Brent Collins
d98b88642b
Add new command-line option to force xfreerdp into a fips compliant mode.
...
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.
Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.
Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.
Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.
Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
bd7e4cd35a
Fixed uninitialized variables.
2017-11-15 15:56:25 +01:00
Armin Novak
032c0164d1
Fixed missing error check.
2017-11-15 15:56:25 +01:00
Armin Novak
99f6c27488
Fixed uninitialized arguments.
2017-11-15 15:56:25 +01:00
Armin Novak
4eb5b8e349
Replaced atoi
2017-11-15 15:52:16 +01:00
David Fort
7bbc3cb8b7
Fix logic in nla_read_ts_credentials
2017-11-13 16:20:57 +01:00
dodo040
e0a9999fb2
fix: GSS API init, enterprise name management, variable names and format code
2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305
fix undefined symbol references at linking stage
2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e
initial commit for kerberos support
2017-11-13 16:20:55 +01:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect
...
core/connection: use redirection password when reconnecting
2017-11-10 09:32:39 +01:00
KOVACS Krisztian
c13c9035eb
libfreerdp/core/certificate: open key file for reading only
...
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
2017-11-09 16:54:22 +01:00
KOVACS Krisztian
70c65e70d1
core/connection: use redirection password when reconnecting
...
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.
Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
2017-11-09 14:46:38 +01:00
Martin Fleisz
d5344c3396
Merge pull request #4219 from akallabeth/various_fixes
...
Various fixes
2017-11-09 09:37:18 +01:00
Martin Fleisz
ed1934cafe
Merge pull request #4211 from akallabeth/silence_duplicate_warnings
...
Silence WLog_ERR messages if last error is set.
2017-11-08 13:34:26 +01:00
Armin Novak
b86c0ba548
Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED
2017-11-08 11:32:34 +01:00
David Fort
b216e91cdd
Merge pull request #4210 from akallabeth/nla_errors_extended
...
Added additional NLA error mappings.
2017-11-06 14:23:50 +01:00
Armin Novak
ce00f4dd8f
Silence WLog_ERR messages if last error is set.
2017-11-06 14:02:22 +01:00
akallabeth
e7b8833e9e
Merge pull request #4187 from hardening/multimon_fix
...
Multimonitor fix
2017-11-06 10:02:07 +01:00
Armin Novak
7a73a0eb1b
Added additional NLA error mappings.
2017-11-06 09:49:03 +01:00
Youness Alaoui
02e4f1f256
Do not delete the listener socket right after creating it.
...
The listener server socket file needs to be deleted before we bind it
otherwise it's an "address already in use" error. But it was getting
deleted after the bind, causing the file to disappear, and preventing
anyone from connecting to the listener socket since the socket stops
existing.
This is caused by commit 884e87fde4
2017-10-27 15:01:29 -04:00
Armin Novak
367bddd7ad
Added better error mapping for NEGO results.
2017-10-25 09:58:13 +02:00
David Fort
f90fe19fc7
multimon: correctly set the primary monitor
...
According to the spec the primary monitor is supposed to be in (0,0) and other monitors
to be given relative to this one.
2017-10-17 14:07:23 +02:00
David Fort
a132922376
Add checks for DR channel
2017-10-04 10:30:47 +02:00
akallabeth
e6d66d9d81
Merge pull request #4154 from hardening/misc_fixes
...
Fix raw surfaces displaying + misc other changes
2017-09-27 14:56:21 +02:00
Bernhard Miklautz
15c7cb8cb2
Enable clipboard channel per default
2017-09-27 09:45:07 +02:00
David Fort
ddca8f3a3b
Check return value of malloc
2017-09-26 13:56:08 +02:00
Armin Novak
9f26f73709
Added delay for connect abort
...
The connection abort must be called after freerdp_connect.
Ensure that this function is already running by waiting
a second.
2017-09-26 12:05:24 +02:00
Armin Novak
ef9444bd35
TestConnect: Extend timeout, only listen locally
2017-09-26 10:59:34 +02:00
Armin Novak
ac454628ae
Fixed TestConnect with dynamic channels.
