From 2cec76f748609ffdca19a5f722024b7b7793cb1c Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sun, 5 Apr 2020 16:39:33 -0400 Subject: [PATCH] [WIP] One more length check. --- src/protocols/rdp/channels/rdpsnd/rdpsnd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/protocols/rdp/channels/rdpsnd/rdpsnd.c b/src/protocols/rdp/channels/rdpsnd/rdpsnd.c index 7a468e6a..04554339 100644 --- a/src/protocols/rdp/channels/rdpsnd/rdpsnd.c +++ b/src/protocols/rdp/channels/rdpsnd/rdpsnd.c @@ -43,7 +43,10 @@ void guac_rdpsnd_process_receive(guac_rdp_common_svc* svc, Stream_Read_UINT8(input_stream, header.message_type); Stream_Seek_UINT8(input_stream); Stream_Read_UINT16(input_stream, header.body_size); - + + if (Stream_GetRemainingLength(input_stream) < header.body_size) + return; + /* * If next PDU is SNDWAVE (due to receiving WaveInfo PDU previously), * ignore the header and parse as a Wave PDU.