[core] initialize stack variables, improve logging

2023-01-19 14:31:45 +01:00 · 2023-01-19 14:31:45 +01:00 · 033ffff428
commit 033ffff428
parent f2b934866a
3 changed files with 24 additions and 29 deletions
--- a/libfreerdp/core/gcc.c
+++ b/libfreerdp/core/gcc.c
@ -740,12 +740,7 @@ BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length)

 			case SC_SECURITY:
 				if (!gcc_read_server_security_data(sub, mcs))
-				{
-					WLog_ERR(TAG,
-					         "gcc_read_server_data_blocks: gcc_read_server_security_data failed");
 					return FALSE;
-				}
-
 				break;

 			case SC_NET:
@ -1457,7 +1452,7 @@ BOOL gcc_read_client_security_data(wStream* s, rdpMcs* mcs, UINT16 blockLength)
 	{
 		Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethods */

-		if (settings->EncryptionMethods == 0)
+		if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
 			Stream_Read_UINT32(s, settings->EncryptionMethods); /* extEncryptionMethods */
 		else
 			Stream_Seek(s, 4);
@ -1505,10 +1500,11 @@ BOOL gcc_write_client_security_data(wStream* s, const rdpMcs* mcs)

 BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 {
-	const BYTE* data;
-	UINT32 length;
+	const BYTE* data = NULL;
+	UINT32 length = 0;
 	BOOL validCryptoConfig = FALSE;
-	UINT32 serverEncryptionMethod;
+	UINT32 EncryptionMethod = 0;
+	UINT32 EncryptionLevel = 0;
 	rdpSettings* settings = mcs_get_settings(mcs);

 	WINPR_ASSERT(s);
@ -1517,11 +1513,11 @@ BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 	if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
 		return FALSE;

-	Stream_Read_UINT32(s, serverEncryptionMethod);    /* encryptionMethod */
-	Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
+	Stream_Read_UINT32(s, EncryptionMethod); /* encryptionMethod */
+	Stream_Read_UINT32(s, EncryptionLevel);  /* encryptionLevel */

 	/* Only accept valid/known encryption methods */
-	switch (serverEncryptionMethod)
+	switch (EncryptionMethod)
 	{
 		case ENCRYPTION_METHOD_NONE:
 			WLog_DBG(TAG, "Server rdp encryption method: NONE");
@ -1544,20 +1540,19 @@ BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
 			break;

 		default:
-			WLog_ERR(TAG, "Received unknown encryption method %08" PRIX32 "",
-			         serverEncryptionMethod);
+			WLog_ERR(TAG, "Received unknown encryption method %08" PRIX32 "", EncryptionMethod);
 			return FALSE;
 	}

-	if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & serverEncryptionMethod))
+	if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & EncryptionMethod))
 	{
 		WLog_WARN(TAG, "Server uses non-advertised encryption method 0x%08" PRIX32 "",
-		          serverEncryptionMethod);
+		          EncryptionMethod);
 		/* FIXME: Should we return FALSE; in this case ?? */
 	}

-	settings->EncryptionMethods = serverEncryptionMethod;
-
+	settings->EncryptionMethods = EncryptionMethod;
+	settings->EncryptionLevel = EncryptionLevel;
 	/* Verify encryption level/method combinations according to MS-RDPBCGR Section 5.3.2 */
 	switch (settings->EncryptionLevel)
 	{
--- a/libfreerdp/core/rdp.c
+++ b/libfreerdp/core/rdp.c
@ -1298,10 +1298,10 @@ BOOL rdp_read_flow_control_pdu(wStream* s, UINT16* type, UINT16* channel_id)

 BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
 {
-	BYTE cmac[8];
-	BYTE wmac[8];
-	BOOL status;
-	INT32 length;
+	BYTE cmac[8] = { 0 };
+	BYTE wmac[8] = { 0 };
+	BOOL status = FALSE;
+	INT32 length = 0;

 	WINPR_ASSERT(rdp);
 	WINPR_ASSERT(rdp->settings);
--- a/libfreerdp/core/security.c
+++ b/libfreerdp/core/security.c
@ -327,9 +327,9 @@ BOOL security_mac_signature(rdpRdp* rdp, const BYTE* data, UINT32 length, BYTE*
 {
 	WINPR_DIGEST_CTX* sha1 = NULL;
 	WINPR_DIGEST_CTX* md5 = NULL;
-	BYTE length_le[4];
-	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH];
-	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH];
+	BYTE length_le[4] = { 0 };
+	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
+	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH] = { 0 };
 	BOOL result = FALSE;

 	WINPR_ASSERT(rdp);
@ -394,10 +394,10 @@ BOOL security_salted_mac_signature(rdpRdp* rdp, const BYTE* data, UINT32 length,
 {
 	WINPR_DIGEST_CTX* sha1 = NULL;
 	WINPR_DIGEST_CTX* md5 = NULL;
-	BYTE length_le[4];
-	BYTE use_count_le[4];
-	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH];
-	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH];
+	BYTE length_le[4] = { 0 };
+	BYTE use_count_le[4] = { 0 };
+	BYTE md5_digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
+	BYTE sha1_digest[WINPR_SHA1_DIGEST_LENGTH] = { 0 };
 	BOOL result = FALSE;

 	WINPR_ASSERT(rdp);