From a6dfbbe02139dc6e77cdd57d964dc157f8492043 Mon Sep 17 00:00:00 2001 From: "Jerry (Xinyu Hou)" Date: Tue, 19 May 2015 14:28:38 -0700 Subject: [PATCH] Validated received clipboard data size #4601 --- src/lib/client/ServerProxy.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/lib/client/ServerProxy.cpp b/src/lib/client/ServerProxy.cpp index c50e44d9..0a995846 100644 --- a/src/lib/client/ServerProxy.cpp +++ b/src/lib/client/ServerProxy.cpp @@ -546,6 +546,7 @@ ServerProxy::setClipboard() { // parse static String dataCached; + static size_t expectedSize; ClipboardID id; UInt32 seqNum; size_t mark = 0; @@ -553,7 +554,7 @@ ServerProxy::setClipboard() ProtocolUtil::readf(m_stream, kMsgDClipboard + 4, &id, &seqNum, &mark, &data); if (mark == kDataStart) { - //TODO: validate size + expectedSize = synergy::string::stringToSizeType(data); LOG((CLOG_DEBUG "start receiving clipboard data")); dataCached.clear(); } @@ -562,14 +563,21 @@ ServerProxy::setClipboard() } else if (mark == kDataEnd) { LOG((CLOG_DEBUG "received clipboard %d size=%d", id, dataCached.size())); + // validate if (id >= kClipboardEnd) { return; } + else if (expectedSize != dataCached.size()) { + LOG((CLOG_ERR "corrupted clipboard data, expected size=%d actual size=%d", expectedSize, dataCached.size())); + return; + } + // forward Clipboard clipboard; clipboard.unmarshall(dataCached, 0); m_client->setClipboard(id, &clipboard); + expectedSize = 0; } }