2017-09-25 13:34:00 +02:00
Armin Novak
884e87fde4
Unlink file after binding to it.
...
When unlinking the file before binding, a new entry is created
in the file system after binding. This is not desireable, so
unlink it after binding to remove the temporary file after the process
closes.
2017-09-25 10:35:24 +02:00
Jukka-Pekka Virtanen
ad1425e145
Using PasswordIsSmartcardPin option when sending TS_INFO_PACKET
2017-09-23 14:28:17 +02:00
David Fort
b587daa416
Merge pull request #4136 from tditsch/master
...
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
2017-09-22 09:52:27 +02:00
Armin Novak
bdae339268
Check and invalidate handles on free.
2017-09-19 12:36:13 +02:00
tditsch
a16d9a2ade
refactored Bugfix
2017-09-19 10:18:41 +02:00
tditsch
feca6d9750
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
2017-09-18 17:29:16 +02:00
Ondrej Holy
9cccd4888d
orders: Fix OFFSCREEN_DELETE_LIST allocation size
...
The size of OFFSCREEN_DELETE_LIST list allocation was incorrectly changed
by commit 99b1481
and consequently fixed incorrectly by commit 8a0fe086
.
Let's count the allocation size based on new size and not based on current
size in order to prevent some memory issues.
https://github.com/FreeRDP/FreeRDP/issues/4117
2017-09-07 09:38:44 +02:00
Ondrej Holy
048e7f264b
orders: Fix ORDER_TYPE_GDIPLUS_END check
...
Commit 6fd03ab
introduced security checks for orders, but
ORDER_TYPE_GDIPLUS_END check fails in case of success and vice versa.
Let's add the missing question mark.
https://github.com/FreeRDP/FreeRDP/issues/4117
2017-09-07 09:38:44 +02:00
David Fort
5115ecd948
Merge pull request #4063 from akallabeth/auth_fixes
...
Fixed leaks, certificate comparison and channel context cleanup
2017-08-30 10:19:12 +02:00
Bernhard Miklautz
52fbfb7b12
fix clang warnings, directly include wtypes.h ( #4097 )
...
* build: clang use -Wno-unused-command-line-argument
With clang 5.0 builds are quite noisy otherwise.
* Directly include wtypes.h
Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.
* fix build warnings with clang 5
clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality
* fix build warnings with clang 5
clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare
* fix build warnings with clang 5
clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262
fseeko and ftello for 64bit file support.
2017-08-14 08:42:49 +02:00
David Fort
b29658a859
Merge pull request #4066 from akallabeth/input_event_fixes
...
Fixed capability checks for mouse and unicode input.
2017-08-02 11:25:08 +02:00
David Fort
c84065f40c
Merge pull request #4069 from yurashek/master
...
Build on Solaris
2017-08-02 09:53:38 +02:00
Armin Novak
d2d621106d
Fixed capability checks for mouse and unicode input.
2017-07-31 12:30:35 +02:00
Armin Novak
523a881663
Channels with a context must free it themselves.
2017-07-28 08:39:51 +02:00
Armin Novak
11fa9f6753
Free credentials on exit.
2017-07-28 08:39:49 +02:00
Armin Novak
b0411d4faa
Unexported internal NLA functions.
2017-07-28 08:38:07 +02:00
Armin Novak
c301f2d56a
Fixed certificate check return.
2017-07-28 08:35:41 +02:00
Armin Novak
ceda244165
Fixed uninitialized values and leaks.
2017-07-28 08:35:31 +02:00
Armin Novak
dd4b5ea126
Disable JPEG codec support if not compiled in.
2017-07-24 15:23:36 +02:00
Armin Novak
b51a103b70
Fixed uninitialized values.
2017-07-20 09:35:41 +02:00
Armin Novak
8b9e3fa51e
Fixed use of reserved keywords for include guards.
2017-07-20 09:35:41 +02:00
Armin Novak
0490aeb018
Fixed clang malloc integer overflow warnings.
