From a16cb1da635ac9832178c35fbbf169441f694536 Mon Sep 17 00:00:00 2001
From: Pascal Nowack <Pascal.Nowack@gmx.de>
Date: Sat, 19 Apr 2025 20:30:24 +0200
Subject: [PATCH] rdpei/server: Fix incorrect PDU length read

The PDU length is a 32-bit unsigned integer and not a 16-bit one.
---
 channels/rdpei/server/rdpei_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/channels/rdpei/server/rdpei_main.c b/channels/rdpei/server/rdpei_main.c
index 4354edf76..114551097 100644
--- a/channels/rdpei/server/rdpei_main.c
+++ b/channels/rdpei/server/rdpei_main.c
@@ -718,7 +718,7 @@ UINT rdpei_server_handle_messages(RdpeiServerContext* context)
 
 		/* header case */
 		Stream_Read_UINT16(s, priv->currentMsgType);
-		Stream_Read_UINT16(s, pduLen);
+		Stream_Read_UINT32(s, pduLen);
 
 		if (pduLen < RDPINPUT_HEADER_LENGTH)
 		{