|
static const char * | update_type_to_string (UINT16 updateType) |
|
static BOOL | update_recv_orders (rdpUpdate *update, wStream *s) |
|
static BOOL | update_read_bitmap_data (rdpUpdate *update, wStream *s, BITMAP_DATA *bitmapData) |
|
static BOOL | update_write_bitmap_data (rdpUpdate *update_pub, wStream *s, BITMAP_DATA *bitmapData) |
|
BITMAP_UPDATE * | update_read_bitmap_update (rdpUpdate *update, wStream *s) |
|
static BOOL | update_write_bitmap_update (rdpUpdate *update, wStream *s, const BITMAP_UPDATE *bitmapUpdate) |
|
PALETTE_UPDATE * | update_read_palette (rdpUpdate *update, wStream *s) |
|
static BOOL | update_read_synchronize (rdpUpdate *update, wStream *s) |
|
static BOOL | update_read_play_sound (wStream *s, PLAY_SOUND_UPDATE *play_sound) |
|
BOOL | update_recv_play_sound (rdpUpdate *update, wStream *s) |
|
POINTER_POSITION_UPDATE * | update_read_pointer_position (rdpUpdate *update, wStream *s) |
|
POINTER_SYSTEM_UPDATE * | update_read_pointer_system (rdpUpdate *update, wStream *s) |
|
static BOOL | s_update_read_pointer_color (wStream *s, POINTER_COLOR_UPDATE *pointer_color, BYTE xorBpp, UINT32 flags) |
|
POINTER_COLOR_UPDATE * | update_read_pointer_color (rdpUpdate *update, wStream *s, BYTE xorBpp) |
|
static BOOL | s_update_read_pointer_large (wStream *s, POINTER_LARGE_UPDATE *pointer) |
|
POINTER_LARGE_UPDATE * | update_read_pointer_large (rdpUpdate *update, wStream *s) |
|
POINTER_NEW_UPDATE * | update_read_pointer_new (rdpUpdate *update, wStream *s) |
|
POINTER_CACHED_UPDATE * | update_read_pointer_cached (rdpUpdate *update, wStream *s) |
|
BOOL | update_recv_pointer (rdpUpdate *update, wStream *s) |
|
BOOL | update_recv (rdpUpdate *update, wStream *s) |
|
void | update_reset_state (rdpUpdate *update) |
|
BOOL | update_post_connect (rdpUpdate *update) |
|
void | update_post_disconnect (rdpUpdate *update) |
|
static BOOL | s_update_begin_paint (rdpContext *context) |
|
static BOOL | s_update_end_paint (rdpContext *context) |
|
static void | update_flush (rdpContext *context) |
|
static void | update_force_flush (rdpContext *context) |
|
static BOOL | update_check_flush (rdpContext *context, size_t size) |
|
static BOOL | update_set_bounds (rdpContext *context, const rdpBounds *bounds) |
|
static BOOL | update_bounds_is_null (rdpBounds *bounds) |
|
static BOOL | update_bounds_equals (rdpBounds *bounds1, rdpBounds *bounds2) |
|
static int | update_prepare_bounds (rdpContext *context, ORDER_INFO *orderInfo) |
|
static int | update_prepare_order_info (rdpContext *context, ORDER_INFO *orderInfo, UINT32 orderType) |
|
static int | update_write_order_info (rdpContext *context, wStream *s, ORDER_INFO *orderInfo, size_t offset) |
|
static void | update_write_refresh_rect (wStream *s, BYTE count, const RECTANGLE_16 *areas) |
|
static BOOL | update_send_refresh_rect (rdpContext *context, BYTE count, const RECTANGLE_16 *areas) |
|
static void | update_write_suppress_output (wStream *s, BYTE allow, const RECTANGLE_16 *area) |
|
static BOOL | update_send_suppress_output (rdpContext *context, BYTE allow, const RECTANGLE_16 *area) |
|
static BOOL | update_send_surface_command (rdpContext *context, wStream *s) |
|
static BOOL | update_send_surface_bits (rdpContext *context, const SURFACE_BITS_COMMAND *surfaceBitsCommand) |
|
static BOOL | update_send_surface_frame_marker (rdpContext *context, const SURFACE_FRAME_MARKER *surfaceFrameMarker) |
|
static BOOL | update_send_surface_frame_bits (rdpContext *context, const SURFACE_BITS_COMMAND *cmd, BOOL first, BOOL last, UINT32 frameId) |
|
static BOOL | update_send_frame_acknowledge (rdpContext *context, UINT32 frameId) |
|
static BOOL | update_send_synchronize (rdpContext *context) |
|
static BOOL | update_send_desktop_resize (rdpContext *context) |
|
static BOOL | update_send_bitmap_update (rdpContext *context, const BITMAP_UPDATE *bitmapUpdate) |
|
static BOOL | update_send_play_sound (rdpContext *context, const PLAY_SOUND_UPDATE *play_sound) |
|
static BOOL | update_send_dstblt (rdpContext *context, const DSTBLT_ORDER *dstblt) |
|
static BOOL | update_send_patblt (rdpContext *context, PATBLT_ORDER *patblt) |
|
static BOOL | update_send_scrblt (rdpContext *context, const SCRBLT_ORDER *scrblt) |
|
static BOOL | update_send_opaque_rect (rdpContext *context, const OPAQUE_RECT_ORDER *opaque_rect) |
|
static BOOL | update_send_line_to (rdpContext *context, const LINE_TO_ORDER *line_to) |
|
static BOOL | update_send_memblt (rdpContext *context, MEMBLT_ORDER *memblt) |
|
static BOOL | update_send_glyph_index (rdpContext *context, GLYPH_INDEX_ORDER *glyph_index) |
|
static BOOL | update_send_cache_bitmap (rdpContext *context, const CACHE_BITMAP_ORDER *cache_bitmap) |
|
static BOOL | update_send_cache_bitmap_v2 (rdpContext *context, CACHE_BITMAP_V2_ORDER *cache_bitmap_v2) |
|
static BOOL | update_send_cache_bitmap_v3 (rdpContext *context, CACHE_BITMAP_V3_ORDER *cache_bitmap_v3) |
|
static BOOL | update_send_cache_color_table (rdpContext *context, const CACHE_COLOR_TABLE_ORDER *cache_color_table) |
|
static BOOL | update_send_cache_glyph (rdpContext *context, const CACHE_GLYPH_ORDER *cache_glyph) |
|
static BOOL | update_send_cache_glyph_v2 (rdpContext *context, const CACHE_GLYPH_V2_ORDER *cache_glyph_v2) |
|
static BOOL | update_send_cache_brush (rdpContext *context, const CACHE_BRUSH_ORDER *cache_brush) |
|
static BOOL | update_send_create_offscreen_bitmap_order (rdpContext *context, const CREATE_OFFSCREEN_BITMAP_ORDER *create_offscreen_bitmap) |
|
static BOOL | update_send_switch_surface_order (rdpContext *context, const SWITCH_SURFACE_ORDER *switch_surface) |
|
static BOOL | update_send_pointer_system (rdpContext *context, const POINTER_SYSTEM_UPDATE *pointer_system) |
|
static BOOL | update_send_pointer_position (rdpContext *context, const POINTER_POSITION_UPDATE *pointerPosition) |
|
static BOOL | update_write_pointer_color (wStream *s, const POINTER_COLOR_UPDATE *pointer_color) |
|
static BOOL | update_send_pointer_color (rdpContext *context, const POINTER_COLOR_UPDATE *pointer_color) |
|
static BOOL | update_write_pointer_large (wStream *s, const POINTER_LARGE_UPDATE *pointer) |
|
static BOOL | update_send_pointer_large (rdpContext *context, const POINTER_LARGE_UPDATE *pointer) |
|
static BOOL | update_send_pointer_new (rdpContext *context, const POINTER_NEW_UPDATE *pointer_new) |
|
static BOOL | update_send_pointer_cached (rdpContext *context, const POINTER_CACHED_UPDATE *pointer_cached) |
|
BOOL | update_read_refresh_rect (rdpUpdate *update, wStream *s) |
|
BOOL | update_read_suppress_output (rdpUpdate *update, wStream *s) |
|
static BOOL | update_send_set_keyboard_indicators (rdpContext *context, UINT16 led_flags) |
|
static BOOL | update_send_set_keyboard_ime_status (rdpContext *context, UINT16 imeId, UINT32 imeState, UINT32 imeConvMode) |
|
static UINT16 | update_calculate_new_or_existing_window (const WINDOW_ORDER_INFO *orderInfo, const WINDOW_STATE_ORDER *stateOrder) |
|
static BOOL | update_send_new_or_existing_window (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const WINDOW_STATE_ORDER *stateOrder) |
|
static BOOL | update_send_window_create (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const WINDOW_STATE_ORDER *stateOrder) |
|
static BOOL | update_send_window_update (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const WINDOW_STATE_ORDER *stateOrder) |
|
static UINT16 | update_calculate_window_icon_order (const WINDOW_ORDER_INFO *orderInfo, const WINDOW_ICON_ORDER *iconOrder) |
|
static BOOL | update_send_window_icon (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const WINDOW_ICON_ORDER *iconOrder) |
|
static BOOL | update_send_window_cached_icon (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const WINDOW_CACHED_ICON_ORDER *cachedIconOrder) |
|
static BOOL | update_send_window_delete (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo) |
|
static UINT16 | update_calculate_new_or_existing_notification_icons_order (const WINDOW_ORDER_INFO *orderInfo, const NOTIFY_ICON_STATE_ORDER *iconStateOrder) |
|
static BOOL | update_send_new_or_existing_notification_icons (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const NOTIFY_ICON_STATE_ORDER *iconStateOrder) |
|
static BOOL | update_send_notify_icon_create (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const NOTIFY_ICON_STATE_ORDER *iconStateOrder) |
|
static BOOL | update_send_notify_icon_update (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const NOTIFY_ICON_STATE_ORDER *iconStateOrder) |
|
static BOOL | update_send_notify_icon_delete (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo) |
|
static UINT16 | update_calculate_monitored_desktop (const WINDOW_ORDER_INFO *orderInfo, const MONITORED_DESKTOP_ORDER *monitoredDesktop) |
|
static BOOL | update_send_monitored_desktop (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo, const MONITORED_DESKTOP_ORDER *monitoredDesktop) |
|
static BOOL | update_send_non_monitored_desktop (rdpContext *context, const WINDOW_ORDER_INFO *orderInfo) |
|
void | update_register_server_callbacks (rdpUpdate *update) |
|
void | update_register_client_callbacks (rdpUpdate *update) |
|
int | update_process_messages (rdpUpdate *update) |
|
static void | update_free_queued_message (void *obj) |
|
void | update_free_window_state (WINDOW_STATE_ORDER *window_state) |
|
rdpUpdate * | update_new (rdpRdp *rdp) |
|
void | update_free (rdpUpdate *update) |
|
void | rdp_update_lock (rdpUpdate *update) |
|
void | rdp_update_unlock (rdpUpdate *update) |
|
BOOL | update_begin_paint (rdpUpdate *update) |
|
BOOL | update_end_paint (rdpUpdate *update) |
|
As stated in 2.2.9.1.1.4.4 Color Pointer Update: The maximum allowed pointer width/height is 96 pixels if the client indicated support for large pointers by setting the LARGE_POINTER_FLAG (0x00000001) in the Large Pointer Capability Set (section 2.2.7.2.7). If the LARGE_POINTER_FLAG was not set, the maximum allowed pointer width/height is 32 pixels.
So we check for a maximum for CVE-2014-0250.
There does not seem to be any documentation on why hotSpot.xPos / hotSpot.yPos can be larger than width / height so it is missing in documentation or a bug in implementation 2.2.9.1.1.4.4 Color Pointer Update (TS_COLORPOINTERATTRIBUTE)
Spec states that:
xorMaskData (variable): A variable-length array of bytes. Contains the 24-bpp, bottom-up XOR mask scan-line data. The XOR mask is padded to a 2-byte boundary for each encoded scan-line. For example, if a 3x3 pixel cursor is being sent, then each scan-line will consume 10 bytes (3 pixels per scan-line multiplied by 3 bytes per pixel, rounded up to the next even number of bytes).
In fact instead of 24-bpp, the bpp parameter is given by the containing packet.
andMaskData (variable): A variable-length array of bytes. Contains the 1-bpp, bottom-up AND mask scan-line data. The AND mask is padded to a 2-byte boundary for each encoded scan-line. For example, if a 7x7 pixel cursor is being sent, then each scan-line will consume 2 bytes (7 pixels per scan-line multiplied by 1 bpp, rounded up to the next even number of bytes).