Commit Graph

14589 Commits

Author SHA1 Message Date
akallabeth
c0fd449ec0 Fixed Out-of-bound read in glyph_cache_put
CVE-2020-11098 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
akallabeth
6ade7b4cbf Fixed OOB Read in license_read_new_or_upgrade_license_packet
CVE-2020-11099 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
Martin Fleisz
152bf0cda4
Merge pull request #6284 from akallabeth/wayland
Lock wayland buffer updates
2020-06-19 11:44:28 +02:00
Armin Novak
8e45a2dd50 Respect SECBUFFER_READONLY flag in NTLM EncryptMessage 2020-06-19 11:31:13 +02:00
Armin Novak
0d80353bf3 Added missing SECBUFFER_READONLY flag in rpc_client_write_call 2020-06-19 11:31:13 +02:00
Armin Novak
ff79636d33 TSG improvements
* Respect connection timeout during connect
* Better debug output
* Cleaned up data types,
2020-06-19 11:31:13 +02:00
akallabeth
c902f583d0 Fixed missing lock during buffer submit. 2020-06-18 08:42:24 +02:00
Bernhard Miklautz
529e30c273 Revert "winpr/library: Use RTLD_GLOBAL for dlopen"
Using RTLD_GLOBAL in LoadLibraryA introduces a different behavior than
expected.

This reverts commit d566e00258.
2020-06-17 12:59:41 +02:00
Bernhard Miklautz
1628939227 fix [client channels]: move exported API calls to client/common
The functions mappedGeometryRef and mappedGeometryUnref are API
functions ([1]) but were implemented in the geometry channel.
In case FreeRDP was built with BUILTIN_CHANNELS=OFF those functions
weren't available globally but used by the video channel.

Now the functions are fixed part of the freerdp-client library and
therefore available for all channels.

[1] exported in freerdp/client/geometry.h

Fixes #6236
2020-06-17 12:59:41 +02:00
Bernhard Miklautz
a0835d2468
Merge pull request #6286 from akallabeth/shadow_pam_compile
Fixed compilation issue with shadow pam code
2020-06-16 16:06:25 +02:00
akallabeth
1bc48b058f Fixed double free for uwac buffers 2020-06-16 14:26:38 +02:00
akallabeth
e1e0f965e8 Fixed compilation issue with shadow pam code 2020-06-16 14:02:49 +02:00
Martin Fleisz
67369dad55
Merge pull request #6237 from akallabeth/shadow_surface_lock
Fixed surface locking for shadow server.
2020-06-16 11:28:12 +02:00
Martin Fleisz
6f2abf70e9
Merge pull request #6260 from makiuchi-d/fix-unmap-buttons-option
xfreerdp: Fix +unmap-buttons option having the opposite effect
2020-06-16 11:18:33 +02:00
akallabeth
a38d6c53a6 Fixed surface locking for shadow server. 2020-06-16 11:18:17 +02:00
Martin Fleisz
5a09e12ec5
Merge pull request #6239 from akallabeth/shadow_auth_log
Improve X11 shadow authentication reason failure log
2020-06-16 11:17:57 +02:00
Martin Fleisz
982bc682b5
Merge pull request #6256 from akallabeth/usb_cancel_fix
Do not remove transfer data on usb cancel transfer
2020-06-16 11:05:24 +02:00
akallabeth
7361f75d11 Lock wayland buffer updates 2020-06-15 15:49:21 +02:00
Martin Fleisz
cf7b9ca055 Fix usage of DsMakeSpn with IP address hostnames 2020-06-15 15:38:54 +02:00
Patrick Chin
8515846317 MessageQueue write time to current message not the next 2020-06-09 08:51:53 +02:00
akallabeth
733026dada Fixed #6267: adjust write_pixel_16 endian handling 2020-06-08 15:10:24 +02:00
Kyle Evans
1b5e234135 uwac: don't try to use O_TMPFILE on FreeBSD
Currently, this sets an invalid open flag and attempts to open(), which
will fail.  Instead of doing that, don't try to define O_TMPFILE where
such a definition can't exist and force the fallback rather than making
an always-fail open() call.
2020-06-08 08:17:25 +02:00
Kubistika
0cf764f170 server: proxy: cap plugin: fix var and func declaration 2020-06-05 09:22:26 +02:00
Kobi Mizrachi
19809bf338 server: proxy: implement session capture plugin 2020-06-05 09:22:26 +02:00
Kobi Mizrachi
920acd4c0e winpr: image: add API to construct bmp header 2020-06-05 09:22:26 +02:00
Kobi Mizrachi
44c50ff1d5 server: proxy: remove old session capture code 2020-06-05 09:22:26 +02:00
Kobi
67d4560e86
Merge pull request #6259 from kubistika/drdynvc_hotfix
drdynvc: client: fix #6252 use-after-free
2020-06-04 21:29:19 +03:00
makki_d
4607a2766a fix +unmap-buttons option having the opposite effect 2020-06-04 18:22:55 +09:00
akallabeth
5c0ccb7575 Fixed formatting. 2020-06-04 07:55:12 +02:00
Ondrej Holy
c03f68059d smartcard: Teoretical fix of uninitialized values
This tries to fixes the following defects reported by covscan tool:
 - channels/smartcard/client/smartcard_operations.c:958: uninit_use_in_call: Using uninitialized value "ret.cReaders" when calling "smartcard_pack_locate_cards_return".
 - channels/smartcard/client/smartcard_operations.c:932: uninit_use_in_call: Using uninitialized value "ret.cReaders" when calling "smartcard_pack_locate_cards_return".

