github/FreeRDP
7
0
Fork 0
mirror of https://github.com/FreeRDP/FreeRDP.git synced 2025-06-03 00:00:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

[channels,urbdrc] check InterfaceId for RIM_EXCHANGE_CAPABILITY_REQUEST

Browse Source
This commit is contained in:
akallabeth 2025-03-05 21:24:43 +01:00
parent 3ed1545319
commit dd92d719d1
No known key found for this signature in database
GPG Key ID: A49454A3FC909FD5
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
channels/urbdrc/client/data_transfer.c
View File

@ -327,6 +327,9 @@ static UINT urbdrc_process_internal_io_control(IUDEVICE* pdev, GENERIC_CHANNEL_C
if (!pdev || !callback || !s || !udevman)
return ERROR_INVALID_PARAMETER;
URBDRC_PLUGIN* urbdrc = (URBDRC_PLUGIN*)callback->plugin;
WINPR_ASSERT(urbdrc);
if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
return ERROR_INVALID_DATA;
@ -343,6 +346,13 @@ static UINT urbdrc_process_internal_io_control(IUDEVICE* pdev, GENERIC_CHANNEL_C
// TODO: Implement control code.
/** Fixme: Currently this is a FALSE bustime... */
frames = GetTickCount();
if (4 > OutputBufferSize)
{
WLog_Print(urbdrc->log, WLOG_DEBUG, "out_size %" PRIu32 " > OutputBufferSize %" PRIu32, 4,
OutputBufferSize);
return ERROR_BAD_CONFIGURATION;
}
out = urb_create_iocompletion(InterfaceId, MessageId, RequestId, 4);
if (!out)
@ -593,6 +603,14 @@ static UINT urb_select_interface(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBACK* callb
MsInterface = MsConfig->MsInterfaces[InterfaceNumber];
interface_size = 16 + (MsInterface->NumberOfPipes * 20);
out_size = 36 + interface_size;
if (out_size > OutputBufferSize)
{
WLog_Print(urbdrc->log, WLOG_DEBUG, "out_size %" PRIu32 " > OutputBufferSize %" PRIu32,
out_size, OutputBufferSize);
msusb_msconfig_free(MsConfig);
return ERROR_BAD_CONFIGURATION;
}
out = Stream_New(NULL, out_size);
if (!out)
@ -1282,6 +1300,12 @@ static UINT urb_pipe_request(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBACK* callback,
/** send data */
out_size = 36;
if (out_size > OutputBufferSize)
{
WLog_Print(urbdrc->log, WLOG_DEBUG, "out_size %" PRIu32 " > OutputBufferSize %" PRIu32,
out_size, OutputBufferSize);
return ERROR_BAD_CONFIGURATION;
}
out = Stream_New(NULL, out_size);
if (!out)
@ -1327,6 +1351,14 @@ static UINT urb_get_current_frame_number(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBAC
/** Fixme: Need to fill actual frame number!!*/
dummy_frames = GetTickCount();
out_size = 40;
if (out_size > OutputBufferSize)
{
WLog_Print(urbdrc->log, WLOG_DEBUG, "out_size %" PRIu32 " > OutputBufferSize %" PRIu32,
out_size, OutputBufferSize);
return ERROR_BAD_CONFIGURATION;
}
out = Stream_New(NULL, out_size);
if (!out)

9
channels/urbdrc/client/urbdrc_main.c
View File

@ -403,6 +403,15 @@ static UINT urbdrc_exchange_capabilities(GENERIC_CHANNEL_CALLBACK* callback, wSt
switch (FunctionId)
{
case RIM_EXCHANGE_CAPABILITY_REQUEST:
if (InterfaceId != 0)
{
WLog_ERR(
TAG,
"[MS-RDPEUSB] 2.2.3.1 Interface Manipulation Exchange Capabilities Request "
"(RIM_EXCHANGE_CAPABILITY_REQUEST))::InterfaceId expected 0, got %" PRIu32,
InterfaceId);
return ERROR_INVALID_DATA;
}
error = urbdrc_process_capability_request(callback, data, MessageId);
break;