Commit Graph

697 Commits

Author SHA1 Message Date
Norbert Federa
cd0a8e0506 Merge pull request #2630 from hardening/new_2616
Add checks for some XXX_New and XXX_Add functions
2015-05-21 16:04:26 +02:00
Marc-André Moreau
ebf863f2eb Merge pull request #2557 from realjiangms/shadow_fix_hang2395
shadow fix multi-client hang
2015-05-20 16:26:31 -04:00
David FORT
29d372480a Take in account nfedera's review 2015-05-20 19:19:50 +02:00
Marc-André Moreau
29d14773c8 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	client/Windows/wf_client.c
	libfreerdp/common/assistance.c
2015-05-20 10:12:24 -04:00
Hardening
f8120919af Add checks for some XXX_New and XXX_Add functions
Based on PR #2616
2015-05-18 11:28:00 +02:00
MartinHaimberger
e3236c2317 Merge pull request #2605 from nfedera/fix-2015-05-08-01
fixed multiple missing gdi return value checks
2015-05-11 16:59:32 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
zihao.jiang
85dd90d817 shadow fix multi-client hang
Merge from commit d4df3a952b
Conflicts:

	server/shadow/shadow_subsystem.c
2015-05-11 00:04:07 +08:00
Norbert Federa
71a4349928 fixed multiple missing gdi return value checks
mainly gdi_Create* functions
2015-05-08 21:39:23 +02:00
Marc-André Moreau
30dd40e10a wfreerdp: fix and improve remote assistance 2015-05-07 14:20:49 -04:00
Norbert Federa
82843f0700 server/shadow: added missing error message 2015-05-07 17:42:01 +02:00
Norbert Federa
f9f59cd29b Fix unchecked CreateDirectory calls 2015-05-07 13:28:13 +02:00
Norbert Federa
c77def3048 Fix unchecked CreateMutex calls 2015-05-07 13:27:49 +02:00
Norbert Federa
25fc866a58 Fix unchecked CreateThread calls and misc fixes 2015-05-05 13:55:48 +02:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Norbert Federa
84577b1ca7 codec/rfx: error checking and various fixes
- removed some unneeded null checks for free()
- fixed a memory leak in shadow_client
- removed rfx_compose_message_header from API

Changed the following functions to BOOL, check the result
where they are called and handle failures:
- rfx_compose_message
- rfx_compose_message_header
- rfx_write_tile
- rfx_write_message_tileset
- rfx_write_message_frame_begin
- rfx_write_message_region
- rfx_write_message_frame_end
- rfx_write_message

rfx_process_message:
- check memory allocation failures
- verify protocol-conform order of data messages to prevents memory
  leaks caused by repeated allocations
- verify that header messages were parsed/received before the
  data messages
- treat unknown rlgr mode as error
- fixed/added error handling
- fixed all callers to check/handle result

rfx_encode_message:
- fixed incorrect usage of realloc
- missing malloc check
- missing check of CreateThreadpoolWork
- correct cleanup on failure (threadpool, memory)
- check rfx_encode_message result

rfx_encode_messages:
- check rfx_split_message result
- correct cleanup on failure
- prevent memory leak on failure

rfx_write_message_context:
- fixed invalid channelId value (must be 0xFF for WBT_CONTEXT)

rfx_process_message_codec_versions:
- fixed invalid read size of codec_version (it is 16bit)

rfx_process_message_channels:
- verify protocol conform channelId value

rfx_process_message_region:
- replaced invalid reallocs with malloc
- read and verify regionType and numTileSets from stream

rfx_process_message_tileset:
- check allocation results
- fixed incorrect usages of realloc

