When resizing the buffers of the buffer pool fails, or resize-surface
operation of the damage detector fails, then
grd_session_rdp_notify_error() implicitly disallows any encoding
operation, because it unsets the RDP_PEER_ACTIVATED flag.
In order to be able to move any encoding operation out of session-rdp.c,
this behaviour needs to be changed.

To handle this situation outside of session-rdp.c, simply set the
dequeuing_disallowed flag in the PW stream class. This implicitly avoids
any calls to encoding operations. The reason for this is, because a PW
buffer needs to be dequeued at some point in the future, after the
format-change event happened, but this flag prevents that.


(cherry picked from commit f8999be3)

In RDP, every Client X.224 Connection Request PDU MUST contain an X.224
Class 0 Connection Request transport protocol data unit (TPDU).
This is also usually the case, but a malicious client could also simply
omit it, in which case gnome-remote-desktop currently crashes, because
Stream_New() requires a valid passed length value (> 0) and thus hits an
assertion.
Without the assertion, gnome-remote-desktop would do an out-of-bounds
buffer read.

To fix these issues, simply check the x224Crq TPDU length before trying
to allocate memory for the peek operation.

https://errors.ubuntu.com/problem/8d010a6d70c7f77f763c787bcb99372c942fc1c8