Changed the xf_tsmf.c code to test for zero visible rectangles for all platforms. Modified arc4random() change to actually have a skeletal implementation in winpr for BCryptGenRandom() on all platforms.

client/X11/xf_tsmf.c

@@ -108,11 +108,7 @@ int xf_tsmf_xv_video_frame_event(TsmfClientContext* tsmf, TSMF_VIDEO_FRAME_EVENT
 		return -1001;
 
 	/* In case the player is minimized */
-#ifdef __OpenBSD__
-	if (event->x < -2048 || event->y < -2048)
-#else
-	if (event->x < -2048 || event->y < -2048 || event->numVisibleRects < 0)
-#endif
+	if (event->x < -2048 || event->y < -2048 || event->numVisibleRects == 0)
 	{
 		return -1002;
 	}

libfreerdp/core/autodetect.c

@@ -17,6 +17,8 @@
  * limitations under the License.
  */
 
+#include <winpr/bcrypt.h>
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -140,8 +142,8 @@ BOOL autodetect_send_connecttime_bandwidth_measure_start(rdpContext* context, UI
 
 BOOL autodetect_send_bandwidth_measure_payload(rdpContext* context, UINT16 payloadLength, UINT16 sequenceNumber)
 {
-	UINT16 i;
 	wStream* s;
+	UCHAR *buffer = NULL;
 
 	s = rdp_message_channel_pdu_init(context->rdp);
 
@@ -163,23 +165,19 @@ BOOL autodetect_send_bandwidth_measure_payload(rdpContext* context, UINT16 paylo
 	Stream_Write_UINT16(s, sequenceNumber); /* sequenceNumber (2 bytes) */
 	Stream_Write_UINT16(s, RDP_BW_PAYLOAD_REQUEST_TYPE); /* requestType (2 bytes) */
 	Stream_Write_UINT16(s, payloadLength); /* payloadLength (2 bytes) */
+
 	/* Random data (better measurement in case the line is compressed) */
-	for (i = 0; i < payloadLength / 4; i++)
-	{
-#ifdef __OpenBSD__
-		Stream_Write_UINT32(s, arc4random());
-#else
-		Stream_Write_UINT32(s, rand());
-#endif
-	}
+	buffer = (UCHAR *)malloc(payloadLength);
+	BCryptGenRandom(NULL, buffer, payloadLength, 0L);
+	Stream_Write(s, buffer, payloadLength);
 
 	return rdp_send_message_channel_pdu(context->rdp, s, SEC_AUTODETECT_REQ);
 }
 
 static BOOL autodetect_send_bandwidth_measure_stop(rdpContext* context, UINT16 payloadLength, UINT16 sequenceNumber, UINT16 requestType)
 {
-	UINT16 i;
 	wStream* s;
+	UCHAR *buffer = NULL;
 
 	s = rdp_message_channel_pdu_init(context->rdp);
 
@@ -205,15 +203,11 @@ static BOOL autodetect_send_bandwidth_measure_stop(rdpContext* context, UINT16 p
 				Stream_Release(s);
 				return FALSE;
 			}
+
 			/* Random data (better measurement in case the line is compressed) */
-			for (i = 0; i < payloadLength / 4; i++)
-			{
-#ifdef __OpenBSD__
-				Stream_Write_UINT32(s, arc4random());
-#else
-				Stream_Write_UINT32(s, rand());
-#endif
-			}
+			buffer = malloc(payloadLength);
+			BCryptGenRandom(NULL, buffer, payloadLength, 0L);
+			Stream_Write(s, buffer, payloadLength);
 		}
 	}
 

winpr/libwinpr/bcrypt/bcrypt.c

@@ -68,6 +68,36 @@ NTSTATUS BCryptFinishHash(BCRYPT_HASH_HANDLE hHash, PUCHAR pbOutput, ULONG cbOut
 
 NTSTATUS BCryptGenRandom(BCRYPT_ALG_HANDLE hAlgorithm, PUCHAR pbBuffer, ULONG cbBuffer, ULONG dwFlags)
 {
+	/* Since rand() and arc4random() generate 32-bit values, we will take one byte */
+	/* from each value returned to fill the buffer 8-bits at a time.  We cannot    */
+	/* guarantee that we will get long-aligned buffer sizes passed into us.        */
+	ULONG i=0;
+	ULONG random_long = 0L;
+	UCHAR random_byte = 0x00;
+
+	/* Test for zero length buffer.  This is an error condition as we cannot null- */
+	/* terminate the buffer in that case.                                          */
+	if (cbBuffer == 0)
+	{
+		return -1;
+	}
+
+	/* Loop through the buffer for the number of bytes specified, filling it up. */
+	for (i=0 ; i< cbBuffer ; i++)
+	{
+#ifdef __OpenBSD__
+		random_long = arc4random();
+#else
+		random_long = rand();
+#endif
+		/* Grab just one byte from the 32-bit value. */
+		random_byte = ((UCHAR *)(&random_long))[0];
+
+		/* Copy it to the buffer, advancing the buffer. */
+		*pbBuffer = random_byte;
+		pbBuffer++;
+	}
+
 	return 0;
 }