If g_pInterface is set to NULL outside the critical section in one thread
while another thread is in the critical section, the channel client context
allocated in the VirtualChannelEntry won't end up getting freed.
The channel client context is normally loaded from g_pInterface in
FreeRDP_VirtualChannelInit and stored in the pChannelInitData, then copied
from there onto the pChannelOpenData structure in FreeRDP_VirtualChannelOpen
and finally freed in freerdp_channels_free.
When the event is reset in transport_check_fds xfreerdp doesn't work and
consumes 100% CPU (see #2790). On windows this is require otherwise the
CPU consumption is 100% there.
This quick fix only resets the event on windows. It's a working approach
but definitely not the final solution.
winsock.h pulls in a lot of defines and dependencies that are not
required and partially unwanted in winpr's core (for parts that are not
related to network). In order to get rid of this dependency and have an
independent defines for extended winpr functions the WINPR_FD_* defines
are used internally (and for exposed functions). Where required, like in
WSAEventSelect, the FD_* is mapped to WINPR_FD_*.
From MSDN, it looks same as CreateEvent(NULL, FALSE, FALSE, NULL):
The WSACreateEvent function creates a manual-reset event object with an initial state of nonsignaled. The event object is unnamed.
However they are not really equivalent. When we use normal event, the WSAEventSelect still works but the event appears to be 'auto-reset'.
This patch contains:
* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
rdp_recv_message_channel_pdu always read the rdp security header
even if it was already previously read (which is the case if rdp
security is active)
This caused malfunctions and disconnects when heartbeat or bandwidth
autodetect packets were sent/received in rdp security mode.
Credit goes to @MartinHaimberger for identifying the broken code
part.