setupWorkers:
- fixed incorrect usages of realloc

rfx_split_message:
- removed dead code
- missing malloc check

rfx_compose_message:
- fixed a memory leak
- check/handle rfx_encode_message result
2015-04-23 15:42:21 +02:00
Hardening
6cd7713e12 Merge pull request #2544 from bmiklautz/boolenization
change return types of callbacks to BOOL
2015-04-22 11:01:27 +02:00
Armin Novak
65a4c6e1fc Changed listener callback arguments and return. 2015-04-21 15:57:25 +02:00
Bernhard Miklautz
1e6943bf31 Fix formating 2015-04-21 14:20:24 +02:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Armin Novak
6e213bc61b Modified GetEventHandles of listener
Now using nCount as in and out argument.
When called, set nCount to the number of available handles.
This value is checked and an error returned, if not enough
handles are available.
2015-04-21 12:09:44 +02:00
Armin Novak
7b0d7b3552 Using new API for socket listener. 2015-04-19 10:39:08 +02:00
Armin Novak
4ed891b599 Moved client handler to new API. 2015-04-19 10:39:08 +02:00
Bernhard Miklautz
12e1d94567 winpr: fixes and cleanup
Integrated notes and issues for the pending pull request
* wf_info:
 * cleanup: remove unnecessary breaks
 * fix typo
 * change usage of calloc
* print.c: fix incorrect check
* makecert.c: cleanup includes
2015-04-08 11:34:37 +02:00
Bernhard Miklautz
850de59b55 winpr: add checks for *alloc
Add missing checks if memory allocation was successful. Also adapt
caller(s) when possible.
2015-04-08 11:34:37 +02:00
Petr Sumbera
17df42e4b5 Fixes some build issues on Solaris 11. 2015-02-02 08:48:54 -08:00
Bernhard Miklautz
43beef36ff rdtk/shadow: install libraries versioned 2014-12-12 19:26:23 +01:00
Bernhard Miklautz
1b663ceffe build: cmake 3.1 compatibility
* fix problem with REMOVE_DUPLICATES on undefined lists
* since 3.1 file(GLOB FILEPATHS RELATIVE .. returns single / instead of // as
  previously - necessary adoptions for regex and matches done. Should
	work with all cmake versions.

Tested with 3.1.0-rc3
2014-12-12 19:26:22 +01:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Armin Novak
547054a48b Fixed uninitialized value. 2014-12-07 00:23:46 +01:00
Marc-André Moreau
7881ec762e server/shadow: avoid sending pointer updates when not active, fix remdesk leak 2014-11-21 15:10:39 -05:00
Marc-André Moreau
ab9a4318c8 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-18 14:21:55 -05:00
Marc-André Moreau
4fbec7633a cmake: add WITH_FREERDS option 2014-11-17 12:31:31 -05:00
Marc-André Moreau
8a7a71a7b6 Merge pull request #2213 from akallabeth/wlog_callback_appender
Wlog callback appender
2014-11-17 09:41:58 -05:00
Armin Novak
c44f85c2b4 Fixed memory leak. 2014-11-17 00:42:05 +01:00
Armin Novak
f34ee395eb Fixed memory leak. 2014-11-17 00:34:17 +01:00
Armin Novak
d9b889ddb7 Fixed memory leak. 2014-11-17 00:33:37 +01:00
Armin Novak
232aa89efd Fixed memory leak. 2014-11-17 00:22:33 +01:00
Armin Novak
7c3adc8449 Fixed nonnull warning. 2014-11-17 00:21:04 +01:00
Armin Novak
8d4589b1e1 Replaced fprintf error messages with WLog. 2014-11-16 12:21:38 +01:00
Marc-André Moreau
496ce10637 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-15 12:37:29 -05:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Bernhard Miklautz
3e0e0c868e Revert a bug introduced in PR #2134
FREERDP_CHANNELS_SERVER_SRCS need to be added to server/common that the
symbols get added and exported with libfreerdp-server.

