Commit Graph

378 Commits

Author SHA1 Message Date
Armin Novak
2f81d99327 Added missing argument checks. 2015-06-23 12:17:37 +02:00
Bernhard Miklautz
09445c2b0e nla and cmdline: integrated feedback
* fix possible problems with 0 size lengths
* add return value checks
2015-06-23 10:14:11 +02:00
Bernhard Miklautz
af81a91ea7 windows: fix compilation and warnings 2015-06-22 19:31:25 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
1b8dd139a9 cmd line: add missing checks
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Armin Novak
c3e368bd4b Fixed typo and invalid domain name. 2015-06-18 16:07:09 +02:00
Armin Novak
90cc7eb3c8 UPN syntax fix: domain must be empty, not NULL. 2015-06-18 13:01:23 +02:00
Armin Novak
427d85f5f0 Added user setting if no domain provided. 2015-06-18 12:01:17 +02:00
Armin Novak
d5c3f210e9 Fixed variable parsed. 2015-06-18 11:49:16 +02:00
Armin Novak
64529b6d60 Using last @ for domain split.
Command line parser splits username after
parsing all options.
2015-06-18 11:35:22 +02:00
Armin Novak
3e26940547 Allowing UPN syntax for user. 2015-06-15 09:47:16 +02:00
Marc-André Moreau
29d14773c8 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	client/Windows/wf_client.c
	libfreerdp/common/assistance.c
2015-05-20 10:12:24 -04:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Marc-André Moreau
6b1fefea40 freerdp: fix remote assistance mode, add multi-address connection 2015-05-06 16:32:45 -04:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Bryan Everly
8c75127a67 Necessary changes to get latest branch working on OpenBSD 5.6 2015-04-21 14:42:06 -04:00
Bernhard Miklautz
0615c13dbb Fix regression introduced in 0b7f9d4
This fixes problems with command line parsing.
2015-04-02 22:53:45 +02:00
Armin Novak
878aecfa48 Fixed conversion warnings. 2015-03-31 15:18:45 +02:00
Bernhard Miklautz
3c7662517c hardening
Start to add missing checks for:
* *alloc
* *_New
2015-03-25 17:38:21 +01:00
Armin Novak
47f38b3059 Fixed uninitialized test argument buffer. 2015-03-23 14:14:38 +01:00
Marc-André Moreau
6202f48c12 libfreerdp-core: add configurable TSG/RGB fallback, fix edge cases 2015-03-19 11:44:47 -04:00
Marc-André Moreau
2094501d8b freerdp: fix failing tests 2015-03-16 09:26:38 -04:00
Armin Novak
b39940e0a5 Added ignore unkown keyword flag to detection. 2015-03-16 10:25:31 +01:00
Armin Novak
c380fb3520 Added flag to ignore unknown keywords
freerdp_client_settings_parse_command_line now allows ignoring
unknown keywords.
2015-03-16 10:15:37 +01:00
ivan-83
9e7e4ce7ff Merge branch 'master' of github.com:ivan-83/FreeRDP 2015-03-13 01:39:41 +03:00
ivan-83
7b3a552988 + audin OSS support (un tested now)
+ add: COMMAND_LINE_IGN_UNKNOWN_KEYWORD flag for CommandLineParseArgumentsA to ignory unknown keys without fail
+ add: lot of WLog_DBG() in drdynvc, add function names in existing
* change: error text in rdpsnd OSS
* fix: dev in rdpsnd does not work
* fix/change: audio-dev renamed to dev and now work in audin
* fix dynamic channels now work again
2015-03-13 01:28:44 +03:00
Marc-André Moreau
5ab34dfa3e Merge pull request #2456 from zhangzl2013/fix-realloc
Fix incorrect usage of realloc
2015-03-12 07:33:27 -04:00
Zhang Zhaolong
19f2354ee4 fix build error.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 15:04:38 +08:00
Zhang Zhaolong
0b7f9d4931 cmdline: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 12:26:04 +08:00
Zhang Zhaolong
d1c508768e common/file: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 11:32:51 +08:00
Bernhard Miklautz
e9985c2093 settings: handle collection_add in detection case
Command line detection is run with dummy settings where not everything
is allocated. Collections (device, dynamic channel and static
channel) didn't handle this case properly.
2015-03-10 13:10:39 +01:00
bjcollins
ad3cb384d4 Fix the command line argument array setup for decorations argument. The initial value was set for the wrong field in the structure. The decorations is correctly initialized to on
anyways, but this is the correct formatting for the array element.
2015-02-13 14:57:52 -06:00
Marc-André Moreau
9b9fbd2ab1 xfreerdp: fix fullscreen mode 2015-02-10 15:15:30 -05:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Marc-André Moreau
977cd21919 libfreerdp-core: don't enable GatewayBypassLocal by default 2015-01-28 15:16:31 -05:00
Norbert Federa
bd345ed416 build/win32: fix static build
version.rc must only be included in client executable
2015-01-20 16:23:05 +01:00
Armin Novak
b621c542c4 Resetting DynamicChannelCount on addin load now. 2015-01-20 11:26:53 +01:00
Bernhard Miklautz
1b18e97d7e TestClientCmdLine: fix formating 2015-01-16 00:54:45 +01:00
Bernhard Miklautz
c70293aa60 Fix clang compiler warnings 2015-01-16 00:41:57 +01:00
Bernhard Miklautz
ddd96d0968 Add test for client command line
TestClientCmdLine tests if the client command line parsing
works for new and legacy command line syntax.
2015-01-16 00:25:13 +01:00
Armin Novak
9863ccfe66 Fixed memory leak. 2015-01-15 17:19:39 +01:00
Armin Novak
dfb6176df6 Fixed multiple parsing errors for compatibility command line. 2015-01-15 17:14:29 +01:00
Armin Novak
f86ed3ffef Fixed windows command line
freerdp_detect_windows_style_command_line_syntax returns negative values
in error but also in help and version case... oh boy
2015-01-15 16:01:57 +01:00
Armin Novak
241848038c Fixed missing NULL pointer check. 2015-01-15 14:08:33 +01:00
Armin Novak
20f7e4d301 Fixed clang warnings.
Fixed check for compatibility command line.
2015-01-15 13:57:28 +01:00
Armin Novak
1d4403cbbe Fixed command line pre filter, now returning 2 to skip argument. 2015-01-15 13:56:54 +01:00
Marc-André Moreau
74bef0edca Merge pull request #2275 from awakecoding/master
TS Gateway Fixes
2014-12-12 09:33:52 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00