mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14,566 Commits 6 Branches 74 Tags 84 MiB
e18597f5eb
Commit Graph

4190 Commits

Author SHA1 Message Date
akallabeth
6ade7b4cbf Fixed OOB Read in license_read_new_or_upgrade_license_packet 
CVE-2020-11099 thanks to @antonio-morales for finding this.
 2020-06-22 11:51:38 +02:00
Armin Novak
0d80353bf3 Added missing SECBUFFER_READONLY flag in rpc_client_write_call 2020-06-19 11:31:13 +02:00
Armin Novak
ff79636d33 TSG improvements 
* Respect connection timeout during connect
* Better debug output
* Cleaned up data types,
 2020-06-19 11:31:13 +02:00
Martin Fleisz
cf7b9ca055 Fix usage of DsMakeSpn with IP address hostnames 2020-06-15 15:38:54 +02:00
akallabeth
733026dada Fixed #6267: adjust write_pixel_16 endian handling 2020-06-08 15:10:24 +02:00
Ondrej Holy
230d83b319 gdi: Fix missing unlock 
This fixes the following defect reported by covscan tool:
libfreerdp/gdi/gfx.c:144: missing_unlock: Returning without unlocking "update->mux".
 2020-06-04 07:55:12 +02:00
Armin Novak
44cf91be37 Fixed #6245: Added additional tests to assistance parser 2020-06-02 13:36:03 +02:00
akallabeth
6490106600 Lock remaining occurances of security_encrypt/security_decrypt variables 2020-06-02 13:31:17 +02:00
akallabeth
a381dd1a27 Lock security_decrypt to avoid simultaneous counter manipulation 2020-06-02 13:31:17 +02:00
akallabeth
a4e95f8e65 Reformatted to satisfy clang-format 2020-05-20 15:32:50 +02:00
akallabeth
354bb7d6ae Fixed some more resource cleanup leaks in nla 2020-05-20 15:10:08 +02:00
akallabeth
d57143f19e Renamed variable to avoid MSVC define collission 2020-05-20 15:10:08 +02:00
akallabeth
1e5bf45b1e Ensure buffers are NULL before reuse in NLA 2020-05-20 15:10:08 +02:00
akallabeth
58ef235bc5 Removed unused variable warnings 2020-05-20 15:10:07 +02:00
akallabeth
fe3e7eaa34 Fixed GHSL-2020-101 missing NULL check 2020-05-20 15:10:07 +02:00
akallabeth
d936402878 Fixed GHSL-2020-102 heap overflow 2020-05-20 15:10:07 +02:00
akallabeth
489cb26ac3 Fixed multiple sanitizer errors in codecs 2020-05-20 15:10:07 +02:00
akallabeth
6e59d9597c Fixed history buffer reset. 2020-05-20 15:10:07 +02:00
akallabeth
a71c96d86f Fixed extended info packet alignment. 2020-05-20 15:10:07 +02:00
akallabeth
e3fdf4b588 Fixed rdp_read_info_packet unaligned access and size checks 2020-05-20 15:10:07 +02:00
akallabeth
55b7fc50e0 Fixed memory leak in test 2020-05-20 15:10:07 +02:00
akallabeth
1d21585fa4 Fixed unaligned access 2020-05-20 15:10:07 +02:00
akallabeth
57ad88fd82 Rewritten rdp_recv_logon_info_v2 to remove unaligned access 2020-05-20 15:10:07 +02:00
akallabeth
c3c1f76da5 Rewritten check to satisfy BehaviouralSanitizer 2020-05-20 15:10:07 +02:00
akallabeth
ae5a30438e Fixed undefined behaviour 2020-05-20 15:10:07 +02:00
akallabeth
a139caf73a Fixed undefined behaviour in primitives shift 2020-05-20 15:10:07 +02:00
akallabeth
9b0b47496f Fixed undefined behaviour in ncrush 2020-05-20 15:10:07 +02:00
akallabeth
a1dd25e219 Fixed undefined behaviour in rfx decoder 2020-05-20 15:10:07 +02:00
akallabeth
