2013 16:20:11 -0700 Subject: VUL: check bytes remaining in xrdp_rdp_process_data_input --- libxrdp/xrdp_rdp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index a940a695..0bbd411f 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -1322,12 +1322,20 @@ xrdp_rdp_process_data_input(struct xrdp_rdp *self, struct stream *s) int param2; int time; + if (!s_check_rem(s, 4)) + { + return 1; + } in_uint16_le(s, num_events); in_uint8s(s, 2); /* pad */ DEBUG(("in xrdp_rdp_process_data_input %d events", num_events)); for (index = 0; index < num_events; index++) { + if (!s_check_rem(s, 12)) + { + return 1; + } in_uint32_le(s, time); in_uint16_le(s, msg_type); in_uint16_le(s, device_flags); -- cgit v1.2.1