Martin Fleisz
9a2d33af12
Fixed missing encrypt / decrypt success check.
...
The return of EncryptMessage and DecryptMessage was unchecked.
This lead to PLAINTEXT to be sent over the wire, a major security
issue.
2015-07-08 17:41:23 +02:00
Armin Novak
48ccf73a36
More SSPI logging.
2015-07-08 17:41:22 +02:00
Armin Novak
5b0ee9b7ab
Error checks and readable log messages.
2015-07-08 17:41:22 +02:00
Martin Fleisz
3b87cc0c07
Fixed server and client NLA state machine.
...
When using NULL credentials (current context)
the server state machine did not send back the
required authentication token.
On client side erroneous checks prevented sending
the appropriate public key.
2015-07-08 17:41:21 +02:00
Armin Novak
d18b0fbeb4
Handle API updated.
2015-07-03 09:52:52 +02:00
Hardening
ac93b26ba8
Merge pull request #2750 from realjiangms/fix_win32_wsaevent
...
Fix event created for WSAEventSelect
2015-07-02 09:26:13 +02:00
Armin Novak
3a9db563fd
NLA: Fixed length check.
2015-07-01 16:05:11 +02:00
Armin Novak
8479c824fd
Fixed handling of optional TSPasswordCreds field.
2015-07-01 15:30:38 +02:00
Armin Novak
6c0e1af4af
NLA decrypt credentials fixed.
2015-07-01 14:31:55 +02:00
Norbert Federa
1c43a6e115
Merge pull request #2738 from bmiklautz/ffuncs
...
hardening: check fread and fwrite return values
2015-07-01 13:02:32 +02:00
Bernhard Miklautz
798df32fd9
Integrate pull request feedback
...
* unify fwrite usage - set nmemb to 1 and the size to the size to write.
2015-07-01 12:22:32 +02:00
zihao.jiang
75407edf37
Fix event created for WSAEventSelect: The event we pass to WSAEventSelect should be WSAEVENT instead of normal event.
...
From MSDN, it looks same as CreateEvent(NULL, FALSE, FALSE, NULL):
The WSACreateEvent function creates a manual-reset event object with an initial state of nonsignaled. The event object is unnamed.
However they are not really equivalent. When we use normal event, the WSAEventSelect still works but the event appears to be 'auto-reset'.
2015-07-01 01:52:59 +08:00
Marc-André Moreau
a8e62e938a
libfreerdp-codec: fix egfx artifacts resulting from incorrect handling of rects inside the same egfx frame
2015-06-28 13:57:46 -04:00
Bernhard Miklautz
1cee185e3c
hardening: check fread and fwrite return values
2015-06-26 20:38:30 +02:00
Marc-André Moreau
5ec19d2045
Merge branch 'master' of github.com:FreeRDP/FreeRDP
2015-06-26 14:00:03 -04:00
Marc-André Moreau
24ed6b06cc
channels/rdpgfx: update debug output
2015-06-26 13:59:41 -04:00
Norbert Federa
20878e50fe
Merge pull request #2724 from bmiklautz/leak_fix
...
Fix leaks in certificate and identity handling
2015-06-26 15:30:00 +02:00
Marc-André Moreau
cf2f4bf9cf
Merge pull request #2737 from nfedera/nf-fix-gdi-return-value-weirdness
...
libfreerdp/gdi: fixed gdi return value madness
2015-06-26 09:24:08 -04:00
Bernhard Miklautz
77ef5a80de
nla: clear identity memory before releasing
2015-06-26 15:12:33 +02:00
Norbert Federa
ac95b7274e
Merge pull request #2727 from akallabeth/leak_fixes_reformat
...
Fixed leaks, NULL dereferences and broken init.
2015-06-26 15:01:08 +02:00
Norbert Federa
bb9536b867
libfreerdp/gdi: fixed gdi return value madness
...
Mostly booleanization to comply with the MS API
2015-06-26 14:32:38 +02:00
Marc-André Moreau
ddf2519f1e
Merge pull request #2719 from bmiklautz/pull/2481
...
