mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,424 Commits 6 Branches 73 Tags 86 MiB
Commit Graph

4150 Commits

Author SHA1 Message Date
akallabeth 5cfc3e8593 Fixed #6148: multiple ceritificate purposes 
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
 2020-05-12 15:36:48 +02:00
akallabeth a1f2c1e161 Fixed #6156: Enforce synchronized encrypt count 
Old style RDP encryption uses a counter, synchronize this for
packets send from different threads.
 2020-05-12 15:34:57 +02:00
akallabeth 477ad675f3 Ensure all NLA structs are freed up 2020-05-12 09:09:36 +02:00
akallabeth daf4e11324 Silence valgrind in rdp_read_header 
If a disconnect message is received, we returned success but did
not initialize the return arguments.
 2020-05-08 11:04:03 +02:00
akallabeth a73adecaf4 Fixed #6112: Segfault in update_decompress_brush 
The iterators need to be signed for the loop check to work.
 2020-05-06 13:31:57 +02:00
akallabeth 3a06ce058f Fixed oob read in rfx_process_message_tileset 
Check input data length
Thanks to hac425 CVE-2020-11043
 2020-05-06 13:31:57 +02:00
akallabeth 363d7046df Fixed oob read in clear_decompress_subcode_rlex 
Fixed length checks before stream read.
Thanks to hac425 CVE-2020-11040
 2020-05-06 13:31:57 +02:00
akallabeth 0332cad015 Fixed oob read in update_recv 
properly use update_type_to_string to print update type.
Thanks to hac425 CVE-2020-11019
 2020-05-06 13:31:57 +02:00
akallabeth 66d3b77d88 update_decompress_brush: explicit output length checks 
The output length was just assumed to be >= 256 bytes, with this
commit it is explicitly checked.
 2020-05-06 13:31:57 +02:00
akallabeth a167f3b779 Fixed possible int overflow. 2020-05-06 13:31:57 +02:00
akallabeth 873ed92a84 Remove unnecessary cast. 2020-05-06 13:31:57 +02:00
akallabeth 6b485b146a Fixed oob read in irp_write and similar 2020-05-06 13:31:57 +02:00
Bernhard Miklautz 3e89574205
Merge pull request #6124 from akallabeth/speedup 
Unify inline and some warning fixes
 2020-05-05 15:34:38 +02:00
Linus Heckemann 5ce0ab909f
shadow_server: allow specifying IP addresses to listen on (#6050) 
* shadow_server: allow specifying IP addresses to listen on

This allows using IPv6 as well as listening only on specific
interfaces. Additionally, it enables listening on local and TCP
sockets simultaneously.

* listener: log address with square brackets

This disambiguates IPv6 addresses.

* shadow_server: check error on each socket binding

* Refactored shadow /bind-address for 2.0 compiatibility.

* Made /ipc-socket and /bind-address incompatible arguments.

* Fixed shadow /bind-address handling and description

* Allow multiple bind addresses for shadow server.

