xrdp: handle 3 byte PDU

author: Jay Sorg <jay.sorg@gmail.com> 2016-10-03 20:05:14 -0700
committer: Jay Sorg <jay.sorg@gmail.com> 2016-10-03 20:05:14 -0700
commit: 409878666fcab91092dd72b554dad7eafb564966 (patch)
tree: 3c968b3b5780532356e9324af1a52dd6d03b167b /xrdp/xrdp_process.c
parent: f0c0976d1d2a1e29a11979448ce0e8a16965f416 (diff)
download: xrdp-proprietary-409878666fcab91092dd72b554dad7eafb564966.tar.gz
xrdp-proprietary-409878666fcab91092dd72b554dad7eafb564966.zip
1 files changed, 43 insertions, 5 deletions
diff --git a/xrdp/xrdp_process.c b/xrdp/xrdp_process.c
index 6cb9ea02..c0f3dfa9 100644
--- a/xrdp/xrdp_process.c
+++ b/xrdp/xrdp_process.c
@@ -138,13 +138,43 @@ xrdp_process_data_in(struct trans *self)
             }
             if (pro->session->up_and_running)
             {
+                pro->server_trans->header_size = 2;
                 pro->server_trans->extra_flags = 1;
-                pro->server_trans->header_size = 4;
                 init_stream(s, 0);
             }
             break;
 
         case 1:
+            /* we got 2 bytes */
+            if (s->p[0] == 3)
+            {
+                pro->server_trans->header_size = 4;
+                pro->server_trans->extra_flags = 2;
+            }
+            else
+            {
+                if (s->p[1] & 0x80)
+                {
+                    pro->server_trans->header_size = 3;
+                    pro->server_trans->extra_flags = 2;
+                }
+                else
+                {
+                    len = (tui8)(s->p[1]);
+                    pro->server_trans->header_size = len;
+                    pro->server_trans->extra_flags = 3;
+                }
+            }
+
+            len = (int) (s->end - s->data);
+            if (pro->server_trans->header_size > len)
+            {
+                /* not enough data read yet */
+                break;
+            }
+            /* FALLTHROUGH */
+
+        case 2:
             /* we have enough now to get the PDU bytes */
             len = libxrdp_get_pdu_bytes(s->p);
             if (len == -1)
@@ -154,10 +184,18 @@ xrdp_process_data_in(struct trans *self)
                 return 1;
             }
             pro->server_trans->header_size = len;
-            pro->server_trans->extra_flags = 2;
-            break;
+            pro->server_trans->extra_flags = 3;
 
-        case 2:
+            len = (int) (s->end - s->data);
+            if (pro->server_trans->header_size > len)
+            {
+                /* not enough data read yet */
+                break;
+            }
+            /* FALLTHROUGH */
+            g_writeln("here");
+
+        case 3:
             /* the whole PDU is read in now process */
             s->p = s->data;
             if (xrdp_process_loop(pro, s) != 0)
@@ -167,7 +205,7 @@ xrdp_process_data_in(struct trans *self)
                 return 1;
             }
             init_stream(s, 0);
-            pro->server_trans->header_size = 4;
+            pro->server_trans->header_size = 2;
             pro->server_trans->extra_flags = 1;
             break;
     }
author	Jay Sorg <jay.sorg@gmail.com>	2016-10-03 20:05:14 -0700
committer	Jay Sorg <jay.sorg@gmail.com>	2016-10-03 20:05:14 -0700
commit	409878666fcab91092dd72b554dad7eafb564966 (patch)
tree	3c968b3b5780532356e9324af1a52dd6d03b167b /xrdp/xrdp_process.c
parent	f0c0976d1d2a1e29a11979448ce0e8a16965f416 (diff)
download	xrdp-proprietary-409878666fcab91092dd72b554dad7eafb564966.tar.gz xrdp-proprietary-409878666fcab91092dd72b554dad7eafb564966.zip