From 2e92b52dd511cb8567ff6c4e294273e0ba216349 Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Mon, 6 Sep 2021 22:07:06 +0200 Subject: Limit packet size during deserialization Apply the packet size limit used when reading packets during deserialization. Signed-off-by: Michael Hanselmann --- usbredirparser/usbredirparser.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/usbredirparser/usbredirparser.c b/usbredirparser/usbredirparser.c index 1518b1e..363b976 100644 --- a/usbredirparser/usbredirparser.c +++ b/usbredirparser/usbredirparser.c @@ -1865,8 +1865,14 @@ int usbredirparser_unserialize(struct usbredirparser *parser_pub, } parser->header_read = i; - /* Set various length field froms the header (if we've a header) */ + /* Set various length field from the header (if any) */ if (parser->header_read == header_len) { + if (parser->header.length > MAX_PACKET_SIZE) { + ERROR("packet length of %d larger than permitted %d bytes", + parser->header.length, MAX_PACKET_SIZE); + return -1; + } + int type_header_len = usbredirparser_get_type_header_len(parser_pub, parser->header.type, 0); -- cgit v1.2.3