Commit Graph

165 Commits

Author SHA1 Message Date
Hardening
b5f8900bc4 Merge pull request from binglinoioij/master
add values-zh/string.xml,that was profiles for chinese
2015-11-10 10:13:47 +01:00
root
934c4ff7a4 update values-zh/strings.xml 2015-10-16 15:54:26 +08:00
clouder
1030f8dad8 add values-zh/string.xml 2015-10-08 17:20:44 +08:00
Marc-André Moreau
3fd0c45be8 afreerdp: fix build warnings 2015-09-22 11:53:50 -04:00
Norbert Federa
2d5e249eff Merge pull request from akallabeth/pointer_decoding_fix
Fixed color pointer decoding.
2015-09-01 11:09:42 +02:00
Martin Haimberger
52405a3e79 Remove WIN32ERROR type
All return values are UINT now.
2015-08-27 05:38:20 -07:00
Armin Novak
4a62e6bee4 Added length arguments and checks. 2015-08-06 11:24:42 +02:00
Martin Haimberger
6ab0187d84 Merge remote-tracking branch 'upstream/master' into mh-channel
Conflicts:
	channels/audin/client/oss/audin_oss.c
	channels/drive/client/drive_main.c
	channels/printer/client/printer_cups.c
	channels/printer/client/printer_main.c
	channels/rail/client/rail_main.c
	channels/rdpgfx/client/rdpgfx_main.c
	channels/rdpsnd/client/oss/rdpsnd_oss.c
	channels/remdesk/client/remdesk_main.c
	channels/remdesk/server/remdesk_main.c
	channels/tsmf/client/tsmf_media.c
2015-07-15 01:57:07 -07:00
Bernhard Miklautz
68e8569110 winpr/synch: remove the dependency on winsock.h
winsock.h pulls in a lot of defines and dependencies that are not
required and partially unwanted in winpr's core (for parts that are not
related to network). In order to get rid of this dependency and have an
independent defines for extended winpr functions the WINPR_FD_* defines
are used internally (and for exposed functions). Where required, like in
WSAEventSelect, the FD_* is mapped to WINPR_FD_*.
2015-07-14 11:39:41 +02:00
Armin Novak
d18b0fbeb4 Handle API updated. 2015-07-03 09:52:52 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
19afc6906c client/android: reset debug level to default
* WLOG debug level was hard coded to DEBUG which generates a lot of
  noise
* remove indecent and unneeded debug message
2015-06-22 19:23:58 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
749d93ae39 client/android: misc updates and fixes
* increase minimum required SDK to 14
* change functions from void to BOOL where required to have proper
  return values
* update the JAVA classes and JNI accordingly
* add return value checks for *alloc and strdup
2015-06-22 19:10:00 +02:00
Bernhard Miklautz
77927c213e android: fix misc compiler warnings
with gcc version arm-linux-androideabi-gcc (GCC) 4.8
2015-06-22 19:09:59 +02:00
Martin Haimberger
6e4e1c2773 Merge remote-tracking branch 'upstream/master' into mh-stream-fix
Conflicts:
	client/Windows/wf_cliprdr.c
2015-06-18 03:06:40 -07:00
Martin Haimberger
e5d5cd3c94 hardend cliprdr
hardend cliprdr server and client
also updated all callbacks in the server and client
implementations
2015-06-18 03:04:31 -07:00
David FORT
12f873f1f9 Fixed MessageQueue and callers 2015-05-29 14:24:14 +02:00
MartinHaimberger
e3236c2317 Merge pull request from nfedera/fix-2015-05-08-01
fixed multiple missing gdi return value checks
2015-05-11 16:59:32 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Norbert Federa
71a4349928 fixed multiple missing gdi return value checks
mainly gdi_Create* functions
2015-05-08 21:39:23 +02:00
Norbert Federa
25fc866a58 Fix unchecked CreateThread calls and misc fixes 2015-05-05 13:55:48 +02:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Zhang Zhaolong
251d214d52 android_event: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 12:29:37 +08:00
Zavadovsky Yan
60c79f5450 client/Android: fix coords calculation in previous commit 2015-02-23 11:50:32 +03:00
Zavadovsky Yan
082e7b8661 client/Android: optimize android_end_paint() logic
1. Don't draw to screen if server sends begin/end paint
messages without any real updates.
2. Redraw only summary region that covers really invalidated
part of screen.
2015-02-21 23:52:38 +03:00
Zavadovsky Yan
ac8b50c464 client/Android: fix bad realloc
Fast and long pointer moves cause app to crash.
2015-02-21 23:51:02 +03:00
Kurt McAlpine
9b1450f759 Replaced ternary operator with condition only 2015-02-11 11:15:25 +13:00
Armin Novak
28da3ea620 Using freerdp_channels_disconnect now. 2015-01-20 11:24:03 +01:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
769eb38217 afreerdp: migrate to cliprdr callback interface 2014-11-12 12:25:12 -05:00
Marc-André Moreau
19c3b0d457 afreerdp: cleanup cliprdr code 2014-11-12 11:14:10 -05:00
Marc-André Moreau
a1e660d92e freerdp: unify clipboard standard format id definitions 2014-10-16 22:20:12 -04:00
Armin Novak
7913a57bc5 Using wlog for logging in clients now. 2014-09-15 08:55:00 +02:00
Bernhard Miklautz
0313ca3622 libfreerdp: always build "MONOLITHIC"
"libfreerdp" consisted of multiple (small) single libraries. If the cmake
option MONOLITHIC was used only one library was build combining all of
the libfreerdp-* libraries.
The only exceptions to this are libfreerdp-server and libfreerdp-client these
are build as separate libraries.