2017-07-20 09:29:48 +02:00
Armin Novak
8292b4558f
Fix TALOS issues
...
Fix the following issues identified by the CISCO TALOS project:
* TALOS-2017-0336 CVE-2017-2834
* TALOS-2017-0337 CVE-2017-2834
* TALOS-2017-0338 CVE-2017-2836
* TALOS-2017-0339 CVE-2017-2837
* TALOS-2017-0340 CVE-2017-2838
* TALOS-2017-0341 CVE-2017-2839
2017-07-20 09:28:47 +02:00
Armin Novak
96d53933d2
Deactivated all H264 related code paths.
2017-07-17 10:39:08 +02:00
Norbert Federa
36b8f54c5e
Fixed a few compiler warnings
2017-07-10 17:52:05 +02:00
Bernhard Miklautz
e7cd3250c3
Fix a regression introduced with PR #4013
...
If numWindowRects/numVisibilityRects is zero a realloc might either
return NULL or a free able memory. In the first case the introduced
regression caused a double free.
As 0 is a possible value that can be received in both cases rail was
broken.
Fixes #4022
2017-06-29 11:28:03 +02:00
weizhenwei
ef540ee2df
code format adjustment
2017-06-23 09:50:56 +08:00
weizhenwei
5d8d3b53c5
remove redundant NULL pointer check
2017-06-23 09:44:40 +08:00
weizhenwei
3b52a60d31
remove useless NULL pointer check before free
2017-06-23 09:21:16 +08:00
weizhenwei
61b24bf0b3
add NULL pointer check and set freed pointers to NULL afterward
2017-06-22 17:53:51 +08:00
weizhenwei
fa1c65b656
refactor to remove duplicate code and replace free+malloc with realloc
2017-06-22 10:21:20 +08:00
weizhenwei
2d56e22e9e
refactor on redundant code copy
2017-06-21 22:07:07 +08:00
weizhenwei
d77802d5e9
fix memroy leak of window_icon->iconInfo at update_read_window_icon_order()
2017-06-21 15:26:28 +08:00
weizhenwei
2f96df25fa
fix memory leak at update->window->window_state.windowRects/visibilityRects at update_read_window_state_order()
2017-06-21 15:26:28 +08:00
weizhenwei
5c19318ab5
fix memory leak at update->window->window_state.titleInfo.string at update_read_window_state_order()
2017-06-21 15:26:28 +08:00
weizhenwei
6a43fdc71a
code clean on free(update->window->monitored_desktop.windowIds);
2017-06-21 15:26:27 +08:00
weizhenwei
63c81517b7
fix memory leak on update->window->monitored_desktop.windowIds which is realloced at update_read_desktop_actively_monitored_order()
2017-06-21 15:26:27 +08:00
Armin Novak
22f1fbe3d2
Fixed missing external declaration ( #3982 )
2017-05-31 11:44:33 +02:00
Jura Sasek
4edb5cf7e6
Build for Solaris
2017-05-24 04:27:01 -07:00
David Fort
b92a789dfd
Merge pull request #3963 from akallabeth/qoe_ack
...
Added client RDPGFX_QOE_FRAME_ACKNOWLEDGE_PDU
2017-05-22 11:10:03 +02:00
David Fort
ee8ae987bf
Merge pull request #3967 from akallabeth/sec_encrypt_fix
...
SEC_ENCRYPT check in rdp_client_connect_auto_detect
2017-05-22 11:08:32 +02:00
davewheel
4bfb4dddbf
Add a callback to provide NTLM hashes on server-side
...
Adds a callback that allows servers to compute NTLM hashes by themselves. The typical
use of this callback is to provide a function that gives precomputed hash values.
Sponsored by: Wheel Systems (http://www.wheelsystems.com )
2017-05-18 14:24:24 +02:00
Armin Novak
f414522b7a
Added setting for QoeAck.
2017-05-18 14:07:09 +02:00
Armin Novak
8904c15cc9
Fixed missing state reset.