Also remove duplicated version information.
2014-11-12 17:15:13 +01:00
Marc-André Moreau
04299bb18b shadow: improve pointer updates 2014-11-07 13:51:10 -05:00
Marc-André Moreau
a538e791b3 shadow: add improved pointer updates 2014-11-06 17:25:41 -05:00
Marc-André Moreau
ad611b5c09 Merge branch 'master' of github.com:awakecoding/FreeRDP 2014-11-04 10:34:06 -05:00
Vic Lee
288097e271 Removed library prefix on Windows def files. 2014-11-03 12:39:27 +08:00
Martin Fleisz
0be28ba0f6 Merge pull request #1965 from akallabeth/dynamic-addin-naming
Dynamic channel library naming
2014-10-31 13:42:16 +01:00
Marc-André Moreau
eea475b436 shadow: fix null ClientDir 2014-10-29 16:11:22 -07:00
Marc-André Moreau
d85a2bf3e6 shadow: fix bitmap update fragmentation 2014-10-25 15:36:36 -04:00
Armin Novak
22c775988b Using global RC_VERSION_PATCH now. 2014-10-09 16:20:32 +02:00
Armin Novak
89bb28adb2 Fixed setting of RV_VERSION_PATCH, now BUILD_NUMBER is used for every library.
Executable names are now correctly set, using CMAKE_EXECUTABLE_SUFFIX now.
Fixed version defines for winpr executables.
2014-10-09 16:18:35 +02:00
Armin Novak
5364a834c4 Added windows version information to build. 2014-10-03 15:17:40 +02:00
Marc-André Moreau
7da4621334 librdtk: improve text positioning 2014-10-01 12:18:17 -04:00
Marc-André Moreau
24b594d592 librdtk: stub NinePatch, TextField and Button 2014-09-30 14:54:36 -04:00
Marc-André Moreau
abd87ace55 rdtk: initial commit 2014-09-29 16:08:08 -04:00
Marc-André Moreau
169a9c83ee shadow: initial font rendering 2014-09-29 14:07:48 -04:00
Marc-André Moreau
6eeace868b shadow: start bitmap font loader 2014-09-28 21:41:12 -04:00
Marc-André Moreau
668aa17a22 shadow: add X11 PAM authentication 2014-09-26 19:03:48 -04:00
Marc-André Moreau
315d16a978 shadow: fix X11 extended keycodes 2014-09-26 17:51:45 -04:00
Marc-André Moreau
255bd6f7a2 shadow: fix bitmap updates 2014-09-24 13:17:52 -04:00
Marc-André Moreau
41282e569f shadow: fix surface frame markers 2014-09-24 12:10:02 -04:00
Marc-André Moreau
ea84067c80 shadow: add workaround for Mac RDP client 2014-09-23 21:05:10 -04:00
Marc-André Moreau
8123a1d9b8 libfreerdp-codec: refactor NSCodec 2014-09-23 20:00:26 -04:00
Marc-André Moreau
af858e8f2a shadow: disable RemoteFX if connection type is not LAN 2014-09-23 18:19:05 -04:00
Marc-André Moreau
7574788ba5 libfreerdp-core: fix GCC core data block negotiation 2014-09-22 11:38:33 -04:00
Marc-André Moreau
343947143e shadow/X11: fix color depth check 2014-09-22 10:06:16 -04:00
Marc-André Moreau
e20ff661e3 shadow: disable unsupported X11 color depths 2014-09-22 09:59:56 -04:00
Marc-André Moreau
c4ad706c34 libfreerdp-core: improve bitmap codec negotiation 2014-09-21 15:40:27 -04:00
Marc-André Moreau
86c7f46b76 shadow: improve bitmap update performance 2014-09-20 16:29:13 -04:00
Marc-André Moreau
45b9a5454e libfreerdp-codec: improve compressor interfaces 2014-09-20 15:25:33 -04:00
Marc-André Moreau
d6250b1aec shadow: improve Mac subsystem 2014-09-19 19:58:49 -04:00
Marc-André Moreau
