mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,830 Commits 6 Branches 74 Tags 84 MiB
0c83efa753
Commit Graph

186 Commits

Author SHA1 Message Date
Hardening
462a26c8c3 Don't leak cert in case of failure 2014-06-03 15:19:00 +02:00
Hardening
a607b4553d Fix certificate leak 
There were a leak when doing TLS in server mode
 2014-06-03 14:59:58 +02:00
Hardening
4f1b77408a Fix NLA authentication for server-side 
This patch make copies of the server public key so that the NLA
authentication can be performed server-side.
 2014-06-03 11:04:35 +02:00
Marc-André Moreau
04968b18c4 libfreerdp-core: replace all OpenSSL built-in BIOs by new full duplex BIOs 2014-06-01 21:37:20 -04:00
Marc-André Moreau
b1416af362 libfreerdp-core: add locks to disable full duplex BIOs (currently unsafe) 2014-05-30 14:53:10 -04:00
Marc-André Moreau
d2ad5f698b libfreerdp-core: fix VerifyX509Certificate to make distinction between gateway and direct connection 2014-05-30 14:36:18 -04:00
Benoît LeBlanc
f57c694a3b tls_prepare: suppressed a warning on Mac 2014-05-28 21:33:30 -04:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking 
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
 2014-05-21 17:42:31 +02:00
Hardening
729c24cedb Adds some support for valgrind helpers 
This patch adds an option to compile freerdp in a valgrind compliant way.
The purpose is to ease memchecking when connecting with TLS. We mark bytes
retrieved from SSL_read() as plainly defined to prevent the undefined contamination.
With the patch and the option activated you get a single warning at connection
during the handshake, and nothing after.
 2014-05-12 18:01:29 +02:00
Vic Lee
02595df976 tls: WSAGetLastError should be used on Windows to check system socket error. 2014-04-29 23:05:30 +08:00
Vic Lee
c8848fe4c8 tls: do not kill the connection for non-fatal openssl error codes. 2014-04-29 21:48:11 +08:00
Benoit LeBlanc
6f99f252d9 Fix windows compilation 2014-04-04 10:08:44 -04:00
Marc-André Moreau
feea87b42f libfreerdp-crypto: make distinction between TLS connection error and user cancellation 2014-04-01 16:23:27 -04:00
Marc-André Moreau
14b75d1b27 libfreerdp-core: fix build warnings and windows broken build 2014-03-25 15:19:52 -04:00
Benoît LeBlanc
3e1dfc6311 updated context error messages. utility macros for getting error code CLASS/TYPE 2014-03-21 13:45:43 -04:00
Benoît LeBlanc
d1b9565f51 Added context-specific error management. 
Added error codes to replace connectErrorCode.
 2014-03-20 18:19:54 -04:00
Benoît LeBlanc
557c082458 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 2014-03-05 16:35:22 -05:00
Marc-André Moreau
951368a1ce Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-02-27 13:58:29 -05:00
Christian Hofstaedtler
5a74bd7bdb Fix assertion abort when no CN is present in certificate 
Triggered by Windows Server 2012 Admin-Mode with MS-recommended AD CA
Certificate setup, which would cause the CN to be absent, and a single
subjectAltName to be present.
 2014-02-14 15:25:48 +01:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Benoît LeBlanc
44e7d2f36c error handling in rpc and transport functions 2013-12-20 17:56:59 -05:00
Marc-André Moreau
51ad85e0ee libfreerdp-core: send Access Denied TLS alert when server-side NLA fails 2013-12-18 19:44:18 -05:00
Marc-André Moreau
9d745cc038 Merge branch 'master' of github.com:mrthebunny/FreeRDP 2013-12-11 12:22:33 -05:00
Marc-André Moreau
62199fc46a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-12-10 11:54:03 -05:00
Benoît LeBlanc
8c1f836ac8 - SSL verification callback: send correct hostname and port 
- Gateway Authentication callback.
- Handling “use same credentials”
 2013-12-06 22:15:45 -05:00
Bernhard Miklautz
6763e059c3 tls: handle the case if endpoint has disconnected 2013-12-04 15:36:25 +01:00
Benoît LeBlanc
6a60f79e07 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 
# By Bernhard Miklautz (10) and others
# Via Marc-André Moreau (10) and Martin Fleisz (1)
* 'master' of git://github.com/awakecoding/FreeRDP: (32 commits)
  libfreerdp-crypto: add robustness checks for VerifyX509Certificate
  mfreerdp: fix possible crash on gdi termination
  channels/cliprdr: add callback for data request response
  channels/cliprdr: fix conflict with CLIPRDR_HEADER
  fix a gdi leak bug.
