If g_pInterface is set to NULL outside the critical section in one thread
while another thread is in the critical section, the channel client context
allocated in the VirtualChannelEntry won't end up getting freed.
The channel client context is normally loaded from g_pInterface in
FreeRDP_VirtualChannelInit and stored in the pChannelInitData, then copied
from there onto the pChannelOpenData structure in FreeRDP_VirtualChannelOpen
and finally freed in freerdp_channels_free.
When the event is reset in transport_check_fds xfreerdp doesn't work and
consumes 100% CPU (see #2790). On windows this is require otherwise the
CPU consumption is 100% there.
This quick fix only resets the event on windows. It's a working approach
but definitely not the final solution.
The rdpContext gets an event which will
get set if an error occoured in a channel.
If a thread or a void callback has to report an
error it will get signaled by this system.
winsock.h pulls in a lot of defines and dependencies that are not
required and partially unwanted in winpr's core (for parts that are not
related to network). In order to get rid of this dependency and have an
independent defines for extended winpr functions the WINPR_FD_* defines
are used internally (and for exposed functions). Where required, like in
WSAEventSelect, the FD_* is mapped to WINPR_FD_*.
The token buffer size during authentication was constructed
from the wrong buffer size. These sizes are equal in case of
local account logins but differ with domain accounts.
When using NULL credentials (current context)
the server state machine did not send back the
required authentication token.
On client side erroneous checks prevented sending
the appropriate public key.
From MSDN, it looks same as CreateEvent(NULL, FALSE, FALSE, NULL):
The WSACreateEvent function creates a manual-reset event object with an initial state of nonsignaled. The event object is unnamed.
However they are not really equivalent. When we use normal event, the WSAEventSelect still works but the event appears to be 'auto-reset'.
This patch contains:
* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
rdp_recv_message_channel_pdu always read the rdp security header
even if it was already previously read (which is the case if rdp
security is active)
This caused malfunctions and disconnects when heartbeat or bandwidth
autodetect packets were sent/received in rdp security mode.
Credit goes to @MartinHaimberger for identifying the broken code
part.
- handle WAIT_TIMEOUT result as error in async transport thread
if an INFINITE timeout was specified in WaitForMultipleObjects
- fix mfreerdp's async transport handling to not use
freerdp_get_event_handles/freerdp_check_event_handles if async
transport is activated
1)
Added missing checks for CreateEvent which also required the
following related changes:
- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL
2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.
3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.
4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers
5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
* top level GDI functions return 0 on error and != 0 otherwise but the
low level functions (16bpp.c, 8bpp.c 32bpp.c) which are called did it
exactly the other way around. Those were adapted.
* change gdi_InvalidateRegion to BOOL and check calls where appropriate
* integrate comments from pull request
Now using nCount as in and out argument.
When called, set nCount to the number of available handles.
This value is checked and an error returned, if not enough
handles are available.
* Though not frequent, it's possible to get TsProxySetupReceivePipe
data of stublength 4 that is actual data. This happens when
header->common.call_id == rpc->PipeCallId &&
!(header->common.pfc_flags & PFC_LAST_FRAG).
This should address GW disconnects that manifest as SSL read errors.
Change the return type of Stream_Ensure*Capacity from void to BOOL to be
able to detect realloc problems easily. Otherwise the only way to detect
this was to check if the capacity after the call was >= the required
size.
In case Stream_Ensure*Capacity fails the old memory is still available
and need to freed outside.
This commit also adds checks to most calls of Stream_Ensure*Capacity to
check if the call was successful.
The X.224 Connection Request PDU might contain an optional cookie or
routing token before the optional RDP Negotiation Request (rdpNegReq).
If present, both of these fields must be terminated by a 0x0D0A
two-byte sequence. It seems that until now FreeRDP has incorrectly
assumed that a token or cookie must always be present.
If that was not the case, FreeRDP was searching for 0x0D0A until it
arrived at the end of the stream which prevented the remaining data
(RDP Negotiation Request, RDP Correlation Info) from being parsed.
