[debian-edu-commits] debian-edu/ 06/08: VUL: make sure cache entries are in range

Dominik George natureshadow-guest at moszumanska.debian.org
Thu Oct 6 21:01:36 UTC 2016


This is an automated email from the git hooks/post-receive script.

natureshadow-guest pushed a commit to annotated tag v0.6.1
in repository xrdp.

commit de82974e53db1c38c8712f5ee93cfe914ef3878b
Author: Jay Sorg <jay.sorg at gmail.com>
Date:   Tue Sep 10 11:19:12 2013 -0700

    VUL: make sure cache entries are in range
---
 common/xrdp_constants.h |  3 +++
 libxrdp/xrdp_rdp.c      | 29 +++++++++++++++++++++++------
 xrdp/xrdp.h             |  2 +-
 xrdp/xrdp_cache.c       | 17 ++++++++++++++---
 xrdp/xrdp_types.h       |  3 ++-
 5 files changed, 43 insertions(+), 11 deletions(-)

diff --git a/common/xrdp_constants.h b/common/xrdp_constants.h
index 56420e1..cdac994 100644
--- a/common/xrdp_constants.h
+++ b/common/xrdp_constants.h
@@ -454,4 +454,7 @@
 
 #define CB_ITEMCHANGE  300
 
+#define XRDP_MAX_BITMAP_CACHE_ID  3
+#define XRDP_MAX_BITMAP_CACHE_IDX 2000
+
 #endif
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index 78d0762..d72057f 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -638,12 +638,26 @@ static int APP_CC
 xrdp_process_capset_bmpcache(struct xrdp_rdp* self, struct stream* s,
                              int len)
 {
+  int i;
+
   in_uint8s(s, 24);
-  in_uint16_le(s, self->client_info.cache1_entries);
+  /* cache 1 */
+  in_uint16_le(s, i);
+  i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
+  i = MAX(i, 0);
+  self->client_info.cache1_entries = i;
   in_uint16_le(s, self->client_info.cache1_size);
-  in_uint16_le(s, self->client_info.cache2_entries);
+  /* cache 2 */
+  in_uint16_le(s, i);
+  i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
+  i = MAX(i, 0);
+  self->client_info.cache2_entries = i;
   in_uint16_le(s, self->client_info.cache2_size);
-  in_uint16_le(s, self->client_info.cache3_entries);
+  /* caceh 3 */
+  in_uint16_le(s, i);
+  i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
+  i = MAX(i, 0);
+  self->client_info.cache3_entries = i;
   in_uint16_le(s, self->client_info.cache3_size);
   DEBUG(("cache1 entries %d size %d", self->client_info.cache1_entries,
          self->client_info.cache1_size));
@@ -669,16 +683,19 @@ xrdp_process_capset_bmpcache2(struct xrdp_rdp* self, struct stream* s,
   self->client_info.bitmap_cache_persist_enable = i;
   in_uint8s(s, 2); /* number of caches in set, 3 */
   in_uint32_le(s, i);
-  i = MIN(i, 2000);
+  i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
+  i = MAX(i, 0);
   self->client_info.cache1_entries = i;
   self->client_info.cache1_size = 256 * Bpp;
   in_uint32_le(s, i);
-  i = MIN(i, 2000);
+  i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
+  i = MAX(i, 0);
   self->client_info.cache2_entries = i;
   self->client_info.cache2_size = 1024 * Bpp;
   in_uint32_le(s, i);
   i = i & 0x7fffffff;
-  i = MIN(i, 2000);
+  i = MIN(i, XRDP_MAX_BITMAP_CACHE_IDX);
+  i = MAX(i, 0);
   self->client_info.cache3_entries = i;
   self->client_info.cache3_size = 4096 * Bpp;
   DEBUG(("cache1 entries %d size %d", self->client_info.cache1_entries,
diff --git a/xrdp/xrdp.h b/xrdp/xrdp.h
index 094fd4b..d602e7d 100644
--- a/xrdp/xrdp.h
+++ b/xrdp/xrdp.h
@@ -28,8 +28,8 @@
 #include "parse.h"
 #include "trans.h"
 #include "libxrdpinc.h"
-#include "xrdp_types.h"
 #include "xrdp_constants.h"
+#include "xrdp_types.h"
 #include "defines.h"
 #include "os_calls.h"
 #include "ssl_calls.h"
diff --git a/xrdp/xrdp_cache.c b/xrdp/xrdp_cache.c
index 83e91ed..27fd153 100644
--- a/xrdp/xrdp_cache.c
+++ b/xrdp/xrdp_cache.c
@@ -34,15 +34,26 @@ xrdp_cache_create(struct xrdp_wm* owner,
   self->wm = owner;
   self->session = session;
   self->use_bitmap_comp = client_info->use_bitmap_comp;
-  self->cache1_entries = client_info->cache1_entries;
+
+  self->cache1_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
+                             client_info->cache1_entries);
+  self->cache1_entries = MAX(self->cache1_entries, 0);
   self->cache1_size = client_info->cache1_size;
-  self->cache2_entries = client_info->cache2_entries;
+
+  self->cache2_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
+                             client_info->cache2_entries);
+  self->cache2_entries = MAX(self->cache2_entries, 0);
   self->cache2_size = client_info->cache2_size;
-  self->cache3_entries = client_info->cache3_entries;
+
+  self->cache3_entries = MIN(XRDP_MAX_BITMAP_CACHE_IDX,
+                             client_info->cache3_entries);
+  self->cache3_entries = MAX(self->cache3_entries, 0);
   self->cache3_size = client_info->cache3_size;
+
   self->bitmap_cache_persist_enable = client_info->bitmap_cache_persist_enable;
   self->bitmap_cache_version = client_info->bitmap_cache_version;
   self->pointer_cache_entries = client_info->pointer_cache_entries;
+
   return self;
 }
 
diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h
index 1a16e1b..23523b9 100644
--- a/xrdp/xrdp_types.h
+++ b/xrdp/xrdp_types.h
@@ -150,7 +150,8 @@ struct xrdp_cache
   struct xrdp_palette_item palette_items[6];
   /* bitmap */
   int bitmap_stamp;
-  struct xrdp_bitmap_item bitmap_items[3][2000];
+  struct xrdp_bitmap_item bitmap_items[XRDP_MAX_BITMAP_CACHE_ID]
+                                      [XRDP_MAX_BITMAP_CACHE_IDX];
   int use_bitmap_comp;
   int cache1_entries;
   int cache1_size;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/xrdp.git



More information about the debian-edu-commits mailing list