2017-05-17 15:58:44 +02:00
Armin Novak
8c52dcbdc2
SEC_ENCRYPT check in rdp_client_connect_auto_detect
...
Fix by @wizwizaco for #3951
2017-05-15 13:10:10 +02:00
David Fort
17a4e95a5b
Drop some annoying warning
...
Probably that some unused functions should be removed, but at least it makes
it compile with no warnings.
2017-05-12 13:54:16 +02:00
Armin Novak
b1d631f1e5
Added support for Set Keyboard IME Status
2017-05-12 09:43:58 +02:00
Armin Novak
09d43a66f4
Fixed tests and dead store warnings.
2017-03-28 16:49:56 +02:00
Armin Novak
9f9254504e
Fixed leak of client random.
2017-03-28 14:33:02 +02:00
Armin Novak
d46d0c3d4a
Fixed invalid return from xf_rail_window_icon
2017-03-28 11:47:46 +02:00
David Fort
b0b3a78a20
Store client_random in server mode
...
We need the client_random in server mode when the client does RDP security and
tries to reconnect using the cookie.
2017-03-21 10:32:17 +01:00
David Fort
716eab2405
Add more RAIL option flags
2017-03-10 10:36:26 +01:00
David Fort
7b61dbdd0f
Don't forget to send the RAIL capabilities in server mode
2017-03-09 23:15:49 +01:00
Norbert Federa
f77b4a57dc
Merge pull request #3796 from akallabeth/scan_warning_fixes_v2
...
Scan warning fixes v2
2017-03-03 14:41:11 +01:00
Armin Novak
88b6ff00d9
Fixed argument checks, formatting.
2017-03-03 14:11:28 +01:00
Armin Novak
99c45405cb
Fixed GetEnvironmentVariable.
2017-03-03 12:43:00 +01:00
Armin Novak
b2c29158be
Scanbuild warning, argument checks and leak fixes.
...
* Added Stream_GetRemainingCapacity to check remaining stream size
before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
2017-03-02 18:13:43 +01:00
Armin Novak
d119745d97
String representation of logon_error_info
2017-03-02 18:09:51 +01:00
David Fort
815c97efb2
The LongCredentials capability were not parsed or used
2017-03-02 00:39:08 +01:00
David Fort
67607ce916
Take in account and set the LogonNotify flag
...
This flag was not read in the server case and was always sent in the
case of a client.
2017-03-02 00:29:48 +01:00
David Fort
5bb7a05026
Merge pull request #3823 from akallabeth/ssl_error_check_fix
...
Fixed SSL error checks in transport_ssl_cb
2017-03-01 11:21:41 +01:00
Armin Novak
e455cc1745
Fixed SSL error checks in transport_ssl_cb
...
Fix error define use. The callback is called from
ssl3_dispatch_alert or dtls1_dispatch_alert where the alert define
is left shifted by 8. Additionally ignore close notifcation. (#3814 )
2017-03-01 10:46:00 +01:00
Armin Novak
b11de26f98
Fixed GetComputerNameExA return checks.
2017-02-27 11:49:53 +01:00
akallabeth
8a22052b61
Fixed memory leaks.
2017-02-25 08:35:37 +01:00
akallabeth
705c0c1e12
Fixed GetComputerNameExA calls. #3815
2017-02-24 21:58:08 +01:00
Norbert Federa
689d2696d2
Merge pull request #3800 from mfleisz/channel_fixes
...
Cleanup channel structs in channels_close to allow instance reuse
2017-02-24 13:25:52 +01:00
akallabeth
7ce1dd0a6c
Merge pull request #3791 from akallabeth/kerberos
...
Kerberos (Rebased #3417 )
2017-02-23 13:46:34 +01:00
Armin Novak
b905e0c26d
Fixed initialisation of kerberos context.
2017-02-23 11:06:47 +01:00
Martin Fleisz
eeae688ed3
core: Cleanup channel structs in close to allow instance reuse
2017-02-22 13:45:25 +01:00
Armin Novak
70baa6fe26
Added additional connect errors.
2017-02-22 09:50:59 +01:00