From c03bf75896bc432e7ac0fba39f06ed249c98c39a Mon Sep 17 00:00:00 2001 From: David FORT Date: Tue, 7 Apr 2015 21:06:53 +0200 Subject: [PATCH] Take in account @nfedera's comments --- libfreerdp/core/fastpath.c | 13 ++++++------- libfreerdp/core/license.c | 18 ++++++++++-------- libfreerdp/core/rdp.c | 4 +++- libfreerdp/core/security.c | 6 ++---- libfreerdp/crypto/crypto.c | 2 +- 5 files changed, 22 insertions(+), 21 deletions(-) diff --git a/libfreerdp/core/fastpath.c b/libfreerdp/core/fastpath.c index 4df3c31f2..76bcbb06c 100644 --- a/libfreerdp/core/fastpath.c +++ b/libfreerdp/core/fastpath.c @@ -767,7 +767,6 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu rdpRdp* rdp; UINT16 length; BYTE eventHeader; - BOOL status; /* * A maximum of 15 events are allowed per request @@ -824,21 +823,22 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu if (pad) memset(fpInputEvents + fpInputEvents_length, 0, pad); - security_fips_encrypt(fpInputEvents, fpInputEvents_length + pad, rdp); + if (!security_fips_encrypt(fpInputEvents, fpInputEvents_length + pad, rdp)) + return FALSE; length += pad; } else { + BOOL status; + if (rdp->sec_flags & SEC_SECURE_CHECKSUM) status = security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, TRUE, Stream_Pointer(s)); else status = security_mac_signature(rdp, fpInputEvents, fpInputEvents_length, Stream_Pointer(s)); - if (!status) + if (!status || !security_encrypt(fpInputEvents, fpInputEvents_length, rdp)) return FALSE; - - security_encrypt(fpInputEvents, fpInputEvents_length, rdp); } } @@ -1037,9 +1037,8 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s else status = security_mac_signature(rdp, data, dataSize, pSignature); - if (!status) + if (!status || !security_encrypt(data, dataSize, rdp)) return FALSE; - security_encrypt(data, dataSize, rdp); } } diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c index 18a4cba8f..e1fe0cc05 100644 --- a/libfreerdp/core/license.c +++ b/libfreerdp/core/license.c @@ -460,7 +460,7 @@ BOOL license_decrypt_platform_challenge(rdpLicense* license) { CryptoRc4 rc4; - license->PlatformChallenge->data = (BYTE*) malloc(license->EncryptedPlatformChallenge->length); + license->PlatformChallenge->data = (BYTE *)malloc(license->EncryptedPlatformChallenge->length); if (!license->PlatformChallenge->data) return FALSE; license->PlatformChallenge->length = license->EncryptedPlatformChallenge->length; @@ -469,6 +469,8 @@ BOOL license_decrypt_platform_challenge(rdpLicense* license) if (!rc4) { WLog_ERR(TAG, "unable to allocate a rc4"); + free(license->PlatformChallenge->data); + license->PlatformChallenge->data = NULL; return FALSE; } @@ -796,7 +798,6 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) { BYTE MacData[16]; UINT32 ConnectFlags = 0; - BOOL ret; DEBUG_LICENSE("Receiving Platform Challenge Packet"); @@ -813,7 +814,8 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) return FALSE; Stream_Read(s, MacData, 16); /* MACData (16 bytes) */ - ret = license_decrypt_platform_challenge(license); + if (!license_decrypt_platform_challenge(license)) + return FALSE; #ifdef WITH_DEBUG_LICENSE WLog_DBG(TAG, "ConnectFlags: 0x%08X", ConnectFlags); WLog_DBG(TAG, "EncryptedPlatformChallenge:"); @@ -823,7 +825,7 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) WLog_DBG(TAG, "MacData:"); winpr_HexDump(TAG, WLOG_DEBUG, MacData, 16); #endif - return ret; + return TRUE; } /** @@ -1033,10 +1035,6 @@ BOOL license_send_platform_challenge_response_packet(rdpLicense* license) if (!status) return FALSE; - buffer = (BYTE*) malloc(HWID_LENGTH); - if (!buffer) - return FALSE; - rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH); if (!rc4) { @@ -1044,6 +1042,10 @@ BOOL license_send_platform_challenge_response_packet(rdpLicense* license) return FALSE; } + buffer = (BYTE*) malloc(HWID_LENGTH); + if (!buffer) + return FALSE; + crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer); crypto_rc4_free(rc4); license->EncryptedHardwareId->type = BB_DATA_BLOB; diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c index d1ec0ed16..6f643487b 100644 --- a/libfreerdp/core/rdp.c +++ b/libfreerdp/core/rdp.c @@ -479,7 +479,9 @@ static BOOL rdp_security_stream_out(rdpRdp* rdp, wStream* s, int length, UINT32 return FALSE; Stream_Seek(s, 8); - security_encrypt(Stream_Pointer(s), length, rdp); + + if (!security_encrypt(Stream_Pointer(s), length, rdp)) + return FALSE; } } diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c index b208cd601..44c7190f9 100644 --- a/libfreerdp/core/security.c +++ b/libfreerdp/core/security.c @@ -169,8 +169,7 @@ BOOL security_master_secret(const BYTE* premaster_secret, const BYTE* client_ran const BYTE* server_random, BYTE* output) { /* MasterSecret = PremasterHash('A') + PremasterHash('BB') + PremasterHash('CCC') */ - return - security_premaster_hash("A", 1, premaster_secret, client_random, server_random, &output[0]) && + return security_premaster_hash("A", 1, premaster_secret, client_random, server_random, &output[0]) && security_premaster_hash("BB", 2, premaster_secret, client_random, server_random, &output[16]) && security_premaster_hash("CCC", 3, premaster_secret, client_random, server_random, &output[32]); } @@ -186,8 +185,7 @@ BOOL security_session_key_blob(const BYTE* master_secret, const BYTE* client_ran const BYTE* server_random, BYTE* output) { /* MasterHash = MasterHash('A') + MasterHash('BB') + MasterHash('CCC') */ - return - security_master_hash("A", 1, master_secret, client_random, server_random, &output[0]) && + return security_master_hash("A", 1, master_secret, client_random, server_random, &output[0]) && security_master_hash("BB", 2, master_secret, client_random, server_random, &output[16]) && security_master_hash("CCC", 3, master_secret, client_random, server_random, &output[32]); } diff --git a/libfreerdp/crypto/crypto.c b/libfreerdp/crypto/crypto.c index 7b2d2ed4d..8ebb39a57 100644 --- a/libfreerdp/crypto/crypto.c +++ b/libfreerdp/crypto/crypto.c @@ -162,8 +162,8 @@ BOOL crypto_hmac_md5_init(CryptoHmac hmac, const BYTE* data, UINT32 length) return HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_md5(), NULL) == 1; #else HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_md5(), NULL); -#endif return TRUE; +#endif } void crypto_hmac_update(CryptoHmac hmac, const BYTE* data, UINT32 length)