From 3ca72b35f3727692618a67ecee319f101a89b3d0 Mon Sep 17 00:00:00 2001 From: crs Date: Mon, 29 Apr 2002 14:25:24 +0000 Subject: [PATCH] Added some validation of protocol message parameters. --- client/CClient.cpp | 11 +++++++++++ server/CServer.cpp | 5 +++++ server/CServerProtocol1_0.cpp | 18 +++++++++++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/client/CClient.cpp b/client/CClient.cpp index b5f00de0..f41dc791 100644 --- a/client/CClient.cpp +++ b/client/CClient.cpp @@ -391,6 +391,12 @@ void CClient::onGrabClipboard() { CLock lock(&m_mutex); CProtocolUtil::readf(m_input, kMsgCClipboard + 4, &id, &seqNum); + log((CLOG_DEBUG "received clipboard %d grab", id)); + + // validate + if (id >= kClipboardEnd) { + return; + } // we no longer own the clipboard m_ownClipboard[id] = false; @@ -431,6 +437,11 @@ void CClient::onSetClipboard() } log((CLOG_DEBUG "received clipboard %d size=%d", id, data.size())); + // validate + if (id >= kClipboardEnd) { + return; + } + // unmarshall CClipboard clipboard; clipboard.unmarshall(data, 0); diff --git a/server/CServer.cpp b/server/CServer.cpp index a2e593fa..99fcca5f 100644 --- a/server/CServer.cpp +++ b/server/CServer.cpp @@ -135,6 +135,11 @@ UInt32 CServer::getActivePrimarySides() const void CServer::setInfo(const CString& client, SInt32 w, SInt32 h, SInt32 zoneSize) { + assert(!client.empty()); + assert(w > 0); + assert(h > 0); + assert(zoneSize >= 0); + CLock lock(&m_mutex); // client must be connected diff --git a/server/CServerProtocol1_0.cpp b/server/CServerProtocol1_0.cpp index 8cfcff0a..c69b1144 100644 --- a/server/CServerProtocol1_0.cpp +++ b/server/CServerProtocol1_0.cpp @@ -179,7 +179,7 @@ void CServerProtocol1_0::recvInfo() log((CLOG_DEBUG "received client \"%s\" info size=%dx%d, zone=%d", getClient().c_str(), w, h, zoneInfo)); // validate - if (w == 0 || h == 0) { + if (w <= 0 || h <= 0 || zoneInfo < 0) { throw XBadClient(); } @@ -189,19 +189,35 @@ void CServerProtocol1_0::recvInfo() void CServerProtocol1_0::recvClipboard() { + // parse message ClipboardID id; UInt32 seqNum; CString data; CProtocolUtil::readf(getInputStream(), kMsgDClipboard + 4, &id, &seqNum, &data); log((CLOG_DEBUG "received client \"%s\" clipboard %d seqnum=%d, size=%d", getClient().c_str(), id, seqNum, data.size())); + + // validate + if (id >= kClipboardEnd) { + throw XBadClient(); + } + + // send update getServer()->setClipboard(id, seqNum, data); } void CServerProtocol1_0::recvGrabClipboard() { + // parse message ClipboardID id; UInt32 seqNum; CProtocolUtil::readf(getInputStream(), kMsgCClipboard + 4, &id, &seqNum); log((CLOG_DEBUG "received client \"%s\" grabbed clipboard %d seqnum=%d", getClient().c_str(), id, seqNum)); + + // validate + if (id >= kClipboardEnd) { + throw XBadClient(); + } + + // send update getServer()->grabClipboard(id, seqNum, getClient()); }