c4588fb14f libfreerdp-core: remove dependency on OPENSSL_Applink on Windows 2014-09-19 17:11:56 -04:00
Marc-André Moreau
3ddbb128cc libfreerdp-core: add SurfaceFrameBits function to combine frame marker with surface commands 2014-09-19 14:23:17 -04:00
Marc-André Moreau
aa2e6dacbb shadow: fix frame acks + bitmap negotiation 2014-09-19 12:06:12 -04:00
Marc-André Moreau
09fc388e03 shadow: add RefreshRect/SuppressOutput support 2014-09-18 22:18:58 -04:00
Marc-André Moreau
aa7571648c shadow: start using message queue 2014-09-18 17:22:44 -04:00
Marc-André Moreau
7ef55ab9b7 shadow: improve subsystem structure 2014-09-18 15:43:11 -04:00
Marc-André Moreau
a5f8bdf51c shadow: add EnumMonitor functions 2014-09-18 14:29:42 -04:00
Marc-André Moreau
527638c691 shadow: delay subsystem initialization for monitor enumeration 2014-09-18 13:06:49 -04:00
Marc-André Moreau
a77279fb4c shadow: fix and improve config path detection 2014-09-18 10:06:59 -04:00
Marc-André Moreau
4f498d6830 mfreerdp-server: disable in favor of shadow server 2014-09-17 22:59:58 -04:00
Marc-André Moreau
48d15998e7 shadow: add common subsystem code 2014-09-17 22:58:57 -04:00
Marc-André Moreau
e84e7928e3 server/shadow: split into library + executable 2014-09-17 21:18:47 -04:00
Marc-André Moreau
6afd621d4c Merge branch 'master' of github.com:awakecoding/FreeRDP into shadow
Conflicts:
	server/Mac/mf_audin.c
	server/Mac/mf_event.c
	server/Mac/mf_info.c
	server/Mac/mf_mountain_lion.c
	server/Mac/mf_peer.c
	server/Mac/mf_rdpsnd.c
	server/Mac/mfreerdp.c
	server/shadow/CMakeLists.txt
2014-09-17 20:15:01 -04:00
Marc-André Moreau
25f1073aa5 freerdp: fix build problems 2014-09-17 19:19:37 -04:00
Marc-André Moreau
2a5192b027 Merge branch 'master' of github.com:awakecoding/FreeRDP into egfx
Conflicts:
	client/Windows/wf_cliprdr.h
	client/Windows/wf_event.h
	client/X11/xf_client.c
	client/X11/xf_gdi.c
	libfreerdp/gdi/gdi.c
	server/Mac/mf_input.c
2014-09-17 19:09:56 -04:00
Marc-André Moreau
c66f272342 shadow: fix encoder grid bug 2014-09-17 15:19:35 -04:00
Armin Novak
059374457d Removed library prefix override. 2014-09-17 11:27:11 +02:00
Armin Novak
17991386b3 Fixed log level of error message. 2014-09-16 10:17:54 +02:00
Armin Novak
73a735e400 Decreased logging verbosity. 2014-09-15 20:06:35 +02:00
Armin Novak
72f06bdcdf Decreased logging verbosity. 2014-09-15 19:56:21 +02:00
Armin Novak
5b5791c8d7 Using wlog for server now. 2014-09-15 08:55:00 +02:00
Marc-André Moreau
41814b1b1c shadow/mac: add keyboard support 2014-09-14 20:23:40 -04:00
Marc-André Moreau
06dc76bce2 shadow/mac: add initial screen capture support 2014-09-14 20:08:38 -04:00
Marc-André Moreau
464f74805e shadow/mac: add mouse movement 2014-09-13 13:21:34 -04:00
Marc-André Moreau
6a1b76e42a shadow/mac: add monitor detection 2014-09-13 13:12:55 -04:00
Marc-André Moreau
aa49e63cda mfreerdp-server: fix build 2014-09-13 12:33:33 -04:00
Marc-André Moreau
b7351e0795 Merge branch 'egfx' of github.com:awakecoding/FreeRDP into shadow 2014-09-13 12:04:02 -04:00
Marc-André Moreau
b0d27beae3 mfreerdp: add egfx support 2014-09-13 12:02:53 -04:00