Commit Graph

87 Commits

Author SHA1 Message Date
Armin Novak
4e66972616 Fixed remaining global order buffers. 2018-05-02 08:54:21 +02:00
Armin Novak
d249335708 Removed winpr_exit
As the cleanup functions are called by atexit a dedicated
cleanup call is no longer required.
2018-04-03 12:56:33 +02:00
Armin Novak
2517755d25 Fixed thread function return and parameters. 2018-03-07 14:36:55 +01:00
Armin Novak
1f7d33a2f2 Fixed read/write of surface bits command.
The optional field exBitmapDataHeader of TS_ BITMAP_DATA_EX was ignored.
Read and expose the data (currently unused)
2018-03-01 11:38:59 +01:00
Armin Novak
2d58e96dcc Exit main thread with winpr_exit to trigger resource cleanup.
When using pthread_once with destructors they are only called,
if each thread (including the main thread) is exited with pthread_exit.
Introducing winpr_exit as a wrapper for that purpose.
2018-02-12 10:33:02 +01:00
Armin Novak
7305828122 Fix #4239: Various memory leaks
* Fixed all tests, now can be run with -DWITH_ADDRESS_SANITIZER=ON compiled.
* Enabled address sanitizer for nightly builds.
2017-12-12 11:40:48 +01:00
Brent Collins
e21f9e359b Initialize SSL directly in the sample server, instead of relying on the SSL initialize logic
in the tls code as it was removed in a previous patch due to its redundancy.
2017-11-17 12:43:07 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
Norbert Federa
99a58ab20d Fixed sample server's wrong rfx pixel format 2017-07-10 11:31:42 +02:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Norbert Federa
c6e6b44143 countless WLog/printf format specifier fixes 2016-11-25 17:06:25 +01:00
zihao.jiang
ddc326d6d3 Fix server side code to be aware of rereadEvent 2016-10-27 23:43:09 +08:00
David Fort
f92860de87 Applied astyle formatting 2016-10-14 15:12:48 +02:00
David Fort
5b080359a9 sample-server: add a "local only" option to just listen on an UNIX socket
This makes things nicer for tests that don't need internet access.
2016-10-14 15:12:48 +02:00
Armin Novak
9a1c60885c Unified RFX server color format. 2016-10-06 13:43:15 +02:00
Armin Novak
df35c135d1 Fixed color conversion, unified GFX and updated API. 2016-10-06 13:42:58 +02:00
Armin Novak
ce8f3f2539 Fixed context reset of sample server. 2016-03-02 14:46:33 +01:00
Armin Novak
2e110c7f35 Fixed codec reset, now resetting resolution too.
H264 and others require the surface resolution to work properly.
This initializes the codecs and the resolution on reset.
2016-03-02 14:46:33 +01:00
Armin Novak
b69047064a Replaced stream manipulation with EnsureCapacity. 2016-02-29 12:54:31 +01:00
Armin Novak
e79eee2bb1 Fixed Stream API misuse. 2016-02-25 20:01:12 +01:00
Armin Novak
cf9f975341 Replaced snprintf with sprintf_s 2015-07-03 13:26:15 +02:00
Armin Novak
40a7f2c995 Added missing include breaking windows build. 2015-07-03 12:46:28 +02:00
Armin Novak
82da97e606 Updated sample server.
* Added new command line argument --port to allow starting the
  sample server on a port different than default 3389.
* Using GetKnownSubPath now to determine location of temporary
  directory for server socket.
* Using distinct server socket files for each port.
2015-07-03 10:04:24 +02:00
Armin Novak
89eac97d0e Fixed uninitialized value. 2015-06-23 12:09:42 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Norbert Federa
25fc866a58 Fix unchecked CreateThread calls and misc fixes 2015-05-05 13:55:48 +02:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Norbert Federa
84577b1ca7 codec/rfx: error checking and various fixes
- removed some unneeded null checks for free()
- fixed a memory leak in shadow_client
- removed rfx_compose_message_header from API

