libxrdp: in CS_MONITOR, validate virtual desktop size we got from client

author: speidy <speidy@gmail.com> 2016-05-18 00:20:41 -0400
committer: speidy <speidy@gmail.com> 2016-05-18 00:20:41 -0400
commit: 36c17767b7b40766f16db0e88dfbeaa9de77c565 (patch)
tree: 88f6384c6f4b1311468854235844b8d20995fa40
parent: b38dcf1bb0e1ecf6e98de20ac2480cb41dc905e3 (diff)
download: xrdp-proprietary-36c17767b7b40766f16db0e88dfbeaa9de77c565.tar.gz
xrdp-proprietary-36c17767b7b40766f16db0e88dfbeaa9de77c565.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
index 3e9cef66..fd8dfa36 100644
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -1969,6 +1969,13 @@ xrdp_sec_process_mcs_data_monitors(struct xrdp_sec *self, struct stream *s)
         client_info->width = (x2 - x1) + 1;
         client_info->height = (y2 - y1) + 1;
     }
+    /* make sure virtual desktop size is ok */
+    if ((client_info->width > 0x7FFE && client_info->width < 0xC8) ||
+        (client_info->height > 0x7FFE && client_info->height < 0xC8))
+    {
+        LLOGLN(0, ("[ERROR] xrdp_sec_process_mcs_data_monitors: error, virtual desktop width / height is too large"));
+        return 1; /* error */
+    }
 
     /* keep a copy of non negative monitor info values for xrdp_wm usage */
     for (index = 0; index < monitorCount; index++)
author	speidy <speidy@gmail.com>	2016-05-18 00:20:41 -0400
committer	speidy <speidy@gmail.com>	2016-05-18 00:20:41 -0400
commit	36c17767b7b40766f16db0e88dfbeaa9de77c565 (patch)
tree	88f6384c6f4b1311468854235844b8d20995fa40
parent	b38dcf1bb0e1ecf6e98de20ac2480cb41dc905e3 (diff)
download	xrdp-proprietary-36c17767b7b40766f16db0e88dfbeaa9de77c565.tar.gz xrdp-proprietary-36c17767b7b40766f16db0e88dfbeaa9de77c565.zip