Merge branch 'feat/deactivate-all' into feat/dynamic-resize

Author: Isaiah Becker-Mayer

crates/ironrdp-pdu/src/ber.rs

@@ -133,6 +133,7 @@ pub(crate) fn read_enumerated(stream: &mut ReadCursor<'_>, count: u8) -> PduResu
         return Err(invalid_message_err!("len", "invalid enumerated len"));
     }
 
+    ensure_size!(in: stream, size: 1);
     let enumerated = stream.read_u8();
     if enumerated == u8::MAX || enumerated + 1 > count {
         return Err(invalid_message_err!("enumerated", "invalid enumerated value"));
@@ -203,6 +204,8 @@ pub(crate) fn write_bool(stream: &mut WriteCursor<'_>, value: bool) -> PduResult
     let mut size = 0;
     size += write_universal_tag(stream, Tag::Boolean, Pc::Primitive)?;
     size += write_length(stream, 1)?;
+
+    ensure_size!(in: stream, size: 1);
     stream.write_u8(if value { 0xFF } else { 0x00 });
     size += 1;
 
@@ -217,6 +220,7 @@ pub(crate) fn read_bool(stream: &mut ReadCursor<'_>) -> PduResult<bool> {
         return Err(invalid_message_err!("len", "invalid integer len"));
     }
 
+    ensure_size!(in: stream, size: 1);
     Ok(stream.read_u8() != 0)
 }
 

crates/ironrdp-pdu/src/gcc/security_data.rs

@@ -171,6 +171,7 @@ impl<'de> PduDecode<'de> for ServerSecurityData {
                 ));
             }
 
+            ensure_size!(in: src, size: SERVER_RANDOM_LEN);
             let server_random = src.read_array();
 
             ensure_size!(in: src, size: server_cert_len);

crates/ironrdp-pdu/src/rdp/server_license/client_platform_challenge_response.rs

@@ -152,6 +152,7 @@ impl<'de> PduDecode<'de> for ClientPlatformChallengeResponse {
         ensure_size!(in: src, size: encrypted_hwid_blob.length);
         let encrypted_hwid = src.read_slice(encrypted_hwid_blob.length).into();
 
+        ensure_size!(in: src, size: MAC_SIZE);
         let mac_data = src.read_slice(MAC_SIZE).into();
 
         Ok(Self {

crates/ironrdp-pdu/src/rdp/server_license/server_license_request/cert.rs

@@ -69,6 +69,7 @@ impl PduEncode for X509CertificateChain {
 
 impl<'de> PduDecode<'de> for X509CertificateChain {
     fn decode(src: &mut ReadCursor<'de>) -> PduResult<Self> {
+        ensure_size!(in: src, size: 4);
         let certificate_count = cast_length!("certArrayLen", src.read_u32())?;
         if !(MIN_CERTIFICATE_AMOUNT..MAX_CERTIFICATE_AMOUNT).contains(&certificate_count) {
             return Err(invalid_message_err!("certArrayLen", "invalid x509 certificate amount"));
@@ -139,6 +140,8 @@ impl PduEncode for ProprietaryCertificate {
 
 impl<'de> PduDecode<'de> for ProprietaryCertificate {
     fn decode(src: &mut ReadCursor<'de>) -> PduResult<Self> {
+        ensure_size!(in: src, size: PROP_CERT_NO_BLOBS_SIZE);
+
         let signature_algorithm_id = src.read_u32();
         if signature_algorithm_id != SIGNATURE_ALGORITHM_RSA {
             return Err(invalid_message_err!("sigAlgId", "invalid signature algorithm ID"));