mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,540 Commits 6 Branches 74 Tags 84 MiB
9c93c6cbf3
Commit Graph

66 Commits

Author SHA1 Message Date
Armin Novak
6a21bdae3d Fixed various scanbuild warnings. 2017-12-21 09:34:35 +01:00
Armin Novak
a376656b3c Disabled ceritficate signature check. 2017-11-21 11:37:42 +01:00
Armin Novak
4fe12b0ea3 Fix #4247: warnings introduced with #3904 2017-11-20 10:18:15 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
KOVACS Krisztian
c13c9035eb libfreerdp/core/certificate: open key file for reading only 
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
 2017-11-09 16:54:22 +01:00
David Fort
5115ecd948 Merge pull request #4063 from akallabeth/auth_fixes 
Fixed leaks, certificate comparison and channel context cleanup
 2017-08-30 10:19:12 +02:00
Bernhard Miklautz
52fbfb7b12 fix clang warnings, directly include wtypes.h (#4097) 
* build: clang use -Wno-unused-command-line-argument

With clang 5.0 builds are quite noisy otherwise.

* Directly include wtypes.h

Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
 2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262 fseeko and ftello for 64bit file support. 2017-08-14 08:42:49 +02:00
Armin Novak
c301f2d56a Fixed certificate check return. 2017-07-28 08:35:41 +02:00
Armin Novak
b51a103b70 Fixed uninitialized values. 2017-07-20 09:35:41 +02:00
Armin Novak
8292b4558f Fix TALOS issues 
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
 2017-07-20 09:28:47 +02:00
Norbert Federa
f71b6b46e8 fix string format specifiers 
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
 2016-12-16 13:48:43 +01:00
Bernhard Miklautz
00dae7c5ef Fix some spelling errors 
Fixes #3633
 2016-12-01 15:36:49 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
06da644007 Unified md5 functions. 2016-02-24 16:46:25 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials 
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
 2016-01-21 11:27:06 +01:00
Bernhard Miklautz
1cee185e3c hardening: check fread and fwrite return values 2015-06-26 20:38:30 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups 
* add missing checks
* adapt function return values where necessary
* add initial test for settings
 2015-06-22 19:09:59 +02:00
Martin Haimberger
951a2d2210 stream: check stream_new in winpr and libfreerdp 
also fixed a few things
 2015-05-29 04:46:50 -07:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Zhang Zhaolong
93ae1d997b core: fix double close on fp. 
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
 2015-03-13 11:21:12 +08:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Armin Novak
015bfeb897 Prettiefied WLog messages. 2015-01-20 11:08:41 +01:00
Armin Novak
bc963c43d8 Fixed double free. 2014-11-17 01:13:47 +01:00
Armin Novak
9ea898a3c2 Fixed memory leaks. 2014-11-17 01:07:07 +01:00
Marc-André Moreau
c4588fb14f libfreerdp-core: remove dependency on OPENSSL_Applink on Windows 2014-09-19 17:11:56 -04:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Armin Novak
b22b897389 Reformatted changed files. 2014-09-09 16:32:22 +02:00
Armin Novak
f8eae11bf3 Fixed calling of dump functions, updated API 2014-09-09 16:31:46 +02:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Hardening
e79c6b7d68 Treat OOM in GCC certificates 
This patch treats OOM cases and do a trivial cleanup
 2014-05-09 22:37:47 +02:00
Hardening
603a6378ff Fix null certificate that is not an error 2014-05-07 16:12:38 +02:00
Maks Naumov
e6d0a3b2a9 remove unneeded check 2014-04-08 22:48:17 +03:00
Maks Naumov
c230fae097 Make certificate_read_server_certificate() return BOOL 2014-04-08 19:23:06 +03:00
Hardening
ac7507ab8d Adds some check to treat OOM problems + RDP security fix 
Malloc can fail so it will, this patch adds some check in some places
where malloc/strdup results were not checked.

This patch also contains a server side fix for RDP security (credit to nfedera).
The signature len was badly set in the GCC packet. And some other RDP security
oriented fixes are also there.
 2014-03-25 23:13:08 +01:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Marc-André Moreau
fdf3ddcf9e freerdp: purge deprecated stream utils 2013-05-08 17:48:30 -04:00
Marc-André Moreau
fd230443c5 freerdp: purge old stream utils 2013-05-08 16:27:21 -04:00
Marc-André Moreau
5b92413843 freerdp: purge deprecated stream utils 2013-05-08 16:09:16 -04:00
Marc-André Moreau
51715636a5 freerdp: remove some deprecated stream utils 2013-04-29 22:35:15 -04:00
Hardening
7701c9d934 Replace printf(...) by fprintf(stderr, ...) 2013-03-28 23:06:34 +01:00
Marc-André Moreau
068f0de4d4 libfreerdp-utils: purge old file utils 2013-03-22 15:52:43 -04:00
Marc-André Moreau
a8201b0d1b libwinpr-utils: combine old and new stream utils 2013-03-21 15:19:33 -04:00
Marc-André Moreau
abca3f8c10 libfreerdp-core: fix check for null certificate 2013-01-25 13:47:56 -05:00
david
193622dada Dump licence content when reading fails 2013-01-19 15:28:07 +01:00
Marc-André Moreau
3f3d30cd4d Merge pull request #911 from hardening/hardening10 
Verbose message when processing fails
 2013-01-18 11:30:25 -08:00
Marc-André Moreau
af5ea0e7fc Merge pull request #910 from hardening/hardening9 
Fixed padding management when reading certificate
 2013-01-18 11:29:41 -08:00
rdp.effort
46e7d94bf8 Added error messages when orders processing fails 
Added a check for exponent_length
Added error messages for certificate parsing
 2013-01-18 14:36:49 +01:00