mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,282 Commits 6 Branches 74 Tags 84 MiB
a58129346d
Commit Graph

2356 Commits

Author SHA1 Message Date
akallabeth
a58129346d Fixed extended info packet alignment. 
(cherry picked from commit 03ebaf2dc1547c75f8693dd5087ce2e8dc17765a)
 2020-05-18 17:10:01 +02:00
akallabeth
4e24cca056 Fixed rdp_read_info_packet unaligned access and size checks 
(cherry picked from commit c75d08d70e878d35cd12ffac2aefcda405576092)
 2020-05-18 17:10:01 +02:00
akallabeth
f2d836cd94 Fixed memory leak in test 
(cherry picked from commit 2d630cccf7b1e566f99b74a224805fc25f85d6c1)
 2020-05-18 17:10:01 +02:00
akallabeth
1a11f129ab Fixed unaligned access 
(cherry picked from commit cb2ed7f09ad68242bfdfad8967024b063f785d97)
 2020-05-18 17:10:01 +02:00
akallabeth
47c456c39f Rewritten rdp_recv_logon_info_v2 to remove unaligned access 
(cherry picked from commit 66d182a84bed7bf19b6a99d71a4e4c7c6856f583)
 2020-05-18 17:10:01 +02:00
akallabeth
5cf27e3969 Rewritten check to satisfy BehaviouralSanitizer 
(cherry picked from commit 14829de866b43e7f2740b46f0c736b9adf5067eb)
 2020-05-18 17:10:01 +02:00
akallabeth
c060089a2b Refactored settings clone/free, extended tests 
(cherry picked from commit 773ad6e9791844ca3ccdc40d378a37fc0238ef0a)
 2020-05-18 17:10:01 +02:00
akallabeth
064a90c8b3 Fixed BehaviorSanitizer warnings 
(cherry picked from commit afdd81dab5c484ab95b977a0d71f3809c8fa89a3)
 2020-05-18 17:10:00 +02:00
Kobi Mizrachi
efecbf41a9 change use of strtok to strtok_s 
(cherry picked from commit 6013a96bff)
 2020-05-18 16:56:03 +02:00
akallabeth
2f75c4ac8d Ensure all NLA structs are freed up 
(cherry picked from commit 477ad675f3)
 2020-05-18 16:40:33 +02:00
akallabeth
5fc0ddeff5 Fixed #6156: Enforce synchronized encrypt count 
Old style RDP encryption uses a counter, synchronize this for
packets send from different threads.

(cherry picked from commit 873a9bef42)
 2020-05-18 16:38:42 +02:00
akallabeth
1178381809 Silence valgrind in rdp_read_header 
If a disconnect message is received, we returned success but did
not initialize the return arguments.

(cherry picked from commit b45336f51febb4c34b5bf33fdf8d63ce44fe9e99)
 2020-05-08 11:11:12 +02:00
Linus Heckemann
3c24e10bf3 shadow_server: allow specifying IP addresses to listen on (#6050) 
* shadow_server: allow specifying IP addresses to listen on

This allows using IPv6 as well as listening only on specific
interfaces. Additionally, it enables listening on local and TCP
sockets simultaneously.

* listener: log address with square brackets

This disambiguates IPv6 addresses.

* shadow_server: check error on each socket binding

* Refactored shadow /bind-address for 2.0 compiatibility.

* Made /ipc-socket and /bind-address incompatible arguments.

* Fixed shadow /bind-address handling and description

* Allow multiple bind addresses for shadow server.

Co-authored-by: akallabeth <akallabeth@posteo.net>
 2020-05-08 11:06:02 +02:00
akallabeth
0f266b5362 Fixed #6112: Segfault in update_decompress_brush 
The iterators need to be signed for the loop check to work.
 2020-05-05 07:46:10 +02:00
akallabeth
738d4bff00 Fixed oob read in update_recv 
properly use update_type_to_string to print update type.
Thanks to hac425 CVE-2020-11019
 2020-05-05 07:46:10 +02:00
akallabeth
f5b838de37 update_decompress_brush: explicit output length checks 
The output length was just assumed to be >= 256 bytes, with this
commit it is explicitly checked.
 2020-05-05 07:46:10 +02:00
akallabeth
09d0124418 Remove unnecessary cast. 2020-05-05 07:46:10 +02:00
akallabeth
a1a6790f99 Fixed oob read in irp_write and similar 2020-05-05 07:46:10 +02:00
Armin Novak
bc4615e5ed Added expert settings /tune and /tune-list 2020-05-05 07:46:10 +02:00
akallabeth
28e6c2e1d9 Fixed #6101: POINTER_LARGE_UPDATE serialization 
The length check and field sizes in _update_read_pointer_large
were off, corrected according to [MS-RDPBCGR] 2.2.9.1.2.1.11
Fast-Path Large Pointer Update (TS_FP_LARGEPOINTERATTRIBUTE)
 2020-04-28 14:03:19 +02:00
akallabeth
ccaad04876 Fix initialization of LargePointer flags 
Capability exchange is first reading server capabilities,
mask these with local settings and send only what both support.
 2020-04-28 14:03:19 +02:00
akallabeth
150343978d Fixed [MS-RDPBCGR] 2.2.9.1.1.4.4 Color Pointer Update 
The pointer size is limited to 32 pixel in width and height
unless LARGE_POINTER_FLAG_96x96 is set which increases the size
to 96 pixel.
 2020-04-28 14:03:19 +02:00
Armin Novak
4cfc5b25ef Fixed data type warnings 2020-04-28 14:03:19 +02:00
akallabeth
6c0aeb10d2 Allow icon info with empty bitmap data. 2020-04-09 18:00:51 +02:00
akallabeth
232c7f4783 Abort order read on invalid element count. 2020-04-09 18:00:51 +02:00
akallabeth
97efff4e90 Refactored order stream manipulation 
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
 2020-04-09 18:00:51 +02:00
akallabeth
17f547ae11 Fixed CVE-2020-11521: Out of bounds write in planar codec. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
907640a924 Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
192856cb59 Fixed #6012: CVE-2020-11526: Out of bounds read in update_recv_orders 
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
e6d10041c1 Fix #6033: freeaddrinfo must not be called with NULL arguments. 2020-04-09 14:26:46 +02:00
Norbert Federa
c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes 
Fix issues with boundary access.
 2020-04-06 13:53:28 +02:00
akallabeth
6f00add067 Export remaining packet length from rdp_read_share_control_header 2020-04-06 13:18:35 +02:00
akallabeth
0ad894adbc Fixed substream read in rdp_recv_tpkt_pdu 2020-04-06 11:58:48 +02:00
akallabeth
0533c05be3 Fixed rdp_recv_tpkt_pdu parsing, use substream. 2020-04-06 11:22:18 +02:00
akallabeth
df55f40ecf Fixed incorrect parser error message. 2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf Better error message for partial parsed capability 2020-04-03 15:10:49 +02:00
akallabeth
cba63b6d43 Added fallback to CMDTYPE_STREAM_SURFACE_BITS 
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
 2020-04-03 12:18:59 +02:00
akallabeth
88ad9ca56b Fix sending/receiving surface bits command. 
* Pass on proper command type to application
* On send let the server implementation decide to send
   2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
   2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
 2020-04-03 12:00:53 +02:00
akallabeth
2a379bfe09 Fixed invalid seek size in patrial pdu parse case 2020-04-02 17:41:49 +02:00
akallabeth
21320d973c Use safe seek for capability parsing 
thanks to @hardening for pointing that one out.
 2020-04-02 17:39:51 +02:00
akallabeth
ddfd0cdccf Use substreams to parse gcc_read_server_data_blocks 2020-04-02 17:39:43 +02:00
akallabeth
6b2bc41935 Fix #6010: Check length in read_icon_info 2020-04-02 17:34:02 +02:00
akallabeth
67c2aa52b2 Fixed #6013: Check new length is > 0 2020-04-02 17:33:54 +02:00
akallabeth
3627aaf7d2 Fixed #6011: Bounds check in rdp_read_font_capability_set 2020-04-02 17:28:17 +02:00
akallabeth
f8890a645c Fixed #6005: Bounds checks in update_read_bitmap_data 2020-04-02 17:28:10 +02:00
akallabeth
ed53cd148f Fixed #6006: bounds checks in update_read_synchronize 2020-04-02 17:28:04 +02:00
akallabeth
f5e73cc7c9 Fixed #6009: Bounds checks in autodetect_recv_bandwidth_measure_results 2020-04-02 17:27:59 +02:00
akallabeth
9301bfe730 Fixed #6007: Boundary checks in rdp_read_flow_control_pdu 2020-04-02 17:27:53 +02:00
akallabeth
bc33a50c5a Treat NULL and empty string as the same for credentials. 2020-03-24 12:34:35 +01:00
akallabeth
cf2f674283 Initialize KeyboardHook with define instead of magic number 2020-03-18 17:22:08 +01:00