Commit Graph

187 Commits

Author SHA1 Message Date
akallabeth
07a5a6ef6d Added a check in DesktopResize for protocol violations 2022-06-23 14:19:50 +02:00
akallabeth
6fd71fe737 Eliminate Dead nested assignment warnings 2022-04-28 12:37:19 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796)
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
2022-04-19 14:29:17 +02:00
akallabeth
14568872a9
Instance cleanup (#7738)
* Cleaned up freerdp::autodetect

* Deprecate freerdp::input

* Deprecated freerdp::update

* Deprecated freerdp::settings

* Deprecated freerdp::autodetect

* Removed rdpTransport::settings

* Deprecated freerdp_per::update|settings|autodetect

* Fixed mac client and server compilation

* Fixed windows compilation

* Added deprecation warnings

* Fixed initialization of structs.

* Fixed android build

* Fixed freerdp_client_context_new const correctness

* Fixed checks for android implementation

Replaced checks with assertions where appropriate

* Fixed checks for windows client

Replaced checks with assertions where appropriate

* Fixed proxy client pointer dereference
2022-03-23 13:18:35 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
dance
122268aec1 code cleanup: don't allocate excessive memory in update_read_bitmap_update
removed no more actually used count property of BITMAP_UPDATE struct,
fixed allocating twice as memory for its rectangles - as of refactoring
at e5767f07 BITMAP_UPDATE struct is reused no more
2022-01-27 10:52:02 +01:00
Armin Novak
1fedd36f65 Fixed proxy compilation issues after rdpUpdate refactoring 2022-01-18 11:24:23 +01:00
Armin Novak
0b3d5351e1 Removed internal members of rdpSecondaryUpdate from API header 2022-01-18 11:24:23 +01:00
Armin Novak
504336f796 Removed internal members of rdpPrimaryUpdate from API header 2022-01-18 11:24:23 +01:00
Armin Novak
3006c973c4 Removed internal members of rdpAltSecUpdate from API header 2022-01-18 11:24:23 +01:00
Armin Novak
d210ac5e33 Removed internal members of rdpUpdate from API header 2022-01-18 11:24:23 +01:00
Steve Pronovost
49d9e61884 Fix protocol violation when uploading large ICON
When uploading large ICON (96x96), we end up growing the stream
mid-update. Stream_EnsureCapacity end up reallocating the stream
with a larger capacity to accomodate the large ICON size, but in
doing so, also updating the sealed length for the data currently in
the stream. This breaks the assumption between update_begin_paint
and update_end_paint where the sealed lenght is used to keep track
of the location where we need to update the orders counts after
we're done accumulating update. As a result of the growth and lost
of that location, the number of orders is written to the wrong
location and the resulting stream is invalid which result in a
protocol violation and a connection drop.

The current fix uses a new offsetOrder in the update object to
keep track of where update_end_paint needs to write the number
of orders contained. I think a better fix would be for
Stream_EnsureCapacity to preserve the sealead length of the
stream on growth, but this has a much more significant impact and
careful analysis needs to be done to ensure this doesn't violate
other assumption. Need to follow up with FreeRDP developer to get
their take on this one.
2021-10-21 13:11:21 +02:00
akallabeth
217e0caa18
Bitmap update fix (#7349)
* Added checks for bitmap width and heigth values

Data received from the server might have invalid values for bitmap
with or height. Abort parsing if such a value is found.
Reported by Sunglin from the Knownsec 404 team & 0103 sec team

* Added checks for glyph width & height
2021-10-12 12:26:22 +02:00
akallabeth
51268bbcba
Lock updates during gdi_resize (#7330) 2021-10-07 10:25:09 +02:00
akallabeth
7b7e2d6f32 Prefer constant division over multiplication for length checks 2021-09-21 08:55:22 +02:00
akallabeth
733ee32083 Fixed invalid access in update_recv_primary_order
CVE-2020-11095 thanks @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
akallabeth
0332cad015 Fixed oob read in update_recv
properly use update_type_to_string to print update type.
Thanks to hac425 CVE-2020-11019
2020-05-06 13:31:57 +02:00
akallabeth
cb4d90fc0a Fixed #6101: POINTER_LARGE_UPDATE serialization
The length check and field sizes in _update_read_pointer_large
were off, corrected according to [MS-RDPBCGR] 2.2.9.1.2.1.11
Fast-Path Large Pointer Update (TS_FP_LARGEPOINTERATTRIBUTE)
2020-04-22 14:21:47 +02:00
akallabeth
a75280300a Fixed [MS-RDPBCGR] 2.2.9.1.1.4.4 Color Pointer Update
The pointer size is limited to 32 pixel in width and height
unless LARGE_POINTER_FLAG_96x96 is set which increases the size
to 96 pixel.
2020-04-22 11:10:56 +02:00
akallabeth
f8890a645c Fixed #6005: Bounds checks in update_read_bitmap_data 2020-04-02 17:28:10 +02:00
akallabeth
ed53cd148f Fixed #6006: bounds checks in update_read_synchronize 2020-04-02 17:28:04 +02:00
Armin Novak
bda2731035 Fixed reading suppress output pdu
Optional rectangle must be read from PDU
2020-03-03 13:10:24 +01:00
Kobi Mizrachi
d552ef9e83 server: update: made functions static 2020-01-15 12:59:06 +02:00
Kobi Mizrachi
bd5ac550c5 update: update_send_new_or_existing_window: fix signed/unsigned according to spec 2020-01-15 12:59:06 +02:00
Kobi Mizrachi
9e47fd76db server: update: call update_check_flush whenever using the reused update buffer 2020-01-15 12:59:06 +02:00
Armin Novak
182d0ce548 Added RDP 10.7 large pointer support
* Implements [MS-RDPBCGR] version 51 large pointer support.
* Logs unknown large pointer capability flags as warning.