  channels/cliprdr: implement more of the callback interface
  channels/cliprdr: start implementing clean callback interface
  channels/rdpsnd: initial attempt at adding GSM610 support
  winpr-thread: fixed bugs in _CreateProcessExA
  ffmpeg-2 -- CodecID
  ffmpeg-2 -- dsp_mask
  ffmpeg-2 -- AVCODEC_MAX_AUDIO_FRAME_SIZE
  check return value.
  reformat coding styles.
  fix name length to copy.
  fix memory realloc size error.
  libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error
  channels/rdpsnd: add wlog debug output
  android toolchain: support for ndk r9b
  android toolchain: fixed cmake syntax warning
  ...
 2013-11-25 14:40:01 -05:00
Benoît LeBlanc
56c517170f Added hostname and port to callback function for SSL certification verification. 2013-11-25 14:30:43 -05:00
Marc-André Moreau
4987f2b0e1 libfreerdp-crypto: add robustness checks for VerifyX509Certificate 2013-11-25 12:08:58 -05:00
Marc-André Moreau
690a6b624d libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error 2013-11-20 15:21:29 -05:00
Marc-André Moreau
b0369cf284 libfreerdp-core: add external certificate management, pass X509 PEM certificate through client callback 2013-11-18 13:54:33 -05:00
Armin Novak
6f43252c9a Fixed argument check in <tls_disconnect> 2013-11-14 10:09:40 +01:00
Marc-André Moreau
1fc2d780f7 libfreerdp-core: fix memory leaks reported by valgrind 2013-10-31 23:35:24 -04:00
Marc-André Moreau
8c4b1361d1 libfreerdp-core: merge with TSG TLS update 2013-10-28 20:20:18 -04:00
Dan Bungert
66ecabb647 Final cleanups - merge ready. 2013-10-28 16:59:02 -06:00
Dan Bungert
f02daaa2d5 More cleanups - remove LWD and all references. 2013-10-28 15:46:28 -06:00
Dan Bungert
cefcac3414 more debug 2013-10-25 15:29:46 -06:00
Dan Bungert
f13c8a0be7 Logging 2013-10-25 10:43:21 -06:00
Marc-André Moreau
b5dd670e73 libfreerdp-core: extend OpenSSL TSG BIO 2013-10-24 12:56:43 -06:00
Marc-André Moreau
bd6760bd13 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-24 12:56:43 -06:00
Benoît LeBlanc
5bfca61261 setting pointers to NULL after freeing memory to avoid crashes. 
gitignore: only top-level "external" folder is ignored.
 2013-10-22 17:05:41 -04:00
Benoît LeBlanc
801c1fe1d6 - Fixed crash in tls_read (unchecked null pointer) 
- also check for empty string on username and password to launch authentication callback
 2013-10-18 16:23:29 -04:00
Marc-André Moreau
3fe3cdf876 libfreerdp-core: extend OpenSSL TSG BIO 2013-10-11 15:27:22 -04:00
Marc-André Moreau
08eadc2ee3 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-11 06:12:50 -04:00
Marc-André Moreau
c058095251 libfreerdp-core: cleanup TS Gateway code 2013-10-11 05:07:33 -04:00
Armin Novak
ddab90ece4 Fixed alt_names free, now using cleanup function to wrap details. 2013-09-05 12:14:35 +02:00
Armin Novak
e5c138a5b9 Fixed various memory leaks, allocation size issues and API misuse 
warnings shown by clang as well as some compiler warnings.
 2013-09-05 12:14:34 +02:00
Armin Novak
1e2455fa4a Fixed various memory leaks and compiler warnings. 2013-09-05 12:14:33 +02:00
Armin Novak
e9be3e9500 Fixed coverity issue 1047607 2013-09-05 12:14:32 +02:00
Armin Novak
c7abfb8fa1 Fixed coverity issue 1047608 2013-09-05 12:14:32 +02:00
Marc-André Moreau
5f4f3af98a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-07-04 20:33:00 -04:00
Marc-André Moreau
bc631c93a8 freerdp: separate GatewayUsageMethod from GatewayEnabled 2013-07-03 15:07:12 -04:00
Bernhard Miklautz
87e9a24b1e tls: updated certificate mismatch message 
Added information to the message if the name found is an CN or an
alternative name. Also print a message if no CN was not found instead
of (null).
