Uploaded image for project: 'Apache Guacamole - Contributions'
  1. Apache Guacamole - Contributions
  2. GUAC-1671

RDPDR file read/write may be truncated to 32 bits

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: RDP
    • Labels:
    • Sprint:
      DEV 2019-04-06, DEV 2019-04-20

      Description

      While file sizes are now properly-represented with 64-bit integers (see GUAC-1598), the offset of each read/write is still a simple int. This will limit the location of each read or write to a 32-bit addressable space, thus effectively limiting the size of files transferred to 4 GB:

      int guac_rdp_fs_write(guac_rdp_fs* fs, int file_id, int offset,
              void* buffer, int length) {
          ...
       
          /* Attempt write */
          lseek(file->fd, offset, SEEK_SET);
          bytes_written = write(file->fd, buffer, length);
       
          ...

      See: https://github.com/apache/guacamole-server/blob/67680bd2d51e7949453f0f7ffc7f4234a1136715/src/protocols/rdp/rdp_fs.c#L405-L452

      It couldn't hurt to check over the rest of the RDP implementation to see where we might be reading a 64-bit value into an int. Usages of the Stream_Read_UINT64() macro which read into an int will happily truncate the result without any compiler warning due to the type cast included within the macro definition.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              muhammad.khan Muhammad Khan (Inactive)
              Reporter:
              mike.jumper Michael Jumper
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: