FreeRDP aborts if OpenSSL operates in FIPS mode and +fipsmode is not
manually specified. Let's prevent the abortion and enable the necessary
options in that case automatically.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.
Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.
Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.
Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.
Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.
Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
The listener server socket file needs to be deleted before we bind it
otherwise it's an "address already in use" error. But it was getting
deleted after the bind, causing the file to disappear, and preventing
anyone from connecting to the listener socket since the socket stops
existing.
This is caused by commit 884e87fde4
When unlinking the file before binding, a new entry is created
in the file system after binding. This is not desireable, so
unlink it after binding to remove the temporary file after the process
closes.
The size of OFFSCREEN_DELETE_LIST list allocation was incorrectly changed
by commit 99b1481 and consequently fixed incorrectly by commit 8a0fe086.
Let's count the allocation size based on new size and not based on current
size in order to prevent some memory issues.
https://github.com/FreeRDP/FreeRDP/issues/4117
If numWindowRects/numVisibilityRects is zero a realloc might either
return NULL or a free able memory. In the first case the introduced
regression caused a double free.
As 0 is a possible value that can be received in both cases rail was
broken.
Fixes#4022
Adds a callback that allows servers to compute NTLM hashes by themselves. The typical
use of this callback is to provide a function that gives precomputed hash values.
Sponsored by: Wheel Systems (http://www.wheelsystems.com)
Fix error define use. The callback is called from
ssl3_dispatch_alert or dtls1_dispatch_alert where the alert define
is left shifted by 8. Additionally ignore close notifcation. (#3814)
This callback is called when the client capabilities have been received. This callback
appears to be more useful than the Capabilities one that is called just before the server
sends its capabilities.
Dropped some warning that were caused by the DEBUG_CAPABILTIES define.
Also adjusted some lines that were quite ugly after the automatic truncation
to 80 characters.
[channels/tsmf/client/gstreamer/tsmf_X11.c:317] -> [channels/tsmf/client/gstreamer/tsmf_X11.c:322]: (warning) Either the condition '!decoder' is redundant or there is possible null pointer dereference: decoder.
[channels/tsmf/client/gstreamer/tsmf_X11.c:470] -> [channels/tsmf/client/gstreamer/tsmf_X11.c:475]: (warning) Either the condition '!decoder' is redundant or there is possible null pointer dereference: decoder.
[channels/tsmf/client/gstreamer/tsmf_X11.c:472] -> [channels/tsmf/client/gstreamer/tsmf_X11.c:475]: (warning) Either the condition '!decoder' is redundant or there is possible null pointer dereference: decoder.
[channels/tsmf/client/tsmf_media.c:179] -> [channels/tsmf/client/tsmf_media.c:181]: (warning) Either the condition '!stream' is redundant or there is possible null pointer dereference: stream.
[client/Windows/wf_cliprdr.c:2219] -> [client/Windows/wf_cliprdr.c:2222]: (warning) Either the condition '!formatDataResponse' is redundant or there is possible null pointer dereference: formatDataResponse
[client/Windows/wf_cliprdr.c:2445] -> [client/Windows/wf_cliprdr.c:2448]: (warning) Either the condition '!fileContentsResponse' is redundant or there is possible null pointer dereference: fileContentsResponse.
[client/X11/xf_cliprdr.c:911] -> [client/X11/xf_cliprdr.c:913]: (warning) Either the condition '!clipboard' is redundant or there is possible null pointer dereference: clipboard.
[client/X11/xf_graphics.c:504] -> [client/X11/xf_graphics.c:506]: (warning) Either the condition '!xfc' is redundant or there is possible null pointer dereference: xfc.
[libfreerdp/core/transport.c:861] -> [libfreerdp/core/transport.c:863]: (warning) Either the condition '!transport' is redundant or there is possible null pointer dereference: transport.
[server/shadow/shadow_server.c:777] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:778] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:779] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:781] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:782] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:783] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:784] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:785] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:787] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
[server/shadow/shadow_server.c:789] -> [server/shadow/shadow_server.c:791]: (warning) Either the condition '!server' is redundant or there is possible null pointer dereference: server.
FreeRDP calculates default request size in server mode based upon
the desktop resolution. In practice, however, I've found clients (namely
MS Lync 2013) which would show only a black screen when the value is
greater than 0x3EFFFF.
This change allows to override the default in such special cases by
assigning a different value to server->settings->MultifragMaxRequestSize
after the shadow server structure is initialized in shadow_server_new().