Small cleanup of passing around decorations flag.
Limit PercentScreen to single monitor vs. entire desktop. IMO - this is better behavior in a multimonitor environment.
Handle fullscreen windows better:
1. Ensure that size hints are set to allow resizing before setting a window to fullscreen as some window managers do not behave properly.
2. Handle fullscreen toggles without destroying and recreating window.
3. Use NET_WM_STATE_FULLSCREEN Extended Window Manager Hint for fullscreen functionality
4. Use the NET_WM_FULLSCREEN_MONITORS Extended Window Manager Hint when appropriate
5. When a single monitor fullscreen is requested - use the current monitor(as determined from mouse location)
6. Handle cases where there is no local monitor at coordinate 0,0. The Windows server expect there to be a monitor at this location, so we maintain offset if necessary between our local primary monitor and the server side primary monitor located at 0,0.
Situation: we have fragmented TPKT PDU without two last bytes
(or one last byte - for fast-path) in network stack.
First call to transport_read_pdu() works normally, read
available bytes and exit with status 0 - no whole PDU readed.
Before second call this missed bytes arrive.
Optionally with next PDU.
In second call header parsing code unconditionally read this
two bytes(one byte) despite this is not header bytes.
And increase stream position, so stream now contains whole PDU.
This cause (pduLength - Stream_GetPosition(s)) calculation to be 0.
So transport_read_layer_bytes()-->transport_read_layer() return 0
and transport_read_pdu() exits with "not enough data is available"
status.
If next PDU isn't available next calls to transport_read_pdu()
give same result.
If next PDU arrive - (pduLength - Stream_GetPosition(s)) will be
less than 0. Stream position will grow, grow and grow on each call.
And transport_read_pdu() never signals that PDU is readed.
Caught on Android FreeRDP client with high RDP traffic (several MBytes/s).
Keepalive settings are usually (depending on the implementation) only
used if the TCP connection is idle.
If the network is interrupted/disconnected/... click or keyboard input
generates outgoing traffic therefore the connection isn't idle
anymore and keepalives might not be used causing the connection to
stay open and the client to stall.
Linux 2.6.36 added a TCP_USER_TIMEOUT TCP socket option that lets a
program specify the maximum time transmitted data may remain
unacknowledged before TCP will close the corresponding connection with
ETIMEDOUT.
Setting TCP_USER_TIMEOUT allows us to detect a network problem (like
cable disconnect) even if the connection isn't idle.
refreshRectSupport and suppressOutputSupport of the General
Capability Set (MS-RDPBCGR 2.2.7.1.1) are server-only flags
that indicate whether the Refresh Rect or Suppress Output
PDUs are supported by the server.
Therefore in rdp_read_general_capability_set() we must only
change the respective settings if we are not in server mode.
WTSStartRemoteControlSession doesn't allow to specify additional flags
therefore add a new extended version WTSStartRemoteControlSessionEx
with an additional "flags" parameter.
The following flags are defined:
REMOTECONTROL_FLAG_DISABLE_KEYBOARD - disable keyboard input
REMOTECONTROL_FLAG_DISABLE_MOUSE - disable mouse input
REMOTECONTROL_FLAG_DISABLE_INPUT - disable input (keyboard and mouse)
This patch fixes a bug with mstsc connecting to a RDP security only FreeRDP server.
It seems like the mstsc shipped with Windows Seven considers packets after the nego_failure
packet as an error. So after trying to do TLS, depending on the timing, mstsc can print an
error message instead of retrying to connect with RDP security. With this patch, we
don't send the MCS disconnect message when the negociation has failed.
Before this patch, RDP security was (wrongly) the fallback when negociating a
security protocol between the client and the server. For example when a client
was claiming TLS-only when connecting to a FreeRDP based-server with RDP security only,
the result of the negociation was that the server started to do RDP security.
The expected behaviour is to send a nego failure packet with error code
SSL_NOT_ALLOWED_BY_SERVER. This patch fixes this.
We also try to handle all cases of failed negociation and return the corresponding
error code.
