mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,584 Commits 6 Branches 74 Tags 84 MiB
63ecb59681
Commit Graph

206 Commits

Author SHA1 Message Date
Hardening
a607b4553d Fix certificate leak 
There were a leak when doing TLS in server mode
 2014-06-03 14:59:58 +02:00
Hardening
4f1b77408a Fix NLA authentication for server-side 
This patch make copies of the server public key so that the NLA
authentication can be performed server-side.
 2014-06-03 11:04:35 +02:00
Marc-André Moreau
04968b18c4 libfreerdp-core: replace all OpenSSL built-in BIOs by new full duplex BIOs 2014-06-01 21:37:20 -04:00
Marc-André Moreau
b1416af362 libfreerdp-core: add locks to disable full duplex BIOs (currently unsafe) 2014-05-30 14:53:10 -04:00
Marc-André Moreau
d2ad5f698b libfreerdp-core: fix VerifyX509Certificate to make distinction between gateway and direct connection 2014-05-30 14:36:18 -04:00
Benoît LeBlanc
f57c694a3b tls_prepare: suppressed a warning on Mac 2014-05-28 21:33:30 -04:00
Marc-André Moreau
c0ec800bfd freerdp: fix incorrect copyright headers 2014-05-22 15:56:47 -04:00
Hardening
2b1a27b9b6 Add .gitignore files for test generated files 2014-05-21 22:18:38 +02:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking 
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
 2014-05-21 17:42:31 +02:00
Hardening
c0087832ad Merge pull request #1839 from hardening/base64 
Changes for base64
 2014-05-20 11:17:47 +02:00
Hardening
729c24cedb Adds some support for valgrind helpers 
This patch adds an option to compile freerdp in a valgrind compliant way.
The purpose is to ease memchecking when connecting with TLS. We mark bytes
retrieved from SSL_read() as plainly defined to prevent the undefined contamination.
With the patch and the option activated you get a single warning at connection
during the handshake, and nothing after.
 2014-05-12 18:01:29 +02:00
Hardening
9f1d0201ec Changes for base64 
This patch changes the prototype for decode_base64 so that the encode / decode
method are consistant (encode(BYTE *) => char* and decode(char*) => BYTE*).
It also does some improvements with unrolling loops so that end conditions are
tested only at the end.
The patch also adds some unitary tests.
Before the patch base64_decode() made valgrind complain about uninitialized
bits, after valgrind is happy and very quiet.
 2014-05-11 22:49:10 +02:00
Hardening
50f1f0df6f Add some const modifiers 
This allows these functions to be used with const buffers.
 2014-05-09 22:36:50 +02:00
Vic Lee
02595df976 tls: WSAGetLastError should be used on Windows to check system socket error. 2014-04-29 23:05:30 +08:00
Vic Lee
c8848fe4c8 tls: do not kill the connection for non-fatal openssl error codes. 2014-04-29 21:48:11 +08:00
Bernhard Miklautz
b817e92e5e cmake: mark required libraries for export 2014-04-23 10:16:02 +02:00
Marc-André Moreau
94f2a52196 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-04-14 14:17:37 -04:00
Hardening
1d1844aabd Treat OOM cases 2014-04-09 16:07:06 +02:00
Benoit LeBlanc
6f99f252d9 Fix windows compilation 2014-04-04 10:08:44 -04:00
Marc-André Moreau
feea87b42f libfreerdp-crypto: make distinction between TLS connection error and user cancellation 2014-04-01 16:23:27 -04:00
Hardening
ac7507ab8d Adds some check to treat OOM problems + RDP security fix 
Malloc can fail so it will, this patch adds some check in some places
where malloc/strdup results were not checked.

This patch also contains a server side fix for RDP security (credit to nfedera).
The signature len was badly set in the GCC packet. And some other RDP security
oriented fixes are also there.
 2014-03-25 23:13:08 +01:00
Marc-André Moreau
14b75d1b27 libfreerdp-core: fix build warnings and windows broken build 2014-03-25 15:19:52 -04:00
Benoît LeBlanc
3e1dfc6311 updated context error messages. utility macros for getting error code CLASS/TYPE 2014-03-21 13:45:43 -04:00
Benoît LeBlanc
d1b9565f51 Added context-specific error management. 
