Added some validation of protocol message parameters.

client/CClient.cpp

@@ -391,6 +391,12 @@ void					CClient::onGrabClipboard()
 	{
 		CLock lock(&m_mutex);
 		CProtocolUtil::readf(m_input, kMsgCClipboard + 4, &id, &seqNum);
+		log((CLOG_DEBUG "received clipboard %d grab", id));
+
+		// validate
+		if (id >= kClipboardEnd) {
+			return;
+		}
 
 		// we no longer own the clipboard
 		m_ownClipboard[id] = false;
@@ -431,6 +437,11 @@ void					CClient::onSetClipboard()
 	}
 	log((CLOG_DEBUG "received clipboard %d size=%d", id, data.size()));
 
+	// validate
+	if (id >= kClipboardEnd) {
+		return;
+	}
+
 	// unmarshall
 	CClipboard clipboard;
 	clipboard.unmarshall(data, 0);

server/CServer.cpp

@@ -135,6 +135,11 @@ UInt32					CServer::getActivePrimarySides() const
 void					CServer::setInfo(const CString& client,
 								SInt32 w, SInt32 h, SInt32 zoneSize)
 {
+	assert(!client.empty());
+	assert(w > 0);
+	assert(h > 0);
+	assert(zoneSize >= 0);
+
 	CLock lock(&m_mutex);
 
 	// client must be connected

server/CServerProtocol1_0.cpp

@@ -179,7 +179,7 @@ void					CServerProtocol1_0::recvInfo()
 	log((CLOG_DEBUG "received client \"%s\" info size=%dx%d, zone=%d", getClient().c_str(), w, h, zoneInfo));
 
 	// validate
-	if (w == 0 || h == 0) {
+	if (w <= 0 || h <= 0 || zoneInfo < 0) {
 		throw XBadClient();
 	}
 
@@ -189,19 +189,35 @@ void					CServerProtocol1_0::recvInfo()
 
 void					CServerProtocol1_0::recvClipboard()
 {
+	// parse message
 	ClipboardID id;
 	UInt32 seqNum;
 	CString data;
 	CProtocolUtil::readf(getInputStream(), kMsgDClipboard + 4, &id, &seqNum, &data);
 	log((CLOG_DEBUG "received client \"%s\" clipboard %d seqnum=%d, size=%d", getClient().c_str(), id, seqNum, data.size()));
+
+	// validate
+	if (id >= kClipboardEnd) {
+		throw XBadClient();
+	}
+
+	// send update
 	getServer()->setClipboard(id, seqNum, data);
 }
 
 void					CServerProtocol1_0::recvGrabClipboard()
 {
+	// parse message
 	ClipboardID id;
 	UInt32 seqNum;
 	CProtocolUtil::readf(getInputStream(), kMsgCClipboard + 4, &id, &seqNum);
 	log((CLOG_DEBUG "received client \"%s\" grabbed clipboard %d seqnum=%d", getClient().c_str(), id, seqNum));
+
+	// validate
+	if (id >= kClipboardEnd) {
+		throw XBadClient();
+	}
+
+	// send update
 	getServer()->grabClipboard(id, seqNum, getClient());
 }