@@ -1252,6 +1252,9 @@ BOOL license_read_new_or_upgrade_license_packet(rdpLicense* license, wStream* s)
12521252 if (!licenseStream )
12531253 goto out_free_blob ;
12541254
1255+ if (Stream_GetRemainingLength (licenseStream ) < 8 )
1256+ goto out_free_stream ;
1257+
12551258 Stream_Read_UINT16 (licenseStream , os_minor );
12561259 Stream_Read_UINT16 (licenseStream , os_major );
12571260
@@ -1266,6 +1269,8 @@ BOOL license_read_new_or_upgrade_license_packet(rdpLicense* license, wStream* s)
12661269 Stream_Seek (licenseStream , cbScope );
12671270
12681271 /* CompanyName */
1272+ if (Stream_GetRemainingLength (licenseStream ) < 4 )
1273+ goto out_free_stream ;
12691274 Stream_Read_UINT32 (licenseStream , cbCompanyName );
12701275 if (Stream_GetRemainingLength (licenseStream ) < cbCompanyName )
12711276 goto out_free_stream ;
@@ -1276,6 +1281,8 @@ BOOL license_read_new_or_upgrade_license_packet(rdpLicense* license, wStream* s)
12761281 Stream_Seek (licenseStream , cbCompanyName );
12771282
12781283 /* productId */
1284+ if (Stream_GetRemainingLength (licenseStream ) < 4 )
1285+ goto out_free_stream ;
12791286 Stream_Read_UINT32 (licenseStream , cbProductId );
12801287 if (Stream_GetRemainingLength (licenseStream ) < cbProductId )
12811288 goto out_free_stream ;
@@ -1286,6 +1293,8 @@ BOOL license_read_new_or_upgrade_license_packet(rdpLicense* license, wStream* s)
12861293 Stream_Seek (licenseStream , cbProductId );
12871294
12881295 /* licenseInfo */
1296+ if (Stream_GetRemainingLength (licenseStream ) < 4 )
1297+ goto out_free_stream ;
12891298 Stream_Read_UINT32 (licenseStream , cbLicenseInfo );
12901299 if (Stream_GetRemainingLength (licenseStream ) < cbLicenseInfo )
12911300 goto out_free_stream ;
0 commit comments