ee160fc414 Fixed UndefinedBehaviour in planar left shift 2020-05-20 15:10:07 +02:00
akallabeth
319afb082b Refactored settings clone/free, extended tests 2020-05-20 15:10:07 +02:00
akallabeth
722790f4ca Always require aligned memory for interleaved codec. 2020-05-20 15:10:07 +02:00
akallabeth
2973ec6f1c Fixed BehaviorSanitizer warnings 2020-05-20 15:10:07 +02:00
Armin Novak
d1d8586374 Fixed #6200: Arraysize check 2020-05-20 15:02:24 +02:00
Armin Novak
0195de02f5 Fixed #6199: Reading version information in tsg 2020-05-20 15:02:24 +02:00
Kobi
6c151ee15c
Merge pull request #6193 from kubistika/proxy_fixes_ 
server: proxy: code refactor
 2020-05-20 15:58:36 +03:00
akallabeth
6a2785e359 Abort on first possible certificate validation error 
Only retry certificate validation if the purpose was wrong.
 2020-05-20 14:48:15 +02:00
Kobi Mizrachi
8d72051ab1 codec: fix typo in progressive codec log 2020-05-20 10:31:51 +03:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
Kobi Mizrachi
fddda159d9 change use of strtok to strtok_s 2020-05-18 11:08:20 +02:00
Vladyslav Hordiienko
f79bb517c1 improve RFX DWT algorithm 
merge multiple loops into the one loop for vertical DWT inverse
 2020-05-18 10:56:40 +02:00
akallabeth
5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth
a1f2c1e161 Fixed #6156: Enforce synchronized encrypt count 
Old style RDP encryption uses a counter, synchronize this for
packets send from different threads.
 2020-05-12 15:34:57 +02:00
akallabeth
477ad675f3 Ensure all NLA structs are freed up 2020-05-12 09:09:36 +02:00
akallabeth
daf4e11324 Silence valgrind in rdp_read_header 
If a disconnect message is received, we returned success but did
not initialize the return arguments.
 2020-05-08 11:04:03 +02:00
akallabeth
a73adecaf4 Fixed #6112: Segfault in update_decompress_brush 
The iterators need to be signed for the loop check to work.
 2020-05-06 13:31:57 +02:00
akallabeth
3a06ce058f Fixed oob read in rfx_process_message_tileset 
Check input data length
Thanks to hac425 CVE-2020-11043
 2020-05-06 13:31:57 +02:00
akallabeth
363d7046df Fixed oob read in clear_decompress_subcode_rlex 
Fixed length checks before stream read.
Thanks to hac425 CVE-2020-11040
 2020-05-06 13:31:57 +02:00
akallabeth
0332cad015 Fixed oob read in update_recv 
properly use update_type_to_string to print update type.
Thanks to hac425 CVE-2020-11019
 2020-05-06 13:31:57 +02:00
akallabeth
66d3b77d88 update_decompress_brush: explicit output length checks 
The output length was just assumed to be >= 256 bytes, with this
commit it is explicitly checked.
 2020-05-06 13:31:57 +02:00
akallabeth
a167f3b779 Fixed possible int overflow. 2020-05-06 13:31:57 +02:00
akallabeth
873ed92a84 Remove unnecessary cast. 2020-05-06 13:31:57 +02:00
akallabeth
6b485b146a Fixed oob read in irp_write and similar 2020-05-06 13:31:57 +02:00
Bernhard Miklautz
3e89574205
Merge pull request #6124 from akallabeth/speedup 
Unify inline and some warning fixes
 2020-05-05 15:34:38 +02:00
Linus Heckemann
5ce0ab909f
shadow_server: allow specifying IP addresses to listen on (#6050) 
* shadow_server: allow specifying IP addresses to listen on