OSS, tsmf, usb and BSD fixes and improvements
2015-06-26 08:27:22 -04:00
Norbert Federa
5281070045
Merge pull request #2734 from giox069/master
...
Fixes for software GDI issues #2732 and #2137
2015-06-26 13:15:56 +02:00
Hardening
b411c11f6e
Merge pull request #2729 from akallabeth/win_reg_key_by_vendor_product_define
...
Replaced hard coded registry keys with cmake defines.
2015-06-26 11:15:09 +02:00
Giovanni Panozzo
8a45b567fc
Returing OK when there is nothing to draw after clipping, fixes #2732
2015-06-25 16:54:08 +02:00
Giovanni Panozzo
85b5c5f890
Signed glyph offset calculation, fixes #2137
2015-06-25 16:49:29 +02:00
Bernhard Miklautz
28e63786cd
Integrate pull request feedback
...
Use while instead of for with additional variable where appropriate.
2015-06-25 10:33:54 +02:00
Armin Novak
80ba4643dc
Fixed cleanup of resources, only in error case now.
2015-06-24 14:59:59 +02:00
Armin Novak
e8bfa29bd2
Replaced registry keys with cmake defines.
2015-06-24 14:02:48 +02:00
Bernhard Miklautz
9f6fa7ef4c
Fix possible endless loops on cleanup.
...
Some cleanup code possibly create endless loops because an unsigned
type was used as run variable but the check was >= 0 in the for loop.
2015-06-24 12:26:13 +02:00
Armin Novak
c78b6f38ab
Fixed cleanup of MachineAddresses and MachinePorts.
2015-06-24 12:14:06 +02:00
Armin Novak
ee221315db
Fixed loop condition.
2015-06-24 10:08:04 +02:00
Armin Novak
a809b87362
Fixed memory leak.
2015-06-24 10:02:42 +02:00
Armin Novak
4c9ee07eb6
Fixed sizeof misuse.
2015-06-24 10:02:30 +02:00
Armin Novak
2ff1205dde
Fixed a resource leak.
2015-06-24 09:45:40 +02:00
Armin Novak
2e762c881c
Fixed a resource leak.
2015-06-24 09:33:20 +02:00
Armin Novak
6698e24228
Fixed leaks, NULL dereferences and broken init.
2015-06-23 21:29:21 +02:00
Bernhard Miklautz
2e87d0ee52
Fix leaks in certificate and identity handling
2015-06-23 15:40:37 +02:00
Armin Novak
24fed46cda
Fixed grabage return value.
2015-06-23 12:08:47 +02:00
Armin Novak
212db120e0
Fixed NULL pointer dereference.
2015-06-23 12:07:38 +02:00
Bernhard Miklautz
ff8d172a12
core: use error instead of debug
...
When the function would return with an error print an error message
instead of a debug message
2015-06-23 11:15:13 +02:00
Bernhard Miklautz
09445c2b0e
nla and cmdline: integrated feedback
...
* fix possible problems with 0 size lengths
* add return value checks
2015-06-23 10:14:11 +02:00
Bernhard Miklautz
af81a91ea7
windows: fix compilation and warnings
2015-06-22 19:31:25 +02:00
Bernhard Miklautz
06502e6a91
misc: integrate pull request feedback
2015-06-22 19:24:30 +02:00
Bernhard Miklautz
421b74e85e
client/locale: properly check popen return value
...
popen returns NULL if an error occurs and not < 0.
2015-06-22 19:23:58 +02:00
Bernhard Miklautz
1b8dd139a9
cmd line: add missing checks
...
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
Bernhard Miklautz
5de0e02c61
cache: fix regression
...
Fix a regression in cache_new introduced in commit
b4f147e242ea396ef92082d29866e5ab7d041b4e
2015-06-22 19:21:47 +02:00
David FORT
7c3f8f33ab
Fixes for malloc / calloc + other fixes
...
This patch contains:
* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
77927c213e
android: fix misc compiler warnings
...
with gcc version arm-linux-androideabi-gcc (GCC) 4.8
2015-06-22 19:09:59 +02:00
Bernhard Miklautz
bf73f4e4f1
Fix unchecked strdups
...
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00