Commit Graph

14398 Commits

Author SHA1 Message Date
akallabeth
733ee32083 Fixed invalid access in update_recv_primary_order
CVE-2020-11095 thanks @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
akallabeth
c3a1ed780c Use localtime_s on windows 2020-06-22 11:51:38 +02:00
akallabeth
a45afe9db7 Replaced gmtime with gmtime_r 2020-06-22 11:51:38 +02:00
akallabeth
1a02af5a12 Fixed codition with side effects 2020-06-22 11:51:38 +02:00
akallabeth
3ac7bb5d6a Fixed pcap cleanup 2020-06-22 11:51:38 +02:00
akallabeth
6d86e20e1e Fixed double free 2020-06-22 11:51:38 +02:00
akallabeth
36478d3d0b Replaced getlogin with getlogin_r 2020-06-22 11:51:38 +02:00
akallabeth
240fdd07b1 Replaced localtime with localtime_r 2020-06-22 11:51:38 +02:00
akallabeth
057b6df4ae Fixed memory leaks in ntlm 2020-06-22 11:51:38 +02:00
akallabeth
c0fd449ec0 Fixed Out-of-bound read in glyph_cache_put
CVE-2020-11098 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
akallabeth
6ade7b4cbf Fixed OOB Read in license_read_new_or_upgrade_license_packet
CVE-2020-11099 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
Martin Fleisz
152bf0cda4
Merge pull request #6284 from akallabeth/wayland
Lock wayland buffer updates
2020-06-19 11:44:28 +02:00
Armin Novak
8e45a2dd50 Respect SECBUFFER_READONLY flag in NTLM EncryptMessage 2020-06-19 11:31:13 +02:00
Armin Novak
0d80353bf3 Added missing SECBUFFER_READONLY flag in rpc_client_write_call 2020-06-19 11:31:13 +02:00
Armin Novak
ff79636d33 TSG improvements
* Respect connection timeout during connect
* Better debug output
* Cleaned up data types,
2020-06-19 11:31:13 +02:00
akallabeth
c902f583d0 Fixed missing lock during buffer submit. 2020-06-18 08:42:24 +02:00
Bernhard Miklautz
529e30c273 Revert "winpr/library: Use RTLD_GLOBAL for dlopen"
Using RTLD_GLOBAL in LoadLibraryA introduces a different behavior than
expected.

This reverts commit d566e00258.
2020-06-17 12:59:41 +02:00
Bernhard Miklautz
1628939227 fix [client channels]: move exported API calls to client/common
The functions mappedGeometryRef and mappedGeometryUnref are API
functions ([1]) but were implemented in the geometry channel.
In case FreeRDP was built with BUILTIN_CHANNELS=OFF those functions
weren't available globally but used by the video channel.

Now the functions are fixed part of the freerdp-client library and
therefore available for all channels.

[1] exported in freerdp/client/geometry.h

Fixes #6236
2020-06-17 12:59:41 +02:00
Bernhard Miklautz
a0835d2468
Merge pull request #6286 from akallabeth/shadow_pam_compile
Fixed compilation issue with shadow pam code
2020-06-16 16:06:25 +02:00
akallabeth
1bc48b058f Fixed double free for uwac buffers 2020-06-16 14:26:38 +02:00
akallabeth
e1e0f965e8 Fixed compilation issue with shadow pam code 2020-06-16 14:02:49 +02:00
Martin Fleisz
67369dad55
Merge pull request #6237 from akallabeth/shadow_surface_lock
Fixed surface locking for shadow server.
2020-06-16 11:28:12 +02:00
Martin Fleisz
6f2abf70e9
Merge pull request #6260 from makiuchi-d/fix-unmap-buttons-option
xfreerdp: Fix +unmap-buttons option having the opposite effect
2020-06-16 11:18:33 +02:00
akallabeth
a38d6c53a6 Fixed surface locking for shadow server. 2020-06-16 11:18:17 +02:00
Martin Fleisz
5a09e12ec5
Merge pull request #6239 from akallabeth/shadow_auth_log
Improve X11 shadow authentication reason failure log
2020-06-16 11:17:57 +02:00
Martin Fleisz
982bc682b5
Merge pull request #6256 from akallabeth/usb_cancel_fix
Do not remove transfer data on usb cancel transfer
2020-06-16 11:05:24 +02:00
akallabeth
7361f75d11 Lock wayland buffer updates 2020-06-15 15:49:21 +02:00
Martin Fleisz
cf7b9ca055 Fix usage of DsMakeSpn with IP address hostnames 2020-06-15 15:38:54 +02:00
Patrick Chin
8515846317 MessageQueue write time to current message not the next 2020-06-09 08:51:53 +02:00
akallabeth
733026dada Fixed #6267: adjust write_pixel_16 endian handling 2020-06-08 15:10:24 +02:00
Kyle Evans
1b5e234135 uwac: don't try to use O_TMPFILE on FreeBSD
Currently, this sets an invalid open flag and attempts to open(), which
will fail.  Instead of doing that, don't try to define O_TMPFILE where
such a definition can't exist and force the fallback rather than making
an always-fail open() call.
2020-06-08 08:17:25 +02:00
Kubistika
0cf764f170 server: proxy: cap plugin: fix var and func declaration 2020-06-05 09:22:26 +02:00
Kobi Mizrachi
19809bf338 server: proxy: implement session capture plugin 2020-06-05 09:22:26 +02:00
Kobi Mizrachi
920acd4c0e winpr: image: add API to construct bmp header 2020-06-05 09:22:26 +02:00
Kobi Mizrachi
44c50ff1d5 server: proxy: remove old session capture code 2020-06-05 09:22:26 +02:00
Kobi
67d4560e86
Merge pull request #6259 from kubistika/drdynvc_hotfix
drdynvc: client: fix #6252 use-after-free
2020-06-04 21:29:19 +03:00
makki_d
4607a2766a fix +unmap-buttons option having the opposite effect 2020-06-04 18:22:55 +09:00
akallabeth
5c0ccb7575 Fixed formatting. 2020-06-04 07:55:12 +02:00
Ondrej Holy
c03f68059d smartcard: Teoretical fix of uninitialized values
This tries to fixes the following defects reported by covscan tool:
 - channels/smartcard/client/smartcard_operations.c:958: uninit_use_in_call: Using uninitialized value "ret.cReaders" when calling "smartcard_pack_locate_cards_return".
 - channels/smartcard/client/smartcard_operations.c:932: uninit_use_in_call: Using uninitialized value "ret.cReaders" when calling "smartcard_pack_locate_cards_return".