 2013-07-01 19:21:57 +02:00
Chris
44f6f16953 Fixed a possible buffer overflow issue 2013-06-17 21:49:29 +02:00
Chris
cd548da226 Using the more efficient code for comparing host names 2013-06-17 21:26:35 +02:00
Chris
13466349bc 1) Add support for Wildcard Certificates 
2) For Gateway connections compare against gateway host name instead of target host
 2013-06-17 21:19:01 +02:00
Marc-André Moreau
2bd6808432 freerdp: merge with master 2013-06-05 10:31:01 -04:00
Marc-André Moreau
2a08093e60 libfreerdp-crypto: fix openssl null pointer dereferencing in tls_accept 2013-05-30 19:44:58 -04:00
Bernhard Miklautz
9e59fc905d client: print detected path to known_host file 
Use detected path instead of hard coded for error messages
 2013-05-21 15:48:27 +02:00
Marc-André Moreau
3c2687b7d6 libfreerdp-crypto: handle EAGAIN with TLS 2013-05-15 20:19:26 -04:00
Marc-André Moreau
fae24b1ef9 xfreerdp-server: auto-generate self-signed certificate 2013-04-23 18:17:01 -04:00
Hardening
7701c9d934 Replace printf(...) by fprintf(stderr, ...) 2013-03-28 23:06:34 +01:00
Marc-André Moreau
8c8a82c31f libfreerdp-utils: purge old STREAM utils 2013-03-21 16:45:25 -04:00
Marc-André Moreau
edc2b1de9e xfreerdp-server: fix encoding 2013-02-17 11:03:35 -05:00
Marc-André Moreau
4269ac5c14 xfreerdp: improve asynchronicity 2013-02-09 17:13:53 -05:00
Marc-André Moreau
e1d0fad519 libfreerdp-core: fix memory leaks 2013-01-25 17:52:37 -05:00
Marc-André Moreau
0fbf846671 libwinpr-sspi: NTLM extended protection cleanup 2013-01-10 11:19:57 -05:00
Marc-André Moreau
1d893ed268 libwinpr-sspi: add support for NTLMv2 Channel Binding Token (CBT) 2013-01-09 00:20:08 -05:00
Vic Lee
ed5ad30d4f libfreerdp-core/transport: select sockfd instead of sleep when blocking. 2012-12-21 16:24:26 +08:00
Marc-André Moreau
387a152299 libfreerdp-core: TSG reassembly refactoring 2012-12-12 15:55:42 -05:00
Marc-André Moreau
12f0afd1e0 libfreerdp-core: fix TSG socket blocking mode 2012-11-27 18:34:00 -05:00
Marc-André Moreau
f6748dba3f wfreerdp: update client 2012-11-22 09:06:45 -05:00
Marc-André Moreau
8a32de3801 libfreerdp: purged source tree from deprecated memory utils 2012-11-21 21:22:06 -05:00
Marc-André Moreau
b2c3ca8cc4 libfreerdp-utils: replace all calls to deprecated function xzalloc 2012-11-21 19:22:41 -05:00
Marc-André Moreau
83473d11d1 channels: patch memory leaks, load addins from list 2012-11-19 13:26:56 -05:00
Marc-André Moreau
8544716104 libfreerdp-core: rdpSettings refactoring (part 3) 2012-11-07 18:23:33 -05:00
Marc-André Moreau
6427c9dd90 libfreerdp-core: rdpSettings refactoring (part 2) 2012-11-07 15:13:14 -05:00
Marc-André Moreau
187147d399 libfreerdp-core: cleanup of TSG definitions 2012-10-29 15:02:35 -04:00
Marc-André Moreau
1bf8a45519 freerdp: change uint8, sint8, uint16, sint16 to BYTE, INT8, UINT16, INT16 2012-10-09 03:01:37 -04:00
Marc-André Moreau
1ed644786c freerdp: change boolean type to BOOL type 2012-10-09 02:38:39 -04:00
Marc-André Moreau
5612bc43f8 freerdp: change true/false to TRUE/FALSE 2012-10-09 02:31:28 -04:00
Marc-André Moreau
9909a12af5 libfreerdp-utils: get rid of xmalloc, xrealloc and xfree 2012-10-08 23:21:26 -04:00
Marc-André Moreau
6dcc8e73ee libfreerdp-utils: get rid of rdpBlob 2012-09-24 04:40:32 -04:00
Marc-André Moreau
258f2c958a cmake: add warnings for MSVC static runtime option 2012-09-22 17:10:08 -04:00
Marc-André Moreau
d5d1eb7762 libfreerdp: add proper config.h inclusions 2012-08-14 17:09:01 -04:00
Marc-André Moreau
19028a27b0 libfreerdp: move all libraries to libfreerdp directory, one step closer to monolithic build option 2012-08-13 23:19:51 -04:00