Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed #6006: bounds checks in update_read_synchronize
  • Loading branch information
akallabeth committed Apr 2, 2020
1 parent f5e73cc commit ed53cd1
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions libfreerdp/core/update.c
Expand Up @@ -287,14 +287,14 @@ PALETTE_UPDATE* update_read_palette(rdpUpdate* update, wStream* s)
return NULL;
}

static void update_read_synchronize(rdpUpdate* update, wStream* s)
static BOOL update_read_synchronize(rdpUpdate* update, wStream* s)
{
WINPR_UNUSED(update);
Stream_Seek_UINT16(s); /* pad2Octets (2 bytes) */
/**
* The Synchronize Update is an artifact from the
* T.128 protocol and should be ignored.
*/
return Stream_SafeSeek(s, 2); /* pad2Octets (2 bytes) */
/**
* The Synchronize Update is an artifact from the
* T.128 protocol and should be ignored.
*/
}

static BOOL update_read_play_sound(wStream* s, PLAY_SOUND_UPDATE* play_sound)
Expand Down Expand Up @@ -807,7 +807,8 @@ BOOL update_recv(rdpUpdate* update, wStream* s)
break;

case UPDATE_TYPE_SYNCHRONIZE:
update_read_synchronize(update, s);
if (!update_read_synchronize(update, s))
goto fail;
rc = IFCALLRESULT(TRUE, update->Synchronize, context);
break;

Expand Down

0 comments on commit ed53cd1

Please sign in to comment.