Co-authored-by: akallabeth <akallabeth@posteo.net>
 2020-05-05 08:35:19 +02:00
David Fort 5b98aa7515
Merge pull request #6063 from akallabeth/expert_settings 
Added expert settings /tune and /tune-list
 2020-05-04 12:09:39 +02:00
David Fort 6fb771e401
Merge pull request #6123 from akallabeth/cert_fix 
Fixed #6122: Allow SSL server and client purpose
 2020-05-04 12:04:08 +02:00
akallabeth ca6d2d1b2c Workaround #6072: FFMPEG AAC encoding graded experimental 
Due to many reporing issues with different AAC encoder configurations
deactivate support by default. Can be enabled by compiling with
experimental codec support.
 2020-04-28 12:39:32 +02:00
akallabeth 7b0836a74f Fixed index out of bound access in update_glyph_offset 2020-04-27 08:19:42 +02:00
Raul Fernandes db9052e37f Optimize function xcrush_copy_bytes() 
Use memcpy to copy the bytes when we can assure that the memory areas does not overlap.
When the areas overlap, copy the area that doesn't overlap repeatly.
With this change, the copy is ~30x faster.
 2020-04-25 16:25:36 +02:00
akallabeth 095d24934c Fixed #6122: Allow SSL server and client purpose 2020-04-25 08:06:00 +02:00
akallabeth b094d52d0b Fixed #6099: Add a flag for legacy hash entries 
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
 2020-04-22 18:14:39 +02:00
akallabeth cb4d90fc0a Fixed #6101: POINTER_LARGE_UPDATE serialization 
The length check and field sizes in _update_read_pointer_large
were off, corrected according to [MS-RDPBCGR] 2.2.9.1.2.1.11
Fast-Path Large Pointer Update (TS_FP_LARGEPOINTERATTRIBUTE)
 2020-04-22 14:21:47 +02:00
akallabeth dfed4b3b24 Refactored pointer and/xor data copying 
Using unified function upate_pointer_copy_andxor to copy now.
 2020-04-22 14:21:47 +02:00
akallabeth c81feb36b0 Refactored freerdp_image_copy_from_pointer_data 
Split monochrome and color pointer handling to separate functions.
 2020-04-22 14:21:47 +02:00
akallabeth 0a86090ff1 Fix initialization of LargePointer flags 
Capability exchange is first reading server capabilities,
mask these with local settings and send only what both support.
 2020-04-22 11:10:56 +02:00
akallabeth a75280300a Fixed [MS-RDPBCGR] 2.2.9.1.1.4.4 Color Pointer Update 
The pointer size is limited to 32 pixel in width and height
unless LARGE_POINTER_FLAG_96x96 is set which increases the size
to 96 pixel.
 2020-04-22 11:10:56 +02:00
Armin Novak 58be47bc63 Added expert settings /tune and /tune-list 2020-04-21 17:30:24 +02:00
David Fort 7733fe7a8a
Merge pull request #6060 from akallabeth/warnings 
Fix some compiler warnings
 2020-04-16 10:54:43 +02:00
Raul Fernandes 971be4fe9b Cache the calculated color 
In desktop area, the next color has high odds to be the same of previous color.
If we cache the value, it can be reused by the next pixel avoiding recalculation.
This optimization can halve the function's processing.
 2020-04-15 13:25:52 +02:00
Martin Fleisz 9e1b2eb42e
Merge pull request #6081 from akallabeth/disable_spincount 
Disable spincount
 2020-04-15 13:24:26 +02:00
akallabeth 1a4f0badf7 Moved PROGRESSIVE_BLOCK_REGION to heap. 2020-04-14 18:27:05 +02:00
Armin Novak 9445552ecc Fixed #6067: Better CMake warning for deactivated image scaling 2020-04-13 09:56:19 +02:00
Armin Novak 24bd601f8d Fixed data type warnings 2020-04-11 09:43:14 +02:00
Armin Novak ebf44f80eb Fixed format string warnings. 2020-04-11 09:43:01 +02:00
Linus Heckemann 89e4e24c31 tls: support non-RSA keys 2020-04-10 17:57:34 +02:00
akallabeth a9daba0190 Check for int overflow in gdi_InvalidateRegion 2020-04-09 18:00:51 +02:00
akallabeth 6c0aeb10d2 Allow icon info with empty bitmap data. 2020-04-09 18:00:51 +02:00
akallabeth 232c7f4783 Abort order read on invalid element count. 2020-04-09 18:00:51 +02:00
akallabeth acc6023643 Fixed possible NULL access. 2020-04-09 18:00:51 +02:00
akallabeth a3996af062 Refactored gdi region 
* Added a unit test
* Fixed const correctness of function arguments
* Added return values for all functions
 2020-04-09 18:00:51 +02:00
