Commit Graph

188 Commits

Author SHA1 Message Date
akallabeth
e019ed6566 Removed invalid check 2020-11-17 09:04:52 +01:00
akallabeth
2973ec6f1c Fixed BehaviorSanitizer warnings 2020-05-20 15:10:07 +02:00
akallabeth
0a86090ff1 Fix initialization of LargePointer flags
Capability exchange is first reading server capabilities,
mask these with local settings and send only what both support.
2020-04-22 11:10:56 +02:00
akallabeth
6f00add067 Export remaining packet length from rdp_read_share_control_header 2020-04-06 13:18:35 +02:00
akallabeth
df55f40ecf Fixed incorrect parser error message. 2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf Better error message for partial parsed capability 2020-04-03 15:10:49 +02:00
akallabeth
21320d973c Use safe seek for capability parsing
thanks to @hardening for pointing that one out.
2020-04-02 17:39:51 +02:00
akallabeth
3627aaf7d2 Fixed #6011: Bounds check in rdp_read_font_capability_set 2020-04-02 17:28:17 +02:00
Armin Novak
c7187928e9 Fix tpkt header length checks for encrypted packets
If securityFlag SEC_ENCRYPT is set, remove the encryption headers from
the TPKT header length on comparison.
2020-03-10 12:20:50 +01:00
Armin Novak
be714d2a13 Fixed tpkt header length checks.
TPKT header length and consumption of data was not consistently
checked. This adds checks after each packet processed and fixes
any inconsistencies found.
2020-03-02 11:40:35 +01:00
Armin Novak
039bb88fef Fixed warnings in capabilities.c 2020-03-02 11:40:35 +01:00
Armin Novak
318cb3dd47 Added tpkt header length plausibility checks. 2020-03-02 11:40:35 +01:00
Martin Fleisz
7ae8a158a0
Merge pull request #5707 from akallabeth/kbd_codepage
Added KeyboardCodePage option
2020-02-25 14:50:51 +01:00
Armin Novak
30275e7ac3 Added keyboard language codepages and listing option 2020-02-21 11:57:36 +01:00
Armin Novak
182d0ce548 Added RDP 10.7 large pointer support
* Implements [MS-RDPBCGR] version 51 large pointer support.
* Logs unknown large pointer capability flags as warning.

Signed-off-by: Armin Novak <armin.novak@thincast.com>
2019-12-19 09:53:40 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
59b4988f56 Fixed compilation warnings. 2019-10-16 14:54:05 +02:00
Armin Novak
2cc714a57d Updated RAILS implementation
* Implement new messages and callbacks
* Announce most recent channel features
* Added settings to configure flags to announce
2019-05-08 17:25:15 +02:00
Armin Novak
0560ba0910 Fixed mixing of remote application mode requested and feature mask. 2019-02-20 08:45:36 +01:00
Armin Novak
aacf5bddc4 Updated rail channel, supporting all new messages. 2019-02-19 15:04:11 +01:00
Mariusz Zaborski
269002f0a1 Respect settings while sending the input capabilities. 2018-12-11 13:55:21 +01:00
Armin Novak
c0b13cf43f Added checks for order type window support. 2018-11-15 09:52:50 +01:00
Armin Novak
138eb13fea Updated RDP_VERSION definitions. 2018-11-14 10:14:48 +01:00
Martin Fleisz
7b0f4f5dc4
Merge pull request #4907 from akallabeth/transport_write_leak_fix
Transport write leak fix
2018-10-29 14:54:55 +01:00
Armin Novak
991f051a63 Fixed stream release for transport_write 2018-10-17 14:55:55 +02:00
Armin Novak
88bd262134 Send brush support level from settings. 2018-10-16 13:48:29 +02:00
Armin Novak
59e8b67287 Fixed broken #ifdef 2018-01-15 10:18:03 +01:00
Armin Novak
97cc55deec Fixed bitmap capability debug. 2018-01-12 09:22:08 +01:00
David Fort
41823080f9 Fix users of Stream_GetPosition() that returns size_t 2017-12-11 22:38:58 +01:00
David Fort
11ee81be60 Fix XRandr for old systems and MacOSX
We need a recent enough version of XRandr to correctly detect monitor.
Also this patch adds some typo or style fixes.
2017-12-08 10:59:38 +01:00
Armin Novak
d2d621106d Fixed capability checks for mouse and unicode input. 2017-07-31 12:30:35 +02:00
Armin Novak
dd4b5ea126 Disable JPEG codec support if not compiled in. 2017-07-24 15:23:36 +02:00
Armin Novak
8292b4558f Fix TALOS issues
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
2017-07-20 09:28:47 +02:00
David Fort
17a4e95a5b Drop some annoying warning
Probably that some unused functions should be removed, but at least it makes
it compile with no warnings.
2017-05-12 13:54:16 +02:00
David Fort
7b61dbdd0f Don't forget to send the RAIL capabilities in server mode 2017-03-09 23:15:49 +01:00
David Fort
815c97efb2 The LongCredentials capability were not parsed or used 2017-03-02 00:39:08 +01:00
David Fort
6894ed3af6 Dropped some warnings and fix code style
Dropped some warning that were caused by the DEBUG_CAPABILTIES define.
Also adjusted some lines that were quite ugly after the automatic truncation
to 80 characters.
2017-02-21 23:00:41 +01:00
Jakub Adam
463cb41596 Allow custom MultifragMaxRequestSize in server mode
FreeRDP calculates default request size in server mode based upon
the desktop resolution. In practice, however, I've found clients (namely
MS Lync 2013) which would show only a black screen when the value is
greater than 0x3EFFFF.