Added error codes to replace connectErrorCode.
 2014-03-20 18:19:54 -04:00
Benoît LeBlanc
557c082458 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 2014-03-05 16:35:22 -05:00
Marc-André Moreau
951368a1ce Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-02-27 13:58:29 -05:00
Christian Hofstaedtler
5a74bd7bdb Fix assertion abort when no CN is present in certificate 
Triggered by Windows Server 2012 Admin-Mode with MS-recommended AD CA
Certificate setup, which would cause the CN to be absent, and a single
subjectAltName to be present.
 2014-02-14 15:25:48 +01:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Benoît LeBlanc
44e7d2f36c error handling in rpc and transport functions 2013-12-20 17:56:59 -05:00
Marc-André Moreau
51ad85e0ee libfreerdp-core: send Access Denied TLS alert when server-side NLA fails 2013-12-18 19:44:18 -05:00
Marc-André Moreau
9d745cc038 Merge branch 'master' of github.com:mrthebunny/FreeRDP 2013-12-11 12:22:33 -05:00
Marc-André Moreau
62199fc46a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-12-10 11:54:03 -05:00
Benoît LeBlanc
8c1f836ac8 - SSL verification callback: send correct hostname and port 
- Gateway Authentication callback.
- Handling “use same credentials”
 2013-12-06 22:15:45 -05:00
Bernhard Miklautz
6763e059c3 tls: handle the case if endpoint has disconnected 2013-12-04 15:36:25 +01:00
Benoît LeBlanc
6a60f79e07 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 
# By Bernhard Miklautz (10) and others
# Via Marc-André Moreau (10) and Martin Fleisz (1)
* 'master' of git://github.com/awakecoding/FreeRDP: (32 commits)
  libfreerdp-crypto: add robustness checks for VerifyX509Certificate
  mfreerdp: fix possible crash on gdi termination
  channels/cliprdr: add callback for data request response
  channels/cliprdr: fix conflict with CLIPRDR_HEADER
  fix a gdi leak bug.
  channels/cliprdr: implement more of the callback interface
  channels/cliprdr: start implementing clean callback interface
  channels/rdpsnd: initial attempt at adding GSM610 support
  winpr-thread: fixed bugs in _CreateProcessExA
  ffmpeg-2 -- CodecID
  ffmpeg-2 -- dsp_mask
  ffmpeg-2 -- AVCODEC_MAX_AUDIO_FRAME_SIZE
  check return value.
  reformat coding styles.
  fix name length to copy.
  fix memory realloc size error.
  libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error
  channels/rdpsnd: add wlog debug output
  android toolchain: support for ndk r9b
  android toolchain: fixed cmake syntax warning
  ...
 2013-11-25 14:40:01 -05:00
Benoît LeBlanc
56c517170f Added hostname and port to callback function for SSL certification verification. 2013-11-25 14:30:43 -05:00
Marc-André Moreau
4987f2b0e1 libfreerdp-crypto: add robustness checks for VerifyX509Certificate 2013-11-25 12:08:58 -05:00
Marc-André Moreau
690a6b624d libfreerdp-crypto: don't report SSL_ERROR_SYSCALL with errno value 0 as error 2013-11-20 15:21:29 -05:00
Marc-André Moreau
b0369cf284 libfreerdp-core: add external certificate management, pass X509 PEM certificate through client callback 2013-11-18 13:54:33 -05:00
Armin Novak
6f43252c9a Fixed argument check in <tls_disconnect> 2013-11-14 10:09:40 +01:00
Marc-André Moreau
1fc2d780f7 libfreerdp-core: fix memory leaks reported by valgrind 2013-10-31 23:35:24 -04:00
Marc-André Moreau
55565e056c freerdp: export targets 2013-10-28 23:06:39 -04:00
Marc-André Moreau
8c4b1361d1 libfreerdp-core: merge with TSG TLS update 2013-10-28 20:20:18 -04:00
Dan Bungert
66ecabb647 Final cleanups - merge ready. 2013-10-28 16:59:02 -06:00
Dan Bungert
f02daaa2d5 More cleanups - remove LWD and all references. 2013-10-28 15:46:28 -06:00
Dan Bungert
cefcac3414 more debug 2013-10-25 15:29:46 -06:00
Dan Bungert
f13c8a0be7 Logging 2013-10-25 10:43:21 -06:00
Marc-André Moreau
b5dd670e73 libfreerdp-core: extend OpenSSL TSG BIO 2013-10-24 12:56:43 -06:00
Marc-André Moreau
bd6760bd13 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-24 12:56:43 -06:00
Marc-André Moreau
d30f66b1b7 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-10-23 14:18:40 -04:00
Benoît LeBlanc
5bfca61261 setting pointers to NULL after freeing memory to avoid crashes. 
