Bernhard Miklautz
5ab2bed874
new: update ChangeLog and set version to 2.0.0
2020-04-09 18:00:51 +02:00
akallabeth
de7ea07a3d
Fixed URBDRC parsing error reported in #6024 .
2020-04-09 18:00:51 +02:00
akallabeth
a9daba0190
Check for int overflow in gdi_InvalidateRegion
2020-04-09 18:00:51 +02:00
akallabeth
6c0aeb10d2
Allow icon info with empty bitmap data.
2020-04-09 18:00:51 +02:00
akallabeth
232c7f4783
Abort order read on invalid element count.
2020-04-09 18:00:51 +02:00
akallabeth
acc6023643
Fixed possible NULL access.
2020-04-09 18:00:51 +02:00
akallabeth
a3996af062
Refactored gdi region
...
* Added a unit test
* Fixed const correctness of function arguments
* Added return values for all functions
2020-04-09 18:00:51 +02:00
akallabeth
b677b5db25
Proper error return from gdi_rect_str and gdi_regn_str
2020-04-09 18:00:51 +02:00
akallabeth
97efff4e90
Refactored order stream manipulation
...
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
2020-04-09 18:00:51 +02:00
akallabeth
17f547ae11
Fixed CVE-2020-11521: Out of bounds write in planar codec.
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
907640a924
Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45.
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
7b1d4b4939
Fix CVE-2020-11524: out of bounds access in interleaved
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
e075f348d2
Added debug logging and claping to all region functions
2020-04-09 18:00:51 +02:00
akallabeth
ce21b9d7ec
Fix CVE-2020-11523: clamp invalid rectangles to size 0
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
192856cb59
Fixed #6012 : CVE-2020-11526: Out of bounds read in update_recv_orders
...
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
0b6b92a25a
Fixed CVE-2020-11525: Out of bounds read in bitmap_cache_new
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
Martin Fleisz
b52cc2cd48
Merge pull request #6034 from akallabeth/addrinfo
...
Fix #6033 : freeaddrinfo must not be called with NULL arguments.
2020-04-09 14:37:39 +02:00
akallabeth
e6d10041c1
Fix #6033 : freeaddrinfo must not be called with NULL arguments.
2020-04-09 14:26:46 +02:00
akallabeth
56deba7562
Enforce coding style.
2020-04-09 13:49:10 +02:00
Julian Albrecht
7824f0cee9
Moves variable declaration to beginning of scope
2020-04-09 13:49:10 +02:00
Julian Christian Albrecht
3029e3b2cf
Check return value if already a listener is registered
2020-04-09 13:49:10 +02:00
Alex Wilson
c6e675bfb7
Always copy null terminator when filtering smartcard list
2020-04-09 10:44:25 +02:00
akallabeth
d7795c892b
Allow old openssl name in android client.
2020-04-09 10:03:20 +02:00
akallabeth
f56292afa4
Fixed cmake formatting
2020-04-09 10:03:20 +02:00
akallabeth
fd9b5463a0
Use cmake from NDK
2020-04-09 10:03:20 +02:00
akallabeth
1c77db0a94
Used default openssl library names.
2020-04-09 10:03:20 +02:00
akallabeth
f2d5cf2b41
Updated android build scripts for ci.
2020-04-09 10:03:20 +02:00
Norbert Federa
c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes
...
Fix issues with boundary access.
2020-04-06 13:53:28 +02:00
akallabeth
6f00add067
Export remaining packet length from rdp_read_share_control_header
2020-04-06 13:18:35 +02:00
akallabeth
0ad894adbc
Fixed substream read in rdp_recv_tpkt_pdu
2020-04-06 11:58:48 +02:00
akallabeth
0533c05be3
Fixed rdp_recv_tpkt_pdu parsing, use substream.
2020-04-06 11:22:18 +02:00
akallabeth
df55f40ecf
Fixed incorrect parser error message.
2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf
Better error message for partial parsed capability
2020-04-03 15:10:49 +02:00
Norbert Federa
e3b3b52f6a
server: fix surface command types
...
- Legacy RemoteFX is encapsulated in a "Stream Surface Bits Command" (CMDTYPE_STREAM_SURFACE_BITS)
- NSCodec is encapsulated in a "Set Surface Bits Command" (CMDTYPE_SET_SURFACE_BITS)
References:
- MS-RDPRFX 3.1.8.3.1 RemoteFX Stream / Encode Message Sequencing
- MS-RDPNSC 2.2.2 NSCodec Compressed Bitmap Stream
2020-04-03 14:35:58 +02:00
Norbert Federa
d65de64676
Merge pull request #5982 from akallabeth/surface_stream_set_bits
...
Fix sending/receiving surface bits command.
2020-04-03 12:41:29 +02:00
akallabeth
cba63b6d43
Added fallback to CMDTYPE_STREAM_SURFACE_BITS
...
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
2020-04-03 12:18:59 +02:00
akallabeth
88ad9ca56b
Fix sending/receiving surface bits command.
...
* Pass on proper command type to application
* On send let the server implementation decide to send
2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
2020-04-03 12:00:53 +02:00
akallabeth
2a379bfe09
Fixed invalid seek size in patrial pdu parse case
2020-04-02 17:41:49 +02:00
akallabeth
21320d973c
Use safe seek for capability parsing
...
thanks to @hardening for pointing that one out.
2020-04-02 17:39:51 +02:00
akallabeth
ddfd0cdccf
Use substreams to parse gcc_read_server_data_blocks
2020-04-02 17:39:43 +02:00
akallabeth
6b2bc41935
Fix #6010 : Check length in read_icon_info
2020-04-02 17:34:02 +02:00
akallabeth
67c2aa52b2
Fixed #6013 : Check new length is > 0
2020-04-02 17:33:54 +02:00
akallabeth
3627aaf7d2
Fixed #6011 : Bounds check in rdp_read_font_capability_set
2020-04-02 17:28:17 +02:00
akallabeth
f8890a645c
Fixed #6005 : Bounds checks in update_read_bitmap_data
2020-04-02 17:28:10 +02:00
akallabeth
ed53cd148f
Fixed #6006 : bounds checks in update_read_synchronize
2020-04-02 17:28:04 +02:00
akallabeth
f5e73cc7c9
Fixed #6009 : Bounds checks in autodetect_recv_bandwidth_measure_results
2020-04-02 17:27:59 +02:00
akallabeth
9301bfe730
Fixed #6007 : Boundary checks in rdp_read_flow_control_pdu
2020-04-02 17:27:53 +02:00
akallabeth
58dc36b3c8
Fixed possible NULL dereference
2020-04-02 17:27:10 +02:00
Martin Fleisz
9223eea61e
Merge pull request #5974 from akallabeth/cmd_avc420_fix
...
Cmd avc420 fix
2020-04-02 08:41:47 +02:00
Martin Fleisz
99786970a3
Merge pull request #5884 from akallabeth/smartcard_ndr_strict
...
Smartcard tighter input validation
2020-03-31 08:34:04 +02:00