Commit Graph

5760 Commits

Author SHA1 Message Date
akallabeth
3b108f1839 [core,proxy] ignore empty variable
fixes #9928: ignore a defined but empty proxy environment variable
2024-03-04 14:28:38 +01:00
David Fort
aebe9742e0 [client,win32] Child session fixes
It seems like WaitFor[Single|Multiple]Object calls aren't reliable on pipes, especially
on the pipe opened for childSession access. The object can be marked as signaled even if
no data is available, making the connection laggy and unresponsive (nearly unusable in some
cases).
This patch works around that by using ReadFileEx() with overlapped instead of simple
ReadFile() and use asynchronous reads.
2024-03-01 09:46:53 +01:00
akallabeth
9a7d30d174 [clang,tidy] fix a few warnings 2024-02-27 14:15:43 +01:00
amazingfate
e21afefb86 fix build with openssl < 1.1.1 2024-02-23 12:45:36 +01:00
akallabeth
4b2d877bf3 [core,transport] document and fix transport_attach
* [transport_default_attach] Only attach provided socket once the
  function can no longer fail
* [transport_attach] document behaviour
2024-02-23 11:02:06 +01:00
Rubycat
3c2c6cc1d5 don't close freerdp_peer underlying socket twice
freerdp_peer->Disconnect calls BIO_free which then calls close on the
underlying file descriptor.

Then when freerdp_peer_free is called, the file descriptor is closed
again.

This is problematic if the file descriptor is recycled in between:

thread 1: freerdp_peer_new(42);
thread 1: freerdp_peer->Disconnect() closes 42
thread 2: opens a file with fd 42
thread 1: freerdp_peer_free closes 42
thread 2: uses closed file descriptor 42
2024-02-23 11:02:06 +01:00
akallabeth
05175d70f0 [tests,gdi] skip failing test cases 2024-02-22 12:31:50 +01:00
akallabeth
acedd305d3 fixed unused-but-set-variable warnings 2024-02-22 12:31:50 +01:00
akallabeth
05e555feb7 fixed unused-variable warnings 2024-02-22 12:31:50 +01:00
akallabeth
43eae6029f [clang-tidy] fix various review warnings 2024-02-22 12:31:50 +01:00
akallabeth
42cfe9bf1a [cmake,test] deactivate TestGdiLine
The test is broken (and has been for a long time), deactivate it.
2024-02-22 12:31:50 +01:00
akallabeth
d7ebec5a65 [tidy] move loop variable declaration to loop 2024-02-22 12:31:50 +01:00
akallabeth
d76fcd2364 [primitives,opencl] fix alpha handling 2024-02-19 12:29:37 +01:00
akallabeth
1a42cf4f26 [tests,primitives] make error message more verbose 2024-02-19 12:29:37 +01:00
akallabeth
e8194a8fa3 [primitives,opencl] fix warnings 2024-02-19 12:29:37 +01:00
akallabeth
b894199f72 [winpr,collections] add generic string clone functions
The ArrayList, HashTable, ... New functions require
void* (*fkt)(const void* ptr) type functions. Provide a generic wrapper
for CHAR and WCHAR strdup to eliminate warnings. Also export a
corresponding free function to avoid issues with runtime
differences.
2024-02-15 11:49:16 +01:00
akallabeth
d0dc657412 [build] delete unused static functions 2024-02-15 11:49:16 +01:00
akallabeth
0e44b2c674 [clang-tidy] clang-analyzer-unix.Malloc 2024-02-15 11:49:16 +01:00
akallabeth
b8598728a6 [clang-tidy] clang-analyzer-core.uninitialized.Assign 2024-02-15 11:49:16 +01:00
akallabeth
81d2c1f057 [clang-tidy] clang-analyzer-core.NullDereference 2024-02-15 11:49:16 +01:00
akallabeth
f69e1fe697 [clang-tidy] readability-duplicate-include 2024-02-15 11:49:16 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth
207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
Martin Fleisz
2e5d4fbe06 gateway: Do not fail if unprocessed padding bytes are detected
Sometimes the RPC PDUs have unprocessed data (padding bytes) at their
end. In that case do not fail but just log a warning with the correct
amount of remaining bytes.
2024-02-14 16:25:41 +01:00
akallabeth
db8682648b Revert "[codec] encode messages considering endianness"
This reverts commit 6ba4aad9ab.
2024-02-09 10:29:08 +01:00
akallabeth
9a51830434 [codec,jpeg] use winpr image for jpeg 2024-02-07 10:04:08 +01:00
David Benjamin
72bc3578a0 clang-format 2024-02-07 07:53:37 +01:00
David Benjamin
7548be62c3 Support RSA-PSS certificates in x509_utils_get_signature_alg
RSA-PSS in X.509 is truly horrible, and OpenSSL does not expose very good APIs
to extract this, even though the library does handle it internally. Instead, we
must tediously unwrap RFC 4055's unnecessarily complicated encoding of
RFC 8017's unnecessarily flexible RSA-PSS definition.
2024-02-07 07:53:37 +01:00
David Benjamin
f987e304ee Add some tests for x509_utils_get_signature_alg
Temporarily disable the RSA-PSS tests for now, but this is enough for a
regression test for the previous issue.
2024-02-07 07:53:37 +01:00
David Benjamin
bee7f94e93 [crypto,x509] fix tls-server-end-point signature algorithm selection
This reverts commit 00baf58a71. That
change appears to have been incorrect. It's described as simplying
retrieving the "default signature digest", but it actually changed the
function's behavior entirely. The function wasn't retrieving defaults
previously.

