If the server sends us garbage (or the client provides it) then it is
possible for the multiplication to overflow (as it is performed on
unsigned 32-bit values) which will result in a false positive failure of
the sanity check. Avoid it by rearranging arithmetics a little.
Keep the multiplication in the error message because we are interested
in the number of bytes in the stream and how it compares to the number
we have expected based on the presumed file count.
The file contents PDUs support 64-bit file sizes and offsets, but
MS-RDPECLIP explicitly says in 2.2.5.3 File Contents Request PDU that
file larger that 4 gigabytes are not supported by the server. It turns
out that the supported size is even lower than that. The server cannot
correctly handle files larger than 2 gigabytes (inclusive). When faced
with such files it correctly retireves the lower part, but fails to
accept any data past that boundary. After receiving a file range reply
the server repeats the file range request with the same offset, and
again, and again, and again, making no progress and blocking the file
transfer indefinitely. This is not the behavior we would like to have.
Microsoft support site acknowledges and documents the issue [1],
suggesting the users to use disk drive redirection instead to transfer
large files. (File transfers via cliprdr are considerably slower than
disk drive redirection so the suggestion makes very much sense.)
However, we would like to avoid the lockdown of the remote session if
the user does attempt to transfer such files so we add a size check.
Putting it into the conversion from FILEDESCRIPTOR to CLIPRDR_FILELIST
is not an ideal place (the clients may not use the common utilities),
but that's good enough currently.
[1]: https://support.microsoft.com/en-us/help/2258090
Do not try to 'helpfully' fixup the length of the data provided by the
client when FILECONTENTS_SIZE is present. This can lead to a crash if
the client wants to report an error in msgFlags, sets cbRequested to
zero, and does not provide any data in requestedData. For example,
XFreeRDP does this in xf_cliprdr_send_file_contents_failure() and
xf_cliprdr_clipboard_file_size_failure().
clipDataId is an optional field of CLIPRDR_FILECONTENTS_REQUEST.
The client should not send it to the server without sending a prior
CLIPRDR_LOCK_CLIPDATA request. The reverse is true as well: the
server should not include these additional 4 bytes without locking
the file in question.
The value zero is a valid ID, it cannot be used as a sentinel value.
Introduce a separate flag to tell whether the clipDataId has been set
and can be relied upon.
Also fix formatting. These stupid line breaks have negative impact on
readability, and the lines do fit into the 100 column limit either way.
The format is described in MS-RDPECLIP 2.2.5.2.3 Packed File List
(CLIPRDR_FILELIST). These functions handle conversion between the
on-the-wire data from cliprdr and arrays of FILEDESCRIPTOR structs.
FILETIME handling is a bit wacky, but that's what we currently have.
channels/cliprdr/client/cliprdr_main.c:121:13: warning: ‘cliprdr_print_general_capability_flags’ defined but not used [-Wunused-function]
static void cliprdr_print_general_capability_flags(UINT32 flags)
^
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
Global static variables do not work, if more than one instance
of an RDP client is running in the same process space.
Removed the varaibles where possible and replaced them with
thread local storage where necessary.
- Added missing ConvertFromUnicode checks
- If ConvertToUnicode allocates memory, guarantee the null termination
similar to ConvertFromUnicode's implementation
- Fixed some TestUnicodeConversion.c CTest return values
- Added some CTests for ConvertFromUnicode and ConvertToUnicode
- Misc code and protocol hardening fixes in the surrounding code regions
that have been touched
With this commit the "exported" components (usable with pkg-config and
cmake find module package)
* winpr - winpr library and headers
* freerdp - core library and headers
* freerdp-client - client specific library
* freerdp-server - server specific library
* rdtk - rdtk headers and library
To allow the installation of multiple different version (different major
number) the include files were moved into the respective sub folder:
freerdp -> freerdp{MAJOR}/freerdp (currently freerdp2/freerdp/)
winpr -> winpr{MAJOR}/winpr (currently winrp1/winpr/)
rdtk -> rdpk{MAJOR}/rdtk (currently rdtk0/rdtk/
The generated pkg-config and cmake find modules now also include the major
version number. Currently the following pkg-config are generated and
installed.
* winpr1
* freerdp2
* freerdp-server2
* freerdp-client2
* rdtk0
As cmake is able to handle multiple versions out of the box the
following can be used to find a specific module:
find_package(WinPR)
find_package(FreeRDP)
find_package(FreeRDP-Server)
find_package(FreeRDP-Client)
find_package(RdTk)
As cmake doesn't automatically resolve dependencies for packages it is
necessary to manually include the requirements. For example if
FreeRDP-Client is required WinPR and FreeRDP need to be included
(find_package) as well.
This commit also fixes the installation when STATIC_CHANNELS are built.
WITH STATIC_CHANNELS all channels are linked into libfreerdp-client, for
this all channels are generated as linker archive and linked together in
the final step. Before the intermediate linker archives were, although
not required and useful, installed. Same applies for server side
channels.
The rdpContext gets an event which will
get set if an error occoured in a channel.
If a thread or a void callback has to report an
error it will get signaled by this system.
Change the return type of Stream_Ensure*Capacity from void to BOOL to be
able to detect realloc problems easily. Otherwise the only way to detect
this was to check if the capacity after the call was >= the required
size.
In case Stream_Ensure*Capacity fails the old memory is still available
and need to freed outside.
This commit also adds checks to most calls of Stream_Ensure*Capacity to
check if the call was successful.