akallabeth b677b5db25 Proper error return from gdi_rect_str and gdi_regn_str 2020-04-09 18:00:51 +02:00
akallabeth 97efff4e90 Refactored order stream manipulation 
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
 2020-04-09 18:00:51 +02:00
akallabeth 17f547ae11 Fixed CVE-2020-11521: Out of bounds write in planar codec. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth 907640a924 Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45. 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth 7b1d4b4939 Fix CVE-2020-11524: out of bounds access in interleaved 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth e075f348d2 Added debug logging and claping to all region functions 2020-04-09 18:00:51 +02:00
akallabeth ce21b9d7ec Fix CVE-2020-11523: clamp invalid rectangles to size 0 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth 192856cb59 Fixed #6012: CVE-2020-11526: Out of bounds read in update_recv_orders 
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth 0b6b92a25a Fixed CVE-2020-11525: Out of bounds read in bitmap_cache_new 
Thanks to Sunglin and HuanGMz from Knownsec 404
 2020-04-09 18:00:51 +02:00
akallabeth e6d10041c1 Fix #6033: freeaddrinfo must not be called with NULL arguments. 2020-04-09 14:26:46 +02:00
Norbert Federa c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes 
Fix issues with boundary access.
 2020-04-06 13:53:28 +02:00
akallabeth 6f00add067 Export remaining packet length from rdp_read_share_control_header 2020-04-06 13:18:35 +02:00
akallabeth 0ad894adbc Fixed substream read in rdp_recv_tpkt_pdu 2020-04-06 11:58:48 +02:00
akallabeth 0533c05be3 Fixed rdp_recv_tpkt_pdu parsing, use substream. 2020-04-06 11:22:18 +02:00
akallabeth df55f40ecf Fixed incorrect parser error message. 2020-04-06 10:42:06 +02:00
akallabeth a022958ddf Better error message for partial parsed capability 2020-04-03 15:10:49 +02:00
akallabeth cba63b6d43 Added fallback to CMDTYPE_STREAM_SURFACE_BITS 
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
 2020-04-03 12:18:59 +02:00
akallabeth 88ad9ca56b Fix sending/receiving surface bits command. 
* Pass on proper command type to application
* On send let the server implementation decide to send
   2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
   2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
 2020-04-03 12:00:53 +02:00
akallabeth 2a379bfe09 Fixed invalid seek size in patrial pdu parse case 2020-04-02 17:41:49 +02:00
akallabeth 21320d973c Use safe seek for capability parsing 
thanks to @hardening for pointing that one out.
 2020-04-02 17:39:51 +02:00
akallabeth ddfd0cdccf Use substreams to parse gcc_read_server_data_blocks 2020-04-02 17:39:43 +02:00
akallabeth 6b2bc41935 Fix #6010: Check length in read_icon_info 2020-04-02 17:34:02 +02:00
akallabeth 67c2aa52b2 Fixed #6013: Check new length is > 0 2020-04-02 17:33:54 +02:00
akallabeth 3627aaf7d2 Fixed #6011: Bounds check in rdp_read_font_capability_set 2020-04-02 17:28:17 +02:00
akallabeth f8890a645c Fixed #6005: Bounds checks in update_read_bitmap_data 2020-04-02 17:28:10 +02:00
akallabeth ed53cd148f Fixed #6006: bounds checks in update_read_synchronize 2020-04-02 17:28:04 +02:00
akallabeth f5e73cc7c9 Fixed #6009: Bounds checks in autodetect_recv_bandwidth_measure_results 2020-04-02 17:27:59 +02:00
akallabeth 9301bfe730 Fixed #6007: Boundary checks in rdp_read_flow_control_pdu 2020-04-02 17:27:53 +02:00
akallabeth 58dc36b3c8 Fixed possible NULL dereference 2020-04-02 17:27:10 +02:00
akallabeth bc33a50c5a Treat NULL and empty string as the same for credentials. 2020-03-24 12:34:35 +01:00
akallabeth cf2f674283 Initialize KeyboardHook with define instead of magic number 2020-03-18 17:22:08 +01:00
Armin Novak 4216646746 Fixed length checks for compressed rdp data. 2020-03-10 14:05:10 +01:00
Armin Novak 297ad536a2 Cleaned up bulk_compress/decompress, prettified log. 2020-03-10 14:05:10 +01:00
Armin Novak 49b17e4e03 Refactored bulk compression 
* Arguments now opaque
* Removed internal functions from external interface
 2020-03-10 14:05:10 +01:00
