From cdc532e8ba33f3a04946176e5721a09015a40cd0 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 6 Mar 2014 11:48:52 -0800 Subject: [PATCH] Use fixed-size SVC name buffer. Validate length. --- src/protocols/rdp/guac_svc/svc_service.c | 3 ++- src/protocols/rdp/rdp_svc.c | 13 +++++++++++-- src/protocols/rdp/rdp_svc.h | 7 ++++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/protocols/rdp/guac_svc/svc_service.c b/src/protocols/rdp/guac_svc/svc_service.c index 2d7faffc..45c82f31 100644 --- a/src/protocols/rdp/guac_svc/svc_service.c +++ b/src/protocols/rdp/guac_svc/svc_service.c @@ -59,7 +59,8 @@ int VirtualChannelEntry(PCHANNEL_ENTRY_POINTS pEntryPoints) { guac_rdp_svc* svc = (guac_rdp_svc*) entry_points_ex->pExtendedData; /* Init channel def */ - strcpy(svc_plugin->plugin.channel_def.name, svc->name); + strncpy(svc_plugin->plugin.channel_def.name, svc->name, + GUAC_RDP_SVC_MAX_LENGTH); svc_plugin->plugin.channel_def.options = CHANNEL_OPTION_INITIALIZED | CHANNEL_OPTION_ENCRYPT_RDP diff --git a/src/protocols/rdp/rdp_svc.c b/src/protocols/rdp/rdp_svc.c index 39e4375a..3921e21f 100644 --- a/src/protocols/rdp/rdp_svc.c +++ b/src/protocols/rdp/rdp_svc.c @@ -41,16 +41,25 @@ guac_rdp_svc* guac_rdp_alloc_svc(guac_client* client, char* name) { /* Init SVC */ svc->client = client; - svc->name = strdup(name); svc->plugin = NULL; svc->input_pipe = NULL; svc->output_pipe = NULL; + /* Warn about name length */ + if (strnlen(name, GUAC_RDP_SVC_MAX_LENGTH+1) > GUAC_RDP_SVC_MAX_LENGTH) + guac_client_log_info(client, + "Static channel name \"%s\" exceeds maximum of %i characters " + "and will be truncated", + name, GUAC_RDP_SVC_MAX_LENGTH); + + /* Init name */ + strncpy(svc->name, name, GUAC_RDP_SVC_MAX_LENGTH); + svc->name[GUAC_RDP_SVC_MAX_LENGTH] = '\0'; + return svc; } void guac_rdp_free_svc(guac_rdp_svc* svc) { - free(svc->name); free(svc); } diff --git a/src/protocols/rdp/rdp_svc.h b/src/protocols/rdp/rdp_svc.h index f3b1f6fb..c0ddf404 100644 --- a/src/protocols/rdp/rdp_svc.h +++ b/src/protocols/rdp/rdp_svc.h @@ -35,6 +35,11 @@ #include "compat/winpr-stream.h" #endif +/** + * The maximum number of characters to allow for each channel name. + */ +#define GUAC_RDP_SVC_MAX_LENGTH 7 + /** * Structure describing a static virtual channel, and the corresponding * Guacamole pipes. @@ -54,7 +59,7 @@ typedef struct guac_rdp_svc { /** * The name of the RDP channel in use, and the name to use for each pipe. */ - char* name; + char name[GUAC_RDP_SVC_MAX_LENGTH+1]; /** * The pipe opened by the Guacamole client, if any. This should be