This commit obsoltes non-monolithic builds and makes monolithic builds
the default. The cmake option MONOLITHIC is also removed.
2014-09-12 00:19:53 +02:00
Marc-André Moreau
82a53057a1 Merge pull request from ptsekov/software-gdi-improvements
Software GDI improvements
2014-08-18 16:22:23 -04:00
Marc-André Moreau
f30d7cf66a Merge pull request from repzilon/master
uclibc build fixes and recompressed images
2014-08-18 13:08:52 -04:00
Hardening
767d54ce18 Merge pull request from ptsekov/Issue_2016
Honour user performance preferences.
2014-08-15 09:21:12 +02:00
Norbert Federa
3c8700f62d Merge pull request from akallabeth/async-update-to-lib
Moved update thread from client to library.
2014-08-14 17:46:43 +02:00
Rene Rheaume
15ad357e1a Recompressed images with FileOptimizer 6.8 (an open-source mass file recompression tool for Windows) 2014-08-08 20:12:25 -04:00
Rene Rheaume
151e5de3d4 Recompressed PNG images again 2014-08-06 23:10:23 -04:00
Rene Rheaume
281ab78481 Recompressed losslessy PNG and JPEG images 2014-08-06 22:37:14 -04:00
Pavel Tsekov
98cf129a11 Do not invert fb contents when in 32bpp mode
* client/Android/FreeRDPCore/jni/android_freerdp.c:
(android_post_connect): Pass the proper flags to gdi_init().
(copy_pixel_buffer): Do not invert the framebuffer data when using 32bpp
framebuffer.
2014-08-07 01:12:39 +03:00
U-PAVEL\Pavel Tsekov
8a4f134fab Revert to 15d2b35574 2014-08-05 14:35:31 +03:00
Pavel Tsekov
9a470632f6 Honour user performance preferences.
* client/Android/FreeRDPCore/jni/android_freerdp.c:
(jni_freerdp_set_performance_flags): Always pass the user specified performance
settings to FreeRDP.
2014-08-05 00:49:13 +03:00
Pavel Tsekov
e13f93aa1b Allow the user to enable/disable performance features regardless of
their default values.
2014-08-04 18:14:08 +03:00
Mike Gilbert
ae1fdf6153 Remove execute bit from many files 2014-07-20 00:52:35 -04:00
Armin Novak
689902c995 Moved update thread from client to library. 2014-07-14 19:27:50 +02:00
Armin Novak
ba296e5f92 Removed unused code. 2014-07-11 18:49:40 +02:00