A certificate contains, among other things, a public key and a
signature. The public key is the public key of the subject. However, the
signature was generated by the issuer. That is, if I get a certificate
from a CA, the public key will be my public key and the signature will
be my CA's signature over the certificate contents.

Now, the original code returned the digest used in the certificate's
signature. That is, it tells you which signature algorithm did my *CA*
use to sign my certificate.

The new code extracts the certificate's public key (my public key, not
the CA's). This doesn't necessarily tell you the signature algorithm, so
it then asks OpenSSL what the "default" signature algorithm would it use
with the key. This notion of "default" is ad-hoc and has changed over
time with OpenSSL releases. It doesn't correspond to any particular
protocol semantics. It's not necessarily the signature algorithm of the
certificate.

Now, looking at where this function is used, it's called by
freerdp_certificate_get_signature_alg, which is called by
tls_get_channel_binding to compute the tls-server-end-point channel
binding. That code cites RFC 5929, which discusses picking the hash
algorithm based on the certificate's signatureAlgorithm:

https://www.rfc-editor.org/rfc/rfc5929#section-4.1

That is, the old version of the code was correct and the
"simplification" broke it. Revert this and restore the original version.

I suspect this went unnoticed because, almost all the time, both the old
and new code picked SHA-256 and it was fine. But if the certificate was,
say, signed with SHA-384, the new code would compute the wrong channel
binding.
2024-02-07 07:53:37 +01:00
akallabeth
2fffcd64b9 [winpr] use winpr_strerror instead of strerror
use the wrapper from WinPR to use the best implementation available.
2024-02-06 15:45:47 +01:00
akallabeth
ba8cf8cf21 [build] fix Wmismatched-deallocator warnings
With custom malloc function attributes the fail path in the _New
functions produces warnings due to allocator mismatches. Silence them.
2024-02-05 08:16:55 +01:00
Isaac Klein
763462d0a9 include null byte in Authorization Request PDU
The RDS AAD Auth PDUs have no packet headers to indicate length.
Instead, these packets are zero-terminated strings. Somehow, Windows
accepts Authentication Request PDUs without a terminating null byte
during regular connections, but not through WVD websocket gateways.
2024-02-04 13:00:48 +01:00
akallabeth
bb42d425ed [gcc,clang] add support for attribute(malloc)
Mark all malloc like functions and add their appropriate free function
to let the compiler complain on mismatches
2024-02-02 15:10:40 +01:00
Vic Lee
5559e59f40 [channels] Add synchronous static channel setting. 2024-02-01 15:06:23 +01:00
akallabeth
e067e9dc6d [core,peer] fix typo 2024-01-29 11:52:22 +01:00
akallabeth
2cd64ba424 [cmake] fallback cJSON detection 2024-01-29 09:34:59 +01:00
akallabeth
cefe847683 [core,gateway] use FREERDP_USER_AGENT define
Define FREERDP_USER_AGENT in version.h to be used by gateway http user
agent
2024-01-29 08:46:29 +01:00
Vic Lee
f2794daf38 [core,transport] make blocking mode available to transport IO interface. 2024-01-22 12:57:01 +01:00
akallabeth
575d42312a [code] improve error checks on free 2024-01-19 09:57:41 +01:00
Armin Novak
db73c562a2 [core,gcc] split update of RDP encryption from gcc
* Update EncryptionLevel and EncryptionMethods before writing GCC data
* Use const rdpSettings* in all GCC write functions
2024-01-19 06:51:30 +01:00
Armin Novak
939e922936 [codec,planar] check resolution for overflow
If the codec resolution is too large return an error as the internal
buffers would otherwise overflow.
2024-01-16 09:02:58 +01:00
akallabeth
a842350177 [core,license] improve logging of failures
* ensure every failure path writes an appropriate log message
* fix compiler warnings (integer sizes, ...)
2024-01-15 13:13:42 +01:00
akallabeth
c303e4e8b9 [core,security] ensure length, log failures 2024-01-15 13:13:42 +01:00
akallabeth
55f200f1b5 [core,tpkt] log too large tpkt stream length 2024-01-15 13:13:42 +01:00
akallabeth
d5eecda8a3 [crypto,cert] log if empty certificate is read 2024-01-15 13:13:42 +01:00
Vic Lee
16206cb505 [channels,drdynvc] Add settings to enable synchronous dynamic channels. 2024-01-11 15:24:55 +01:00
akallabeth
0e828bd657 [core,peer] properly handle out of sequence PDU
If the peer state machine is in state
CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT properly check for
available data. If a PDU was received in this state it is an out of
sequence PDU (that might happen during deactivation/reactivation) and
must be parsed.
2024-01-10 08:27:14 +01:00
akallabeth
a612463c96 [core,peer] improve logging
log unhandled data in peer_recv_callback as warning if the loop
terminates.
2024-01-10 08:27:14 +01:00
akallabeth
2e42d8ac2b [core,connection] add more logging
log peer->ClientCapabilities execution failures
2024-01-10 08:27:14 +01:00