This change allows to override the default in such special cases by
assigning a different value to server->settings->MultifragMaxRequestSize
after the shadow server structure is initialized in shadow_server_new().
2017-01-11 16:36:05 +01:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Armin Novak
a1b2325c1d Ensure securityFlags are always initialized. 2016-12-02 12:04:53 +01:00
Armin Novak
0e1b385b5f Internal functions static. 2016-10-06 13:43:03 +02:00
Armin Novak
e79eee2bb1 Fixed Stream API misuse. 2016-02-25 20:01:12 +01:00
David FORT
b6dd7bbb88 Check more Stream_EnsureCapacity results when writing capabilities 2016-01-28 15:12:26 +01:00
Hardening
7af1ec85f0 Merge pull request #3083 from akallabeth/capability_set_fix
Fix #3081, set client string encoding.
2016-01-27 10:45:54 +01:00
Armin Novak
974d2ef433 Fix #3081, client string encoding. 2016-01-27 10:34:01 +01:00
David FORT
708d0cb3c0 Check server and client capabilities
Most of the capabilities are sent by both the client and the server. But for some
the specs specify that they are only supposed to be only send by the server or the client.
This patch ensures this. Without this patch a malicious client can change server settings
and a malicious server can modify client settings.
2016-01-26 16:14:48 +01:00
David FORT
137825ed9f Stream_EnsureCapacity return value aren't checked in capabilities_write 2016-01-25 19:11:35 +01:00
Binyamin Sagal
23fea1615f Fix horizontal scrolling direction and capability detection 2015-12-14 21:48:31 +02:00
Armin Novak
a5db7117c8 Implemented horizontal wheel support.
Horizontal mouse wheel input capabilities are now checked
and if available mouse buttons 6 and 7 are mapped to the
horizontal wheel for the X11 client.
2015-12-14 18:29:23 +01:00
Armin Novak
188fe4ed2b Removed rdp disconnect, using unified abortEvent instead. 2015-09-05 14:57:30 +02:00
Marc-André Moreau
161359f6ec libfreerdp-core: fix receiving of logon error info during capability exchange 2015-06-29 12:43:18 -04:00
Hardening
2ec3734607 Merge pull request #2659 from oshogbo/unused
Remove unused variable.
2015-05-28 22:57:17 +02:00
Mariusz Zaborski
461497b8a5 Remove unused variable. 2015-05-27 16:04:06 +02:00
Marc-André Moreau
7e1dbd505b Merge branch 'awakecoding' of https://github.com/vworkspace/FreeRDP
Conflicts:
	channels/rdpdr/server/rdpdr_main.c
2015-05-20 11:40:48 -04:00
Bernhard Miklautz
3c7662517c hardening
Start to add missing checks for:
* *alloc
* *_New
2015-03-25 17:38:21 +01:00
Norbert Federa
5f525e4f8d core: fix refreshRect/suppressOutput capabilities
refreshRectSupport and suppressOutputSupport of the General
Capability Set (MS-RDPBCGR 2.2.7.1.1) are server-only flags
that indicate whether the Refresh Rect or Suppress Output
PDUs are supported by the server.

