mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,147 Commits 6 Branches 74 Tags 84 MiB
14494237ab
Commit Graph

4066 Commits

Author SHA1 Message Date
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
akallabeth
a9daba0190 Check for int overflow in gdi_InvalidateRegion 2020-04-09 18:00:51 +02:00
akallabeth
6c0aeb10d2 Allow icon info with empty bitmap data. 2020-04-09 18:00:51 +02:00
akallabeth
232c7f4783 Abort order read on invalid element count. 2020-04-09 18:00:51 +02:00
akallabeth
acc6023643 Fixed possible NULL access. 2020-04-09 18:00:51 +02:00
akallabeth
a3996af062 Refactored gdi region 
* Added a unit test
* Fixed const correctness of function arguments
* Added return values for all functions
 2020-04-09 18:00:51 +02:00
akallabeth
b677b5db25 Proper error return from gdi_rect_str and gdi_regn_str 2020-04-09 18:00:51 +02:00
akallabeth
97efff4e90 Refactored order stream manipulation 
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
 2020-04-09 18:00:51 +02:00
akallabeth
17f547ae11 Fixed CVE-2020-11521: Out of bounds write in planar codec. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
907640a924 Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
7b1d4b4939 Fix CVE-2020-11524: out of bounds access in interleaved 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
e075f348d2 Added debug logging and claping to all region functions 2020-04-09 18:00:51 +02:00
akallabeth
ce21b9d7ec Fix CVE-2020-11523: clamp invalid rectangles to size 0 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
192856cb59 Fixed #6012: CVE-2020-11526: Out of bounds read in update_recv_orders 
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
0b6b92a25a Fixed CVE-2020-11525: Out of bounds read in bitmap_cache_new 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
e6d10041c1 Fix #6033: freeaddrinfo must not be called with NULL arguments. 2020-04-09 14:26:46 +02:00
Norbert Federa
c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes 
Fix issues with boundary access.
 2020-04-06 13:53:28 +02:00
akallabeth
6f00add067 Export remaining packet length from rdp_read_share_control_header 2020-04-06 13:18:35 +02:00
akallabeth
0ad894adbc Fixed substream read in rdp_recv_tpkt_pdu 2020-04-06 11:58:48 +02:00
akallabeth
0533c05be3 Fixed rdp_recv_tpkt_pdu parsing, use substream. 2020-04-06 11:22:18 +02:00
akallabeth
df55f40ecf Fixed incorrect parser error message. 2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf Better error message for partial parsed capability 2020-04-03 15:10:49 +02:00
akallabeth
cba63b6d43 Added fallback to CMDTYPE_STREAM_SURFACE_BITS 
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
 2020-04-03 12:18:59 +02:00
akallabeth
88ad9ca56b Fix sending/receiving surface bits command. 
* Pass on proper command type to application
* On send let the server implementation decide to send
   2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
   2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
 2020-04-03 12:00:53 +02:00
akallabeth
2a379bfe09 Fixed invalid seek size in patrial pdu parse case 2020-04-02 17:41:49 +02:00
akallabeth
21320d973c Use safe seek for capability parsing 
thanks to @hardening for pointing that one out.
 2020-04-02 17:39:51 +02:00
akallabeth
ddfd0cdccf Use substreams to parse gcc_read_server_data_blocks 2020-04-02 17:39:43 +02:00
akallabeth
6b2bc41935 Fix #6010: Check length in read_icon_info 2020-04-02 17:34:02 +02:00
akallabeth
67c2aa52b2 Fixed #6013: Check new length is > 0 2020-04-02 17:33:54 +02:00
akallabeth
3627aaf7d2 Fixed #6011: Bounds check in rdp_read_font_capability_set 2020-04-02 17:28:17 +02:00
akallabeth
f8890a645c Fixed #6005: Bounds checks in update_read_bitmap_data 2020-04-02 17:28:10 +02:00
akallabeth
ed53cd148f Fixed #6006: bounds checks in update_read_synchronize 2020-04-02 17:28:04 +02:00
akallabeth
f5e73cc7c9 Fixed #6009: Bounds checks in autodetect_recv_bandwidth_measure_results 2020-04-02 17:27:59 +02:00
akallabeth
9301bfe730 Fixed #6007: Boundary checks in rdp_read_flow_control_pdu 2020-04-02 17:27:53 +02:00
akallabeth
58dc36b3c8 Fixed possible NULL dereference 2020-04-02 17:27:10 +02:00
akallabeth
bc33a50c5a Treat NULL and empty string as the same for credentials. 2020-03-24 12:34:35 +01:00
akallabeth
cf2f674283 Initialize KeyboardHook with define instead of magic number 2020-03-18 17:22:08 +01:00
Armin Novak
4216646746 Fixed length checks for compressed rdp data. 2020-03-10 14:05:10 +01:00
Armin Novak
297ad536a2 Cleaned up bulk_compress/decompress, prettified log. 2020-03-10 14:05:10 +01:00
Armin Novak
49b17e4e03 Refactored bulk compression 
* Arguments now opaque
* Removed internal functions from external interface
 2020-03-10 14:05:10 +01:00
Armin Novak
3ba66db99d Unify pReceiveChannelData and psPeerReceiveChannelData 
Fix definitions of the two function pointers.
Use and definition did not match, fix that.
Will create warnings in external projects
 2020-03-10 12:21:14 +01:00
Armin Novak
d5b5088eac Fixed misinterpretation of SendChannelData 
SendChannelData was defined with a return value of type int, but
used as BOOL everywhere. Fix the definition to match use.
 2020-03-10 12:21:14 +01:00
Armin Novak
c7187928e9 Fix tpkt header length checks for encrypted packets 
If securityFlag SEC_ENCRYPT is set, remove the encryption headers from
the TPKT header length on comparison.
 2020-03-10 12:20:50 +01:00
Armin Novak
cc49a212bd Default to positive return for missing callbacks 
When using +async-update, default to positive return if some
client callback is not implemented.
 2020-03-10 08:59:52 +01:00
Armin Novak
5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak
d3b36ab299 Added CertificateAcceptedFingerprints to settings 2020-03-06 11:37:35 +01:00
Armin Novak
07605b0281 Consume all TPKT data reading new/upgrade license 2020-03-05 13:48:58 +01:00