Commit Graph

91 Commits

Author SHA1 Message Date
akallabeth
3ccb96d52f Fixed #7350: Warnings with Stream_StaticInit
* Properly initialize the stream buffer
* Add Stream_StaticConstInit accepting a const buffer
* Modify API to return a pointer to the stream initialized
2021-10-14 12:11:16 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
akallabeth
6b36c6d417
Replace fopen and path functions with wrappers (#7043)
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
2021-05-31 11:42:03 +02:00
akallabeth
c10a030ec6 Fixed use fo crypto_rsa_public_encrypt in license module 2021-05-11 08:00:18 +02:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
akallabeth
1feb034896 Fixed invalid argument type for license function 2021-02-07 19:58:56 +01:00
Armin Novak
54e02e1642 Use wide char file paths for license 2021-02-04 21:22:21 +01:00
Armin Novak
773cfcd6da Fixed #6760: Use wide char file operations on windows. 2021-02-04 21:22:21 +01:00
akallabeth
6ade7b4cbf Fixed OOB Read in license_read_new_or_upgrade_license_packet
CVE-2020-11099 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
Armin Novak
c7187928e9 Fix tpkt header length checks for encrypted packets
If securityFlag SEC_ENCRYPT is set, remove the encryption headers from
the TPKT header length on comparison.
2020-03-10 12:20:50 +01:00
Armin Novak
07605b0281 Consume all TPKT data reading new/upgrade license 2020-03-05 13:48:58 +01:00
Armin Novak
318cb3dd47 Added tpkt header length plausibility checks. 2020-03-02 11:40:35 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
59b4988f56 Fixed compilation warnings. 2019-10-16 14:54:05 +02:00
byteboon
df280a7ffd FreeRDP#5329 if using OldLicenseBehaviour, don't try to save the Cal since we're not going to try to load it (#5330) 2019-04-08 09:42:02 +02:00
Armin Novak
f51a9bafcc Fixed sign-compare warnings 2019-04-05 09:13:24 +02:00
David Fort
f4b7a27c2b license: implement server-side management
Add server-side management of the licensing workflow. The default
behaviour is to accept the client, but if a server wants to implement
full licensing support as in MS-RDPELE it is possible by defining a callback.
2019-01-21 09:57:15 +01:00
David Fort
635b17d0a1 license: fix licencing against windows 2003 server
The spec says:

"For Windows Server 2008, Windows Server 2008 R2, and Windows Server
2012, the EncryptedLicenseInfo variable (part of the Server Upgrade License PDU) sent by the server
to the client has the wBlobType parameter set to value BB_ENCRYPTED_DATA_BLOB (0x0009). For
Windows Server 2003, the value of wBlobType is not defined."

So don't enforce the message type.
2018-12-05 10:50:47 +01:00
Armin Novak
aeeaba5bc3 Fixed a memory leak. 2018-11-29 12:14:20 +01:00
Armin Novak
feb993b948 Fixed double free in license_free_binary_blob 2018-11-21 15:07:36 +01:00
David Fort
b6e6575bf6 license: support CAL license
This patch simplifies the licensing code mutualizing encryption / decryption
routines. It also adds the support for client_info packet that allows to send a
previously saved CAL file.
2018-11-13 09:42:19 +01:00
Armin Novak
991f051a63 Fixed stream release for transport_write 2018-10-17 14:55:55 +02:00
David Fort
41823080f9 Fix users of Stream_GetPosition() that returns size_t 2017-12-11 22:38:58 +01:00
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
Armin Novak
8292b4558f Fix TALOS issues
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
2017-07-20 09:28:47 +02:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Armin Novak
a1b2325c1d Ensure securityFlags are always initialized. 2016-12-02 12:04:53 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Armin Novak
b429d230cb Refactored crypto *_New functions. 2016-02-29 09:00:02 +01:00
Armin Novak
92c15783dc Updated RC4 API, fixed crashing bug. 2016-02-28 11:19:29 +01:00
Armin Novak
5805ba8e52 Removed crypto_nonce. 2016-02-27 22:40:43 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
ada2b16c50 Unified RC4 functions. 2016-02-24 17:04:03 +01:00
Armin Novak
06da644007 Unified md5 functions. 2016-02-24 16:46:25 +01:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
David FORT
c03bf75896 Take in account @nfedera's comments 2015-04-07 21:06:53 +02:00
David FORT
edb915943f Treat return values in license.c
This patch changes functions that should not return void and also treat the
callers of these functions.
2015-04-01 11:38:53 +02:00
David FORT
0eb399a717 Treat return values for security.c
This patch make functions in security.c return values when they should instead of
beeing void. And it also fix the callers of these functions.
2015-04-01 11:11:37 +02:00
Marc-André Moreau
aa8b843250 libfreerdp-core: move stuff down from transport to tsg layer 2015-02-11 11:57:02 -05:00
Norbert Federa
765b25933e license: fix for corrupted licensing packets
Since commit a228952 FreeRDP generates corrupt licensing packets if the rdp
security layer is used and the peer did not indicate that it is capable of
processing encrypted licensing packets:
That commit changed rdp->sec_flags after the rdp stream was already initialized
with encryption enabled which placed the PDU payload at an incorrect offset.

Instead of directly modifying the rdp->sec_flags this patch temporarily
disables rdp->do_crypt during rdp stream initialization if the client has not
advertised support for encrypted licensing packets.
2015-01-12 11:31:18 +01:00
Marc-André Moreau
d102e746c8 Merge branch 'awakecoding' of github.com:vworkspace/FreeRDP
Conflicts:
	libfreerdp/core/license.c
	libfreerdp/core/nego.c
	winpr/libwinpr/synch/wait.c
2014-09-19 14:38:25 -04:00
Mike McDonald
a228952a69 Modified server code to honor the negotiated setting for SEC_LICENSE_ENCRYPT_SC in the security exchange PDU (which controls the encryption of license PDUs from the server to the client). 2014-09-18 19:43:28 -04:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Armin Novak
6762d73ae1 Fixed winpr_HexDump calls. 2014-09-09 16:33:05 +02:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Hardening
9c18ae5bee Print function name when emiting an error 2014-05-21 17:27:36 +02:00