Armin Novak 3ba66db99d Unify pReceiveChannelData and psPeerReceiveChannelData 
Fix definitions of the two function pointers.
Use and definition did not match, fix that.
Will create warnings in external projects
 2020-03-10 12:21:14 +01:00
Armin Novak d5b5088eac Fixed misinterpretation of SendChannelData 
SendChannelData was defined with a return value of type int, but
used as BOOL everywhere. Fix the definition to match use.
 2020-03-10 12:21:14 +01:00
Armin Novak c7187928e9 Fix tpkt header length checks for encrypted packets 
If securityFlag SEC_ENCRYPT is set, remove the encryption headers from
the TPKT header length on comparison.
 2020-03-10 12:20:50 +01:00
Armin Novak cc49a212bd Default to positive return for missing callbacks 
When using +async-update, default to positive return if some
client callback is not implemented.
 2020-03-10 08:59:52 +01:00
Armin Novak 5b9b7f331b Fixed memory leak in tls_get_channel_bindings 2020-03-06 11:37:35 +01:00
Armin Novak 9c999b7135 Added raw function wrapping X509_digest 2020-03-06 11:37:35 +01:00
Armin Novak 2be6e4117f Let ssl backend handle hash checks. 2020-03-06 11:37:35 +01:00
Armin Novak 00fa84b514 Check cert against CertificateAcceptedFingerprints 
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
 2020-03-06 11:37:35 +01:00
Armin Novak d3b36ab299 Added CertificateAcceptedFingerprints to settings 2020-03-06 11:37:35 +01:00
Armin Novak 07605b0281 Consume all TPKT data reading new/upgrade license 2020-03-05 13:48:58 +01:00
Armin Novak f1098aa17c rdp_recv_tpkt_pdu verbose debug parsing issues 
Print out parsing issues found in MCS Channel 1003 parsing.
 2020-03-05 13:48:58 +01:00
Armin Novak 8e55c44088 tpkt_ensure_stream_consumed now more verbose. 
tpkt_ensure_stream_consumed now writes the function it was called
from to the log. This should help identify areas the check failed.
 2020-03-05 13:48:58 +01:00
Armin Novak 825d63cf0c Added clarifications in freerdp_channel_process 2020-03-04 15:01:36 +01:00
Armin Novak d7ba252cd7 Fixed arguments for peer->ReceiveChannelData 2020-03-04 14:52:19 +01:00
Armin Novak 0f729d2b2c Fixed conversion and return checks. 
* Fix some missing argument checks for function pointer implementations
* Fix broken return value check for client->SendChannelData
* Updated const correctness for function pointer implementations
 2020-03-04 14:44:03 +01:00
Armin Novak 9398e8e647 Fixed freerdp_channel_process length checks 
Fragmented data was not handled properly.
 2020-03-04 14:44:03 +01:00
Armin Novak 4ad158fac6 Added freerdp_channels_data argument checks. 2020-03-04 14:44:03 +01:00
Armin Novak 3de666a80e Improve signal handler printout. 2020-03-04 08:22:56 +01:00
Norbert Federa 17e0d25104 dynvc/client: fix and improve channel closing code 
- fixed and consolitate the duplicated code for sending the
  CLOSE_REQUEST_PDU to the server into dvcman_close_channel
- call dvcman_close_channel if a dynamic channel plugin fails
  to process the received channel data
- rdpegfx: don't try to remove a non-existing cache entry,
  return an error instead which now will close the channel, as
  expected by Microsoft's windows protocols test suite
 2020-03-04 08:03:56 +01:00
Armin Novak bda2731035 Fixed reading suppress output pdu 
Optional rectangle must be read from PDU
 2020-03-03 13:10:24 +01:00
Armin Novak 1b91c77350 Fixed shadow server with mstsc as client. 2020-03-03 12:27:19 +01:00
Armin Novak 0d1c440cf5 Consume stream data in autoconnect 
TPKT checks failed due to payload data not consumed in autodetect.
 2020-03-02 13:54:44 +01:00
Armin Novak be714d2a13 Fixed tpkt header length checks. 
TPKT header length and consumption of data was not consistently
checked. This adds checks after each packet processed and fixes
any inconsistencies found.
 2020-03-02 11:40:35 +01:00
Armin Novak 039bb88fef Fixed warnings in capabilities.c 2020-03-02 11:40:35 +01:00
Armin Novak 171e73d797 Fixed compiler warnings in info.c 2020-03-02 11:40:35 +01:00
Armin Novak 318cb3dd47 Added tpkt header length plausibility checks. 2020-03-02 11:40:35 +01:00