Signed-off-by: Armin Novak <armin.novak@thincast.com>
2019-12-19 09:53:40 +01:00
Kobi Mizrachi
200f50c1f6 update: add proper stream checks 2019-12-17 12:38:41 +01:00
Kobi Mizrachi
033ee763e9 core: server: update: fix update_send_new_or_existing_notification_icons 2019-12-12 11:10:44 +01:00
Mati Shabtay
4dacb57f6f rail server: implement channel code for rail server
* Split common functionality from client code
* Clean up client code and use proper defines for constants
* Implements the channel code to read/write server side
  messages.
2019-12-12 11:10:44 +01:00
Mati Shabtay
8e4a88d955 update.c: Implement rail server altsec window orders 2019-12-12 11:10:44 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
kubistika
99b10aa98d rdpUpdate: add autoCalculateBitmapData flag 2019-06-04 17:33:18 +03:00
David Fort
6563bc28c4 rail: added verbose logs (#5402)
* rail: added verbose logs

* rail: fix buffer initialisation in debug message
2019-05-23 12:15:26 +02:00
Armin Novak
95a7447366 Fixed window order cleanup for NOTIFY_ICON_STATE_ORDER 2019-05-09 13:24:22 +02:00
Armin Novak
2cc714a57d Updated RAILS implementation
* Implement new messages and callbacks
* Announce most recent channel features
* Added settings to configure flags to announce
2019-05-08 17:25:15 +02:00
Armin Novak
2a26aa0d87 Unified update->BeginPaint and update->EndPaint
Since these functions were called from 2 different threads
(main thread or dynamic channel) depending on fastpath or
gfx channel use lock between these.
If not locked the invalid region may be accessed from both
threads and lead to crashes as experienced with nightly df280a7ff
2019-04-11 15:33:23 +02:00
kubistika
d3dd0860a5 update.c: Fix update_end_paint wrong log level 2019-03-20 22:01:08 +02:00
David Fort
53c74beadc rdp: add a callback for ServerStatusInfo 2019-01-29 10:33:06 +01:00
Armin Novak
445a5a42c5 Fixed CVE-2018-8786
Thanks to Eyal Itkin from Check Point Software Technologies.
2018-11-20 11:08:31 +01:00
Armin Novak
991f051a63 Fixed stream release for transport_write 2018-10-17 14:55:55 +02:00
Armin Novak
54f3a388da Fixed #4835: BeginPaint callback now optional. 2018-09-04 10:40:17 +02:00
Armin Novak
8f7dbe5051 Fix #4725: Need to copy data. 2018-07-05 08:44:42 +02:00
Armin Novak
28ac0ee146 Fixed NULL dereferences. 2018-05-04 12:42:44 +02:00
Armin Novak
069c58a72b Fixed memory leak. 2018-05-04 11:47:05 +02:00
Armin Novak
4e66972616 Fixed remaining global order buffers. 2018-05-02 08:54:21 +02:00
Armin Novak
e5767f07ac Refactored order updates
Unified order creation/copy/delete to avoid memory leaks.
2018-05-02 08:54:21 +02:00
Armin Novak
e0d112d548 Removed all calls to WLog_Init and WLog_Uninit
Since the calls are no longer required remove their usage.
2018-04-03 13:06:41 +02:00
Armin Novak
1f7d33a2f2 Fixed read/write of surface bits command.
The optional field exBitmapDataHeader of TS_ BITMAP_DATA_EX was ignored.
Read and expose the data (currently unused)
2018-03-01 11:38:59 +01:00