#362 segfault in rdpdr_process_irp - fix

Future
closed-fixed
nobody
None
5
2015-02-14
2013-02-09
No

I'm connecting from Ubuntu x64 to Windows 7 and rdesktop segfaults in rdpdr_process_irp

Output from gdb:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000437b4d in rdpdr_process_irp (s=0x6d3360) at rdpdr.c:382
382 switch (g_rdpdr_device[device].device_type)
(gdb) bt

0 0x0000000000437b4d in rdpdr_process_irp (s=0x6d3360) at rdpdr.c:382

1 0x0000000000438edb in rdpdr_process (s=0x6d3360) at rdpdr.c:800

2 0x0000000000436dc8 in channel_process (s=0x6d3360, mcs_channel=1005) at channels.c:161

3 0x0000000000425e46 in sec_recv (rdpver=0x7fffffffdbbf "\003\360\333\377\377\377\177") at secure.c:828

4 0x0000000000426e5f in rdp_recv (type=0x7fffffffdbef "") at rdp.c:96

5 0x000000000042ac16 in rdp_loop (deactivated=0x7fffffffdd10, ext_disc_reason=0x7fffffffdd14) at rdp.c:1602

6 0x000000000042abe5 in rdp_main_loop (deactivated=0x7fffffffdd10, ext_disc_reason=0x7fffffffdd14) at rdp.c:1583

7 0x0000000000407d7d in main (argc=2, argv=0x7fffffffe1e8) at rdesktop.c:1025

(gdb) p device
$1 = 4294967295
(gdb) p (int)device
$2 = -1

The value received in device is incorrect, but it should not cause a segfault. I recommend to add this test in rdpdr_process_irp

$ diff rdpdr.c rdpdr_new.c
381a382,387

if (device >= RDPDR_MAX_DEVICES)
{
error("IRP for bad device %ld\n", device);
return;
}

Discussion

  • Henrik Andersson

    This is now fixed upstream in commit r1701, excuse me for giving creds to David for this one in commit message. He sent me some patches which i verified and applied without looking up origin.

     
  • Henrik Andersson

    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks