mike-jumper commented on a change in pull request #274:
URL: https://github.com/apache/guacamole-server/pull/274#discussion_r419656295
##########
File path: src/protocols/rdp/channels/rdpsnd/rdpsnd.c
##########
@@ -48,6 +52,10 @@ void guac_rdpsnd_process_receive(guac_rdp_common_svc* svc,
guac_rdpsnd_wave_handler(svc, input_stream, &header);
return;
}
+
+ /* Check body size */
+ if (Stream_GetRemainingLength(input_stream) < header.body_size)
Review comment:
RDPSND is a bit convoluted in the way it handles each segment of sound
data. I think the reason you're seeing this fail is that audio data is split
across two PDUs:
1. "WaveInfo" (with type `SNDC_WAVE`).
2. "Wave" (the PDU immediately following a "WaveInfo" PDU)
In the case of "WaveInfo", the body size is not the size of that PDU, but
the size of that PDU _plus_ the next:
> The BodySize field of the RDPSND PDU Header is the size of the WaveInfo
PDU plus the size of the data field of the Wave PDU that immediately follows
this packet minus the size of the Header.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