Therefore in rdp_read_general_capability_set() we must only
change the respective settings if we are not in server mode.
2015-02-18 19:33:19 +01:00
Mike McDonald
07a05ae80f Modified server side code to handle an older version of TS_RFX_ICAP [version 0.9 (0x0009), tileSize 128 (0x0080)] sent by older clients. 2015-02-12 22:17:16 -05:00
Norbert Federa
dd9f15450a core/capabilities: remove misplaced/useless code
Commit 0357a38e31 has added some code
without any effect.
That commit added code to rdp_read_capability_sets() to check if
CAPSET_TYPE_MULTI_FRAGMENT_UPDATE was not received which caused
settings->MultifragMaxRequestSize to be set to 0.

- this was done in the wrong place because we do these kind
  of checks in rdp_recv_confirm_active() by consulting the
  variable settings->ReceivedCapabilities[]
- the code had no effect at all because MultifragMaxRequestSize gets
  set to FASTPATH_FRAGMENT_SAFE_SIZE in rdp_recv_confirm_active()
  if the CAPSET_TYPE_MULTI_FRAGMENT_UPDATE was not received.
2015-02-02 18:25:10 +01:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
d6e6db05e9 libfreerdp-core: sanitize NSCodec capabilities 2014-11-19 09:39:47 -05:00
Armin Novak
8d4589b1e1 Replaced fprintf error messages with WLog. 2014-11-16 12:21:38 +01:00
Marc-André Moreau
02646b349f Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	libfreerdp/core/gcc.c
2014-10-25 10:29:06 -04:00
Norbert Federa
9c2e90df7d core: fix pointer caps, slowpath kbd and a gcc fix
* According to MS-RDPBCGR 2.2.7.1.5 the pointerCacheSize is optional
  and its absence or a zero value indicates missing client support for
  the New Pointer Update.

* Added and fixed some comments regarding the meaning of the KBDFLAGS_DOWN
  keyboard flag and how it is currently used in the code.
  "Fixed" the slow path keyboard input to generate the same keyboard flags
  as the corresponding fast path code.