gitignore: only top-level "external" folder is ignored.
 2013-10-22 17:05:41 -04:00
Daryl Poe
076b8a84c2 commandline session reconnect 2013-10-22 09:14:29 -06:00
Benoît LeBlanc
801c1fe1d6 - Fixed crash in tls_read (unchecked null pointer) 
- also check for empty string on username and password to launch authentication callback
 2013-10-18 16:23:29 -04:00
Marc-André Moreau
3fe3cdf876 libfreerdp-core: extend OpenSSL TSG BIO 2013-10-11 15:27:22 -04:00
Marc-André Moreau
08eadc2ee3 libfreerdp-core: start implement TSG OpenSSL BIO 2013-10-11 06:12:50 -04:00
Marc-André Moreau
c058095251 libfreerdp-core: cleanup TS Gateway code 2013-10-11 05:07:33 -04:00
Armin Novak
ddab90ece4 Fixed alt_names free, now using cleanup function to wrap details. 2013-09-05 12:14:35 +02:00
Armin Novak
e5c138a5b9 Fixed various memory leaks, allocation size issues and API misuse 
warnings shown by clang as well as some compiler warnings.
 2013-09-05 12:14:34 +02:00
Armin Novak
a3b531c036 Fixed issues found with clang-analyzer 2013-09-05 12:14:33 +02:00
Armin Novak
1e2455fa4a Fixed various memory leaks and compiler warnings. 2013-09-05 12:14:33 +02:00
Armin Novak
e9be3e9500 Fixed coverity issue 1047607 2013-09-05 12:14:32 +02:00
Armin Novak
c7abfb8fa1 Fixed coverity issue 1047608 2013-09-05 12:14:32 +02:00
Armin Novak
0575197960 Fixed coverity issue 1047609 2013-09-05 12:14:32 +02:00
Daryl Poe
f71f179c28 fix per-device CAL licensing 
(cherry picked from commit d6d0d81d08)
 2013-08-26 09:37:48 +02:00
Marc-André Moreau
5f4f3af98a Merge branch 'master' of github.com:FreeRDP/FreeRDP 2013-07-04 20:33:00 -04:00
Marc-André Moreau
bc631c93a8 freerdp: separate GatewayUsageMethod from GatewayEnabled 2013-07-03 15:07:12 -04:00
Bernhard Miklautz
87e9a24b1e tls: updated certificate mismatch message 
Added information to the message if the name found is an CN or an
alternative name. Also print a message if no CN was not found instead
of (null).