Changed the following functions to BOOL, check the result
where they are called and handle failures:
- rfx_compose_message
- rfx_compose_message_header
- rfx_write_tile
- rfx_write_message_tileset
- rfx_write_message_frame_begin
- rfx_write_message_region
- rfx_write_message_frame_end
- rfx_write_message

rfx_process_message:
- check memory allocation failures
- verify protocol-conform order of data messages to prevents memory
  leaks caused by repeated allocations
- verify that header messages were parsed/received before the
  data messages
- treat unknown rlgr mode as error
- fixed/added error handling
- fixed all callers to check/handle result

rfx_encode_message:
- fixed incorrect usage of realloc
- missing malloc check
- missing check of CreateThreadpoolWork
- correct cleanup on failure (threadpool, memory)
- check rfx_encode_message result

rfx_encode_messages:
- check rfx_split_message result
- correct cleanup on failure
- prevent memory leak on failure

rfx_write_message_context:
- fixed invalid channelId value (must be 0xFF for WBT_CONTEXT)

rfx_process_message_codec_versions:
- fixed invalid read size of codec_version (it is 16bit)

rfx_process_message_channels:
- verify protocol conform channelId value

rfx_process_message_region:
- replaced invalid reallocs with malloc
- read and verify regionType and numTileSets from stream

rfx_process_message_tileset:
- check allocation results
- fixed incorrect usages of realloc

setupWorkers:
- fixed incorrect usages of realloc

rfx_split_message:
- removed dead code
- missing malloc check

rfx_compose_message:
- fixed a memory leak
- check/handle rfx_encode_message result
2015-04-23 15:42:21 +02:00
Hardening
6cd7713e12 Merge pull request #2544 from bmiklautz/boolenization
change return types of callbacks to BOOL
2015-04-22 11:01:27 +02:00
Armin Novak
65a4c6e1fc Changed listener callback arguments and return. 2015-04-21 15:57:25 +02:00
Bernhard Miklautz
1e6943bf31 Fix formating 2015-04-21 14:20:24 +02:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Armin Novak
6e213bc61b Modified GetEventHandles of listener
Now using nCount as in and out argument.
When called, set nCount to the number of available handles.
This value is checked and an error returned, if not enough
handles are available.
2015-04-21 12:09:44 +02:00
Armin Novak
7b0d7b3552 Using new API for socket listener. 2015-04-19 10:39:08 +02:00
Armin Novak
4ed891b599 Moved client handler to new API. 2015-04-19 10:39:08 +02:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Armin Novak
5b5791c8d7 Using wlog for server now. 2014-09-15 08:55:00 +02:00
Armin Novak
8d8719e101 Replaced fprintf with DEBUG_WARN 2014-08-11 09:19:47 +02:00
Marc-André Moreau
f1a866340e server/Sample: stub server-side encomsp channel 2014-06-25 15:21:02 -04:00
Hardening
c076ffb020 Don't use NULL for pWrittenBytes when calling WTSVirtualChannelWrite()
Nothing in the MSDN API says that setting NULL is safe. And if the
implementation uses WriteFile directly, it crashes.
2014-05-28 17:04:24 +02:00
Marc-André Moreau
67743b6832 libfreerdp-core: enable RDP6.1 XCrush compression/decompression by default 2014-05-23 14:11:53 -04:00
Marc-André Moreau
ab7958ffb2 libfreerdp-codec: fix NCrush compressor 2014-04-20 23:19:09 -04:00
Marc-André Moreau
d08b6fe4bd libfreerdp-codec: fix handling of PACKET_AT_FRONT, PACKET_FLUSHED in MPPC compression 2014-04-20 21:28:09 -04:00
Bernhard Miklautz
8168477886 sample server: fix printf format compiler warning 2014-04-17 10:04:17 +02:00
Bernhard Miklautz
cd4cfaae6a sfreerdp: updated to use latest WTSAPI 2014-03-03 18:10:06 +01:00
Marc-André Moreau
8510ad3171 freerdp: remove rdpChannel definition in favor of CHANNEL_DEF 2014-02-28 12:07:22 -05:00
Marc-André Moreau
6e1cdf1b67 libfreerdp-core: expose opaque HANDLE instead of WTSVirtualChannelManager* 2014-02-27 13:30:04 -05:00
Marc-André Moreau
f3011492d8 freerdp-server: remove usage of deprecated custom server-side channel API 2014-02-16 23:09:21 -05:00