This allows using IPv6 as well as listening only on specific
interfaces. Additionally, it enables listening on local and TCP
sockets simultaneously.

* listener: log address with square brackets

This disambiguates IPv6 addresses.

* shadow_server: check error on each socket binding

* Refactored shadow /bind-address for 2.0 compiatibility.

* Made /ipc-socket and /bind-address incompatible arguments.

* Fixed shadow /bind-address handling and description

* Allow multiple bind addresses for shadow server.

Co-authored-by: akallabeth <akallabeth@posteo.net>
 2020-05-05 08:35:19 +02:00
David Fort
5b98aa7515
Merge pull request #6063 from akallabeth/expert_settings 
Added expert settings /tune and /tune-list
 2020-05-04 12:09:39 +02:00
David Fort
6fb771e401
Merge pull request #6123 from akallabeth/cert_fix 
Fixed #6122: Allow SSL server and client purpose
 2020-05-04 12:04:08 +02:00
akallabeth
ca6d2d1b2c Workaround #6072: FFMPEG AAC encoding graded experimental 
Due to many reporing issues with different AAC encoder configurations
deactivate support by default. Can be enabled by compiling with
experimental codec support.
 2020-04-28 12:39:32 +02:00
akallabeth
7b0836a74f Fixed index out of bound access in update_glyph_offset 2020-04-27 08:19:42 +02:00
Raul Fernandes
db9052e37f Optimize function xcrush_copy_bytes() 
Use memcpy to copy the bytes when we can assure that the memory areas does not overlap.
When the areas overlap, copy the area that doesn't overlap repeatly.
With this change, the copy is ~30x faster.
 2020-04-25 16:25:36 +02:00
akallabeth
095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
akallabeth
b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
akallabeth
cb4d90fc0a Fixed #6101: POINTER_LARGE_UPDATE serialization 
The length check and field sizes in _update_read_pointer_large
were off, corrected according to [MS-RDPBCGR] 2.2.9.1.2.1.11
Fast-Path Large Pointer Update (TS_FP_LARGEPOINTERATTRIBUTE)
 2020-04-22 14:21:47 +02:00
akallabeth
dfed4b3b24 Refactored pointer and/xor data copying 
Using unified function upate_pointer_copy_andxor to copy now.
 2020-04-22 14:21:47 +02:00
akallabeth
c81feb36b0 Refactored freerdp_image_copy_from_pointer_data 
Split monochrome and color pointer handling to separate functions.
 2020-04-22 14:21:47 +02:00
akallabeth
0a86090ff1 Fix initialization of LargePointer flags 
Capability exchange is first reading server capabilities,
mask these with local settings and send only what both support.
 2020-04-22 11:10:56 +02:00
akallabeth
a75280300a Fixed [MS-RDPBCGR] 2.2.9.1.1.4.4 Color Pointer Update 
The pointer size is limited to 32 pixel in width and height
unless LARGE_POINTER_FLAG_96x96 is set which increases the size
to 96 pixel.
 2020-04-22 11:10:56 +02:00
Armin Novak
58be47bc63 Added expert settings /tune and /tune-list 2020-04-21 17:30:24 +02:00
David Fort
7733fe7a8a
Merge pull request #6060 from akallabeth/warnings 
Fix some compiler warnings
 2020-04-16 10:54:43 +02:00
Raul Fernandes
971be4fe9b Cache the calculated color 
In desktop area, the next color has high odds to be the same of previous color.
If we cache the value, it can be reused by the next pixel avoiding recalculation.
This optimization can halve the function's processing.
 2020-04-15 13:25:52 +02:00
Martin Fleisz
9e1b2eb42e
Merge pull request #6081 from akallabeth/disable_spincount 
Disable spincount
 2020-04-15 13:24:26 +02:00
akallabeth
1a4f0badf7 Moved PROGRESSIVE_BLOCK_REGION to heap. 2020-04-14 18:27:05 +02:00
Armin Novak
9445552ecc Fixed #6067: Better CMake warning for deactivated image scaling 2020-04-13 09:56:19 +02:00
Armin Novak
24bd601f8d Fixed data type warnings 2020-04-11 09:43:14 +02:00
Armin Novak
ebf44f80eb Fixed format string warnings. 2020-04-11 09:43:01 +02:00
Linus Heckemann
89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
akallabeth
a9daba0190 Check for int overflow in gdi_InvalidateRegion 2020-04-09 18:00:51 +02:00
akallabeth
6c0aeb10d2 Allow icon info with empty bitmap data. 2020-04-09 18:00:51 +02:00
akallabeth
232c7f4783 Abort order read on invalid element count. 2020-04-09 18:00:51 +02:00
akallabeth
acc6023643 Fixed possible NULL access. 2020-04-09 18:00:51 +02:00
akallabeth
a3996af062 Refactored gdi region 
* Added a unit test
* Fixed const correctness of function arguments
* Added return values for all functions
 2020-04-09 18:00:51 +02:00
akallabeth
b677b5db25 Proper error return from gdi_rect_str and gdi_regn_str 2020-04-09 18:00:51 +02:00
akallabeth
97efff4e90 Refactored order stream manipulation 
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
 2020-04-09 18:00:51 +02:00
akallabeth
17f547ae11 Fixed CVE-2020-11521: Out of bounds write in planar codec. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
907640a924 Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
7b1d4b4939 Fix CVE-2020-11524: out of bounds access in interleaved 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
e075f348d2 Added debug logging and claping to all region functions 2020-04-09 18:00:51 +02:00
akallabeth
ce21b9d7ec Fix CVE-2020-11523: clamp invalid rectangles to size 0 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
192856cb59 Fixed #6012: CVE-2020-11526: Out of bounds read in update_recv_orders 
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
0b6b92a25a Fixed CVE-2020-11525: Out of bounds read in bitmap_cache_new 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth
e6d10041c1 Fix #6033: freeaddrinfo must not be called with NULL arguments. 2020-04-09 14:26:46 +02:00
Norbert Federa
c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes 
Fix issues with boundary access.
 2020-04-06 13:53:28 +02:00
akallabeth
6f00add067 Export remaining packet length from rdp_read_share_control_header 2020-04-06 13:18:35 +02:00
akallabeth
0ad894adbc Fixed substream read in rdp_recv_tpkt_pdu 2020-04-06 11:58:48 +02:00
akallabeth
0533c05be3 Fixed rdp_recv_tpkt_pdu parsing, use substream. 2020-04-06 11:22:18 +02:00
akallabeth
df55f40ecf Fixed incorrect parser error message. 2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf Better error message for partial parsed capability 2020-04-03 15:10:49 +02:00
akallabeth
cba63b6d43 Added fallback to CMDTYPE_STREAM_SURFACE_BITS 
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
 2020-04-03 12:18:59 +02:00
akallabeth
88ad9ca56b Fix sending/receiving surface bits command. 
* Pass on proper command type to application
* On send let the server implementation decide to send
   2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
   2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
 2020-04-03 12:00:53 +02:00
akallabeth
2a379bfe09 Fixed invalid seek size in patrial pdu parse case 2020-04-02 17:41:49 +02:00
akallabeth
21320d973c Use safe seek for capability parsing 
thanks to @hardening for pointing that one out.
 2020-04-02 17:39:51 +02:00