Shadow server crash with rdp8.0 with gfx enabled.
Root Cause: rdp8.0 is not support in shadow gfx and rdpgfx_caps_advertise returns an error. However setChannelError crashs because context->errorDescription is NULL
1. Fix shadow gfx to handle rdp8.0
2. Initialize context->errorDescription for server side new-context
transport_write did not check if transport or bio are
set. The transport read checks it. In using fastpath
and for example a mouse input is sent, the transport
is never checked and can cause a segfault.
1. Fix stream leak in rdpgfx
2. Make src data const in zgfx. Harden zgfx to be independent to byte order
3. Fix written bytes return value in channel write
4. Add check for return value in shadow_client.c
5. Add gfx callback to send surface command with frame marker pdu.
6. Check remain length for recv subroutine
7. Fix compile errors
According to [MS-RDPBCGR 2.2.1.3.4.1 Channel Definition Structure]
the channel name must be an 8-byte array containing a null-terminated
collection of seven ANSI characters that uniquely identify the channel.
We did not check if the transmitted name was null-terminated which
could have the usual severe effects on stabiliy and security since
the channel name is used in several functions expecting a null-
terminated string (strlen, printf, etc.)
Compression doesn't work on big endian machines currently. The recieved
data are stored as little endian. Use conversion macros from endian.h to
load and store the data properly.
The patch fixes following error (so -compression option is no more needed
on big endian machines):
[06:42:14:782] [13772:13773] [ERROR][com.freerdp.core] - Decompression failure!
[06:42:14:782] [13772:13773] [ERROR][com.freerdp.core.fastpath] - bulk_decompress() failed
[06:42:14:782] [13772:13773] [ERROR][com.freerdp.core.fastpath] - fastpath_recv_update_data() fail
[06:42:14:782] [13772:13773] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
https://github.com/FreeRDP/FreeRDP/issues/2520
win32/msvc cc does not recognize the %z format specifier which caused
invalid references and segfaults on win32.
Until FreeRDP gets format specifier macros we'll cast size_t to
unsigned long and use the %lu specifier.
Also simplified winpr_backtrace_symbols() a little bit and fixed it
to allocate the correct amount of bytes for the return buffer.
Details: cbSecurityTrailer was assumed to be a fixed length for all signatures, however for Kerberos authentication the signature may generate smaller than this value