 2013-07-01 19:21:57 +02:00
Marc-André Moreau
863b51f938 freerdp: merge with master 2013-06-28 12:50:24 -04:00
Chris
44f6f16953 Fixed a possible buffer overflow issue 2013-06-17 21:49:29 +02:00
Chris
cd548da226 Using the more efficient code for comparing host names 2013-06-17 21:26:35 +02:00
Chris
13466349bc 1) Add support for Wildcard Certificates 
2) For Gateway connections compare against gateway host name instead of target host
 2013-06-17 21:19:01 +02:00
Marc-André Moreau
e405fe2692 libfreerdp-crypto: create server directory for certificates 2013-06-06 16:45:19 -04:00
Marc-André Moreau
2bd6808432 freerdp: merge with master 2013-06-05 10:31:01 -04:00
Marc-André Moreau
6e0cbdddb1 Merge pull request #1261 from simon-engledew/master 
Ber Encoding Issue
 2013-06-03 16:41:29 -07:00
Hardening
f37cd53769 Fixed a memory leak with alternative names 2013-06-01 22:37:49 +02:00
Marc-André Moreau
2a08093e60 libfreerdp-crypto: fix openssl null pointer dereferencing in tls_accept 2013-05-30 19:44:58 -04:00
Simon Engledew
bceec08367 Finished merging missing changes from pull request #1257 (https://github.com/FreeRDP/FreeRDP/pull/1257 - commit 0dc22d5). Correctly report the length of ts_password_creds. 2013-05-22 14:29:33 +01:00
Marc-André Moreau
ac86310993 Merge pull request #1257 from simon-engledew/master 
Ber Encoding Issue
 2013-05-22 05:06:52 -07:00
Simon Engledew
0dc22d5a30 Fixed a range of BER boundary encoding bugs which would occur when any NLA packet hit the 127 character mark. Removed ber#get_content_length as it was not behaving deterministically. 2013-05-21 16:06:00 +01:00
Bernhard Miklautz
9e59fc905d client: print detected path to known_host file 
Use detected path instead of hard coded for error messages
 2013-05-21 15:48:27 +02:00
Marc-André Moreau
3c2687b7d6 libfreerdp-crypto: handle EAGAIN with TLS 2013-05-15 20:19:26 -04:00
Marc-André Moreau
367ebf32a3 freerdp: make use of stream macros to access members 2013-05-15 12:14:26 -04:00
Marc-André Moreau
fdf3ddcf9e freerdp: purge deprecated stream utils 2013-05-08 17:48:30 -04:00
Marc-André Moreau
5b92413843 freerdp: purge deprecated stream utils 2013-05-08 16:09:16 -04:00
Marc-André Moreau
51715636a5 freerdp: remove some deprecated stream utils 2013-04-29 22:35:15 -04:00
Marc-André Moreau
70dea34a90 Merge github.com:FreeRDP/FreeRDP 2013-04-29 13:59:24 -04:00
Marc-André Moreau
fae24b1ef9 xfreerdp-server: auto-generate self-signed certificate 2013-04-23 18:17:01 -04:00
Martin Fleisz
ce4e02ae48 iOS: Fixed possible crash on disconnect 2013-04-17 13:09:53 +02:00
Jason Mealins
e7b863d3f0 libfreerdp-crypto: add missing link libraries 2013-03-28 16:01:41 -07:00
Hardening
7701c9d934 Replace printf(...) by fprintf(stderr, ...) 2013-03-28 23:06:34 +01:00
Marc-André Moreau
e4e0b05784 libfreerdp-crypto: fix local directory creation 2013-03-27 20:10:18 -04:00
Marc-André Moreau
068f0de4d4 libfreerdp-utils: purge old file utils 2013-03-22 15:52:43 -04:00
Marc-André Moreau
edf6e7258d libwinpr-path: add path detection functions 2013-03-22 00:42:09 -04:00
Marc-André Moreau
8c8a82c31f libfreerdp-utils: purge old STREAM utils 2013-03-21 16:45:25 -04:00
Marc-André Moreau
a8201b0d1b libwinpr-utils: combine old and new stream utils 2013-03-21 15:19:33 -04:00
Marc-André Moreau
62eec0c2b5 libfreerdp-utils: rename internal members of STREAM to match new wStream 2013-03-21 15:01:46 -04:00
hardening
132d736cd9 Fixed skip_length() methods 2013-02-27 00:01:03 +01:00
Alexander Gottwald
026e9996d3 Issue #847: protocol deadlock in NLA 
fix ber_get_content_length and der_get_content_length to work for values
around 0x80 and 0x100
Fix nego_token, auth_info and pub_key_auth content length calculation in
credssp_send to fix a lockup in NLA protocol.
 2013-02-26 21:32:36 +01:00
Marc-André Moreau
edc2b1de9e xfreerdp-server: fix encoding 2013-02-17 11:03:35 -05:00
Marc-André Moreau
4269ac5c14 xfreerdp: improve asynchronicity 2013-02-09 17:13:53 -05:00