* Some arbitrary value was used for the ConnectPDULength in the GCC
  Conference Create Response. According to MS-RDPBCGR 4.1.4 this value must
  be ignored by the client so we encode a zero value instead.
2014-10-22 12:27:07 +02:00
Mike McDonald
5fa6fa7013 Merge branch 'master' of https://github.com/awakecoding/FreeRDP into awakecoding-staging 2014-10-20 14:42:46 -04:00
Mike McDonald
0357a38e31 Fix to properly negotiate fast-path fragmentation. 2014-09-30 21:12:20 -04:00
Marc-André Moreau
7574788ba5 libfreerdp-core: fix GCC core data block negotiation 2014-09-22 11:38:33 -04:00
Marc-André Moreau
c4ad706c34 libfreerdp-core: improve bitmap codec negotiation 2014-09-21 15:40:27 -04:00
Marc-André Moreau
72e7507bee Merge branch 'shadow' of github.com:awakecoding/FreeRDP
Conflicts:
	libfreerdp/core/capabilities.c
2014-09-19 14:39:43 -04:00
Marc-André Moreau
d102e746c8 Merge branch 'awakecoding' of github.com:vworkspace/FreeRDP
Conflicts:
	libfreerdp/core/license.c
	libfreerdp/core/nego.c
	winpr/libwinpr/synch/wait.c
2014-09-19 14:38:25 -04:00
Marc-André Moreau
aa2e6dacbb shadow: fix frame acks + bitmap negotiation 2014-09-19 12:06:12 -04:00
Mike McDonald
62f4b0be2e Modified code to honor the negotiated settings for 1) ENC_SALTED_CHECKSUM in the general capability set extraFlags field and 2) DRAW_ALLOW_SKIP_ALPHA in the bitmap capability set drawingFlags field. 2014-09-18 19:31:06 -04:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Marc-André Moreau
bd516e04fa libfreerdp-primitives: cleanup YCoCg 2014-09-06 21:13:37 -04:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Bernhard Miklautz
2bb0659fb4 core: improve fast-path multifragment handling
* make sure fast-path packages are not fragmented if no
  multifragment support was announced
* handle special server side case where the multifragment size
  received from the client is smaller than one maximum fast-path
  PDU size
2014-07-24 16:29:46 +02:00
Daryl Poe
fa06452a4b add YCoCg->RGB and 16-to-32bit SSE 2014-07-02 14:30:04 -06:00
Marc-André Moreau
c2a59c23a7 libfreerdp-core: fix potential crash on session redirection failure 2014-04-28 16:44:52 -04:00
Norbert Federa
5db9d630de core/server: only enable activated bitmap codecs 2014-04-10 19:13:47 +02:00
Norbert Federa
210985f99e core: fix multifragment update capability exchange 2014-04-10 17:22:06 +02:00
Norbert Federa
313c97df88 capabilities: fix MultifragMaxRequestSize parsing
- no reason to limit this to RemoteFX
- network and settings values were incorrectly compared
2014-03-19 10:52:05 +01:00
Norbert Federa
b39cae3883 Fix handling of "no CAPSET_TYPE_SURFACE_COMMANDS"
If CAPSET_TYPE_SURFACE_COMMANDS is not received the SurfaceCommandsEnabled and SurfaceFrameMarkerEnabled settings must be set to FALSE.
2014-03-06 19:16:05 +01:00
Marc-André Moreau
e5990fa60c libfreerdp-core: MCS cleanup, better handling of domain parameters 2014-02-13 17:06:33 -05:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Mike McDonald
02c9d07bcf Fixes to process new command line options (autodetect, heartbeat, multitransport), join the MCS message channel and process auto-detect PDUs during the connection sequence. 2014-01-29 22:53:32 -05:00
Marc-André Moreau
843953048c Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-01-08 11:16:35 -05:00
Hardening
33f0eb0915 More security fixes for capabilities
This patch fixes a security issue which would allow an attackant to set bytes to 1 at choosen places.
It also fixes a warning when DEBUG_CAPABILITIES is set.
2013-12-18 10:54:02 +01:00
Hardening
8767931431 Harden capability parsing
Don't check only the number of capabilities but also the remaining size in the stream
2013-12-13 15:08:43 +01:00
Hardening
d7b7fcc688 Parse the Surface frame marker flag
This patch adds the parsing for the surface framemarker flag, so that
we can test it later.
2013-12-06 23:25:31 +01:00
Marc-André Moreau
7246cf1f8f libfreerdp-core: reduce usage of update_force_flush in server-side update code 2013-07-29 10:21:32 -04:00
Marc-André Moreau
ea51dfc0b4 libfreerdp-core: fix server-side secondary drawing orders encoding bugs 2013-07-28 20:21:43 -04:00
Marc-André Moreau
3ec5be7624 libfreerdp-core: improve server-side capabilities parsing 2013-07-28 19:11:41 -04:00
Marc-André Moreau
91103b76b3 libfreerdp-core: modify server-side confirm active pdu receiving logic 2013-07-19 18:24:56 -04:00
Marc-André Moreau
6cde25937d libfreerdp-core: wrap state transition actions 2013-07-18 17:15:10 -04:00
Marc-André Moreau
f6df97c61e freerdp: add server-side Bitmap Cache v3 and Frame Marker negotiation 2013-06-21 19:20:20 -04:00
Marc-André Moreau
2bd6808432 freerdp: merge with master 2013-06-05 10:31:01 -04:00
Bernhard Miklautz
a0fc0513e5 core: properly set MultifragMaxRequestSize for rfx
The RemoteFX spec states that the MultifragMaxRequestSize must be at
least as big as the one received by the server. If MultifragMaxRequestSize
is too small the server disables  RemoteFX (Codec).
2013-05-21 15:49:03 +02:00
Marc-André Moreau
202614a1a4 libfreerdp-core: reduce reuse of same pdu buffers 2013-05-15 15:54:33 -04:00
Marc-André Moreau
fc592a1750 libfreerdp-core: replace usage of Stream_GetPointer() by Stream_GetPosition() in potentially unsafe places 2013-05-15 14:42:37 -04:00
Marc-André Moreau
fdf3ddcf9e freerdp: purge deprecated stream utils 2013-05-08 17:48:30 -04:00
Marc-André Moreau
fd230443c5 freerdp: purge old stream utils 2013-05-08 16:27:21 -04:00