Commit Graph

4076 Commits

Author SHA1 Message Date
akallabeth
c81feb36b0 Refactored freerdp_image_copy_from_pointer_data
Split monochrome and color pointer handling to separate functions.
2020-04-22 14:21:47 +02:00
akallabeth
0a86090ff1 Fix initialization of LargePointer flags
Capability exchange is first reading server capabilities,
mask these with local settings and send only what both support.
2020-04-22 11:10:56 +02:00
akallabeth
a75280300a Fixed [MS-RDPBCGR] 2.2.9.1.1.4.4 Color Pointer Update
The pointer size is limited to 32 pixel in width and height
unless LARGE_POINTER_FLAG_96x96 is set which increases the size
to 96 pixel.
2020-04-22 11:10:56 +02:00
David Fort
7733fe7a8a
Merge pull request #6060 from akallabeth/warnings
Fix some compiler warnings
2020-04-16 10:54:43 +02:00
Raul Fernandes
971be4fe9b Cache the calculated color
In desktop area, the next color has high odds to be the same of previous color.
If we cache the value, it can be reused by the next pixel avoiding recalculation.
This optimization can halve the function's processing.
2020-04-15 13:25:52 +02:00
Martin Fleisz
9e1b2eb42e
Merge pull request #6081 from akallabeth/disable_spincount
Disable spincount
2020-04-15 13:24:26 +02:00
akallabeth
1a4f0badf7 Moved PROGRESSIVE_BLOCK_REGION to heap. 2020-04-14 18:27:05 +02:00
Armin Novak
9445552ecc Fixed #6067: Better CMake warning for deactivated image scaling 2020-04-13 09:56:19 +02:00
Armin Novak
24bd601f8d Fixed data type warnings 2020-04-11 09:43:14 +02:00
Armin Novak
ebf44f80eb Fixed format string warnings. 2020-04-11 09:43:01 +02:00
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
akallabeth
a9daba0190 Check for int overflow in gdi_InvalidateRegion 2020-04-09 18:00:51 +02:00
akallabeth
6c0aeb10d2 Allow icon info with empty bitmap data. 2020-04-09 18:00:51 +02:00
akallabeth
232c7f4783 Abort order read on invalid element count. 2020-04-09 18:00:51 +02:00
akallabeth
acc6023643 Fixed possible NULL access. 2020-04-09 18:00:51 +02:00
akallabeth
a3996af062 Refactored gdi region
* Added a unit test
* Fixed const correctness of function arguments
* Added return values for all functions
2020-04-09 18:00:51 +02:00
akallabeth
b677b5db25 Proper error return from gdi_rect_str and gdi_regn_str 2020-04-09 18:00:51 +02:00
akallabeth
97efff4e90 Refactored order stream manipulation
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
2020-04-09 18:00:51 +02:00
akallabeth
17f547ae11 Fixed CVE-2020-11521: Out of bounds write in planar codec.
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
907640a924 Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45.
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
7b1d4b4939 Fix CVE-2020-11524: out of bounds access in interleaved
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
e075f348d2 Added debug logging and claping to all region functions 2020-04-09 18:00:51 +02:00
akallabeth
ce21b9d7ec Fix CVE-2020-11523: clamp invalid rectangles to size 0
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
192856cb59 Fixed #6012: CVE-2020-11526: Out of bounds read in update_recv_orders
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
0b6b92a25a Fixed CVE-2020-11525: Out of bounds read in bitmap_cache_new
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
e6d10041c1 Fix #6033: freeaddrinfo must not be called with NULL arguments. 2020-04-09 14:26:46 +02:00
Norbert Federa
c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes
Fix issues with boundary access.
2020-04-06 13:53:28 +02:00
akallabeth
6f00add067 Export remaining packet length from rdp_read_share_control_header 2020-04-06 13:18:35 +02:00
akallabeth
0ad894adbc Fixed substream read in rdp_recv_tpkt_pdu 2020-04-06 11:58:48 +02:00
akallabeth
0533c05be3 Fixed rdp_recv_tpkt_pdu parsing, use substream. 2020-04-06 11:22:18 +02:00
akallabeth
df55f40ecf Fixed incorrect parser error message. 2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf Better error message for partial parsed capability 2020-04-03 15:10:49 +02:00
akallabeth
cba63b6d43 Added fallback to CMDTYPE_STREAM_SURFACE_BITS
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
2020-04-03 12:18:59 +02:00
akallabeth
88ad9ca56b Fix sending/receiving surface bits command.
* Pass on proper command type to application
* On send let the server implementation decide to send
   2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
   2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
2020-04-03 12:00:53 +02:00
akallabeth
2a379bfe09 Fixed invalid seek size in patrial pdu parse case 2020-04-02 17:41:49 +02:00
akallabeth
21320d973c Use safe seek for capability parsing
thanks to @hardening for pointing that one out.
2020-04-02 17:39:51 +02:00
akallabeth
ddfd0cdccf Use substreams to parse gcc_read_server_data_blocks 2020-04-02 17:39:43 +02:00
akallabeth
6b2bc41935 Fix #6010: Check length in read_icon_info 2020-04-02 17:34:02 +02:00
akallabeth
67c2aa52b2 Fixed #6013: Check new length is > 0 2020-04-02 17:33:54 +02:00
akallabeth
3627aaf7d2 Fixed #6011: Bounds check in rdp_read_font_capability_set 2020-04-02 17:28:17 +02:00
akallabeth
f8890a645c Fixed #6005: Bounds checks in update_read_bitmap_data 2020-04-02 17:28:10 +02:00
akallabeth
ed53cd148f Fixed #6006: bounds checks in update_read_synchronize 2020-04-02 17:28:04 +02:00
akallabeth
f5e73cc7c9 Fixed #6009: Bounds checks in autodetect_recv_bandwidth_measure_results 2020-04-02 17:27:59 +02:00
akallabeth
9301bfe730 Fixed #6007: Boundary checks in rdp_read_flow_control_pdu 2020-04-02 17:27:53 +02:00
akallabeth
58dc36b3c8 Fixed possible NULL dereference 2020-04-02 17:27:10 +02:00
akallabeth
bc33a50c5a Treat NULL and empty string as the same for credentials. 2020-03-24 12:34:35 +01:00
akallabeth
cf2f674283 Initialize KeyboardHook with define instead of magic number 2020-03-18 17:22:08 +01:00
Armin Novak
4216646746 Fixed length checks for compressed rdp data. 2020-03-10 14:05:10 +01:00
Armin Novak
297ad536a2 Cleaned up bulk_compress/decompress, prettified log. 2020-03-10 14:05:10 +01:00
Armin Novak
49b17e4e03 Refactored bulk compression
* Arguments now opaque
* Removed internal functions from external interface
2020-03-10 14:05:10 +01:00