But I am not sure about it...
2020-06-04 07:55:12 +02:00
Ondrej Holy
7554154a04 smartcard: Fix usage of uninitialized values
This fixes the following defect reported by covscan tool:
 - channels/smartcard/client/smartcard_pack.c:942: uninit_use_in_call: Using uninitialized value "tmp" when calling "ConvertFromUnicode".
 - channels/smartcard/client/smartcard_pack.c:894: uninit_use_in_call: Using uninitialized value "tmp" when calling "ConvertFromUnicode".
 - channels/smartcard/client/smartcard_pack.c:475: uninit_use_in_call: Using uninitialized value "tmp" when calling "ConvertFromUnicode".
2020-06-04 07:55:12 +02:00
Ondrej Holy
ac114d45c7 wlfreerdp: Fix array overrun
This fixes the following defects reported by covscan tool:
 - client/Wayland/wlf_input.c:251: overrun-local: Overrunning array "contacts" of 10 32-byte elements at element index 10 (byte offset 351) using index "i" (which evaluates to 10).
 - client/Wayland/wlf_input.c:308: overrun-local: Overrunning array "contacts" of 10 32-byte elements at element index 10 (byte offset 351) using index "i" (which evaluates to 10).
 - client/Wayland/wlf_input.c:360: overrun-local: Overrunning array "contacts" of 10 32-byte elements at element index 10 (byte offset 351) using index "i" (which evaluates to 10).
 - client/Wayland/wlf_input.c:251: error[arrayIndexOutOfBounds]: Array 'contacts[10]' accessed at index 10, which is out of bounds.
 - client/Wayland/wlf_input.c:308: error[arrayIndexOutOfBounds]: Array 'contacts[10]' accessed at index 10, which is out of bounds.
 - client/Wayland/wlf_input.c:360: error[arrayIndexOutOfBounds]: Array 'contacts[10]' accessed at index 10, which is out of bounds.
 - client/Wayland/wlf_input.c:246: uninit_use_in_call: Using uninitialized value "y" when calling "wlf_scale_coordinates".
 - client/Wayland/wlf_input.c:246: uninit_use_in_call: Using uninitialized value "x" when calling "wlf_scale_coordinates".

The maximal number of touches can be higher then 10, see:
https://wayland.freedesktop.org/libinput/doc/latest/touchpads.html

Let's increse the MAX_CONTACTS count and add checks to prevent usage of
uninitialized values.
2020-06-04 07:55:12 +02:00
Ondrej Holy
230d83b319 gdi: Fix missing unlock
This fixes the following defect reported by covscan tool:
libfreerdp/gdi/gfx.c:144: missing_unlock: Returning without unlocking "update->mux".
2020-06-04 07:55:12 +02:00
Kubistika
6ed765c960 drdynvc: client: fix #6252 use-after-free 2020-06-03 19:47:40 +03:00
Armin Novak
5ec66cc6c7 Fixed sign compare warnings with constants. 2020-06-03 09:53:18 +02:00
Armin Novak
ef4de12887 Fixed double free in urb_isoch_transfer_cb 2020-06-03 08:37:45 +02:00
Armin Novak
a5e2d62e48 Do not remove transfer data on usb cancel transfer 2020-06-03 08:24:17 +02:00
MartinHaimberger
1fa625ee6e
Merge pull request #6226 from akallabeth/release_zip
Added release zip creation to script.
2020-06-02 13:37:04 +02:00
Armin Novak
44cf91be37 Fixed #6245: Added additional tests to assistance parser 2020-06-02 13:36:03 +02:00
akallabeth
6490106600 Lock remaining occurances of security_encrypt/security_decrypt variables 2020-06-02 13:31:17 +02:00
akallabeth
a381dd1a27 Lock security_decrypt to avoid simultaneous counter manipulation 2020-06-02 13:31:17 +02:00