But I am not sure about it...
2020-06-04 07:55:12 +02:00
Ondrej Holy
7554154a04 smartcard: Fix usage of uninitialized values
This fixes the following defect reported by covscan tool:
 - channels/smartcard/client/smartcard_pack.c:942: uninit_use_in_call: Using uninitialized value "tmp" when calling "ConvertFromUnicode".
 - channels/smartcard/client/smartcard_pack.c:894: uninit_use_in_call: Using uninitialized value "tmp" when calling "ConvertFromUnicode".
 - channels/smartcard/client/smartcard_pack.c:475: uninit_use_in_call: Using uninitialized value "tmp" when calling "ConvertFromUnicode".
2020-06-04 07:55:12 +02:00
Ondrej Holy
ac114d45c7 wlfreerdp: Fix array overrun
This fixes the following defects reported by covscan tool:
 - client/Wayland/wlf_input.c:251: overrun-local: Overrunning array "contacts" of 10 32-byte elements at element index 10 (byte offset 351) using index "i" (which evaluates to 10).
 - client/Wayland/wlf_input.c:308: overrun-local: Overrunning array "contacts" of 10 32-byte elements at element index 10 (byte offset 351) using index "i" (which evaluates to 10).
 - client/Wayland/wlf_input.c:360: overrun-local: Overrunning array "contacts" of 10 32-byte elements at element index 10 (byte offset 351) using index "i" (which evaluates to 10).
 - client/Wayland/wlf_input.c:251: error[arrayIndexOutOfBounds]: Array 'contacts[10]' accessed at index 10, which is out of bounds.
 - client/Wayland/wlf_input.c:308: error[arrayIndexOutOfBounds]: Array 'contacts[10]' accessed at index 10, which is out of bounds.
 - client/Wayland/wlf_input.c:360: error[arrayIndexOutOfBounds]: Array 'contacts[10]' accessed at index 10, which is out of bounds.
 - client/Wayland/wlf_input.c:246: uninit_use_in_call: Using uninitialized value "y" when calling "wlf_scale_coordinates".
 - client/Wayland/wlf_input.c:246: uninit_use_in_call: Using uninitialized value "x" when calling "wlf_scale_coordinates".

The maximal number of touches can be higher then 10, see:
https://wayland.freedesktop.org/libinput/doc/latest/touchpads.html

Let's increse the MAX_CONTACTS count and add checks to prevent usage of
uninitialized values.
2020-06-04 07:55:12 +02:00
Ondrej Holy
230d83b319 gdi: Fix missing unlock
This fixes the following defect reported by covscan tool:
libfreerdp/gdi/gfx.c:144: missing_unlock: Returning without unlocking "update->mux".
2020-06-04 07:55:12 +02:00
Kubistika
6ed765c960 drdynvc: client: fix #6252 use-after-free 2020-06-03 19:47:40 +03:00
Armin Novak
5ec66cc6c7 Fixed sign compare warnings with constants. 2020-06-03 09:53:18 +02:00
Armin Novak
ef4de12887 Fixed double free in urb_isoch_transfer_cb 2020-06-03 08:37:45 +02:00
Armin Novak
a5e2d62e48 Do not remove transfer data on usb cancel transfer 2020-06-03 08:24:17 +02:00
MartinHaimberger
1fa625ee6e
Merge pull request #6226 from akallabeth/release_zip
Added release zip creation to script.
2020-06-02 13:37:04 +02:00
Armin Novak
44cf91be37 Fixed #6245: Added additional tests to assistance parser 2020-06-02 13:36:03 +02:00
akallabeth
6490106600 Lock remaining occurances of security_encrypt/security_decrypt variables 2020-06-02 13:31:17 +02:00
akallabeth
a381dd1a27 Lock security_decrypt to avoid simultaneous counter manipulation 2020-06-02 13:31:17 +02:00
Patrick Chin
5f788c65f4 Fix memory leaks in client/encomsp_main.c and client/remdesk_main.c 2020-06-02 09:50:07 +02:00
Simon Tatham
921cd45d42 [generate_argument_docbook] Fix typo in XML entity.
The character '>' was being rendered as < instead of >.
2020-06-02 09:44:41 +02:00
Florian Staudacher
d1dc2fb03d report only actual bytes received, not allocated buffer size (interrupt produces data, timeout doesn't) 2020-06-02 09:21:30 +02:00
Florian Staudacher
03128d5154 only call 'libusb_set_interface_alt_setting' when value is changed 2020-05-29 10:48:23 +02:00
akallabeth
431570ffb2 Added scancodes for launch keys 2020-05-27 15:42:45 +02:00
Ondrej Holy
d566e00258 winpr/library: Use RTLD_GLOBAL for dlopen
LoadLibraryA implementation uses the RTLD_LOCAL flag for dlopen currently.
This flag doesn't allow the symbols to be used by the subsequently loaded
libraries. This is a problem for the video channel when -DBUILTIN_CHANNELS=OFF
is used as it uses functions from the geometry channel. Let's use RTLD_GLOBAL
instead to prevent "undefined symbol" errors in such cases.

Fixes: https://github.com/FreeRDP/FreeRDP/issues/6236
2020-05-27 13:06:12 +02:00
akallabeth
e66ee477c0 Improve X11 shadow authentication reason failure log 2020-05-27 11:53:28 +02:00
Armin Novak
25f62eeddd Added release zip creation to script. 2020-05-25 19:30:11 +02:00
Kobi
0cb7ada6de
Merge pull request #6208 from akallabeth/accept_cert_io
Read newline from stdio on certificate accept
2020-05-25 13:25:39 +03:00