akallabeth
5cfc3e8593
Fixed #6148 : multiple ceritificate purposes
...
OpenSSL certificate verification can only check a single purpose.
Run the checks with all allowed purposes and accept any.
2020-05-12 15:36:48 +02:00
akallabeth
a1f2c1e161
Fixed #6156 : Enforce synchronized encrypt count
...
Old style RDP encryption uses a counter, synchronize this for
packets send from different threads.
2020-05-12 15:34:57 +02:00
akallabeth
477ad675f3
Ensure all NLA structs are freed up
2020-05-12 09:09:36 +02:00
akallabeth
daf4e11324
Silence valgrind in rdp_read_header
...
If a disconnect message is received, we returned success but did
not initialize the return arguments.
2020-05-08 11:04:03 +02:00
akallabeth
a73adecaf4
Fixed #6112 : Segfault in update_decompress_brush
...
The iterators need to be signed for the loop check to work.
2020-05-06 13:31:57 +02:00
akallabeth
3a06ce058f
Fixed oob read in rfx_process_message_tileset
...
Check input data length
Thanks to hac425 CVE-2020-11043
2020-05-06 13:31:57 +02:00
akallabeth
363d7046df
Fixed oob read in clear_decompress_subcode_rlex
...
Fixed length checks before stream read.
Thanks to hac425 CVE-2020-11040
2020-05-06 13:31:57 +02:00
akallabeth
0332cad015
Fixed oob read in update_recv
...
properly use update_type_to_string to print update type.
Thanks to hac425 CVE-2020-11019
2020-05-06 13:31:57 +02:00
akallabeth
66d3b77d88
update_decompress_brush: explicit output length checks
...
The output length was just assumed to be >= 256 bytes, with this
commit it is explicitly checked.
2020-05-06 13:31:57 +02:00
akallabeth
a167f3b779
Fixed possible int overflow.
2020-05-06 13:31:57 +02:00
akallabeth
873ed92a84
Remove unnecessary cast.
2020-05-06 13:31:57 +02:00
akallabeth
6b485b146a
Fixed oob read in irp_write and similar
2020-05-06 13:31:57 +02:00
Bernhard Miklautz
3e89574205
Merge pull request #6124 from akallabeth/speedup
...
Unify inline and some warning fixes
2020-05-05 15:34:38 +02:00
Linus Heckemann
5ce0ab909f
shadow_server: allow specifying IP addresses to listen on ( #6050 )
...
* shadow_server: allow specifying IP addresses to listen on
This allows using IPv6 as well as listening only on specific
interfaces. Additionally, it enables listening on local and TCP
sockets simultaneously.
* listener: log address with square brackets
This disambiguates IPv6 addresses.
* shadow_server: check error on each socket binding
* Refactored shadow /bind-address for 2.0 compiatibility.
* Made /ipc-socket and /bind-address incompatible arguments.
* Fixed shadow /bind-address handling and description
* Allow multiple bind addresses for shadow server.
Co-authored-by: akallabeth <akallabeth@posteo.net>
2020-05-05 08:35:19 +02:00
David Fort
5b98aa7515
Merge pull request #6063 from akallabeth/expert_settings
...
Added expert settings /tune and /tune-list
2020-05-04 12:09:39 +02:00
David Fort
6fb771e401
Merge pull request #6123 from akallabeth/cert_fix
...
Fixed #6122 : Allow SSL server and client purpose
2020-05-04 12:04:08 +02:00
akallabeth
ca6d2d1b2c
Workaround #6072 : FFMPEG AAC encoding graded experimental
...
Due to many reporing issues with different AAC encoder configurations
deactivate support by default. Can be enabled by compiling with
experimental codec support.
2020-04-28 12:39:32 +02:00
akallabeth
7b0836a74f
Fixed index out of bound access in update_glyph_offset
2020-04-27 08:19:42 +02:00
Raul Fernandes
db9052e37f
Optimize function xcrush_copy_bytes()
...
Use memcpy to copy the bytes when we can assure that the memory areas does not overlap.
When the areas overlap, copy the area that doesn't overlap repeatly.
With this change, the copy is ~30x faster.
2020-04-25 16:25:36 +02:00
akallabeth
095d24934c
Fixed #6122 : Allow SSL server and client purpose
2020-04-25 08:06:00 +02:00
akallabeth
b094d52d0b
Fixed #6099 : Add a flag for legacy hash entries
...
If a legacy entry is found in certificate hash store print
additional information to the user informing about the change
with FreeRDP 2.0
2020-04-22 18:14:39 +02:00
akallabeth
cb4d90fc0a
Fixed #6101 : POINTER_LARGE_UPDATE serialization
...
The length check and field sizes in _update_read_pointer_large
were off, corrected according to [MS-RDPBCGR] 2.2.9.1.2.1.11
Fast-Path Large Pointer Update (TS_FP_LARGEPOINTERATTRIBUTE)
2020-04-22 14:21:47 +02:00
akallabeth
dfed4b3b24
Refactored pointer and/xor data copying
...
Using unified function upate_pointer_copy_andxor to copy now.
2020-04-22 14:21:47 +02:00
akallabeth
c81feb36b0
Refactored freerdp_image_copy_from_pointer_data
...
Split monochrome and color pointer handling to separate functions.
2020-04-22 14:21:47 +02:00
akallabeth
0a86090ff1
Fix initialization of LargePointer flags
...
Capability exchange is first reading server capabilities,
mask these with local settings and send only what both support.
2020-04-22 11:10:56 +02:00
akallabeth
a75280300a
Fixed [MS-RDPBCGR] 2.2.9.1.1.4.4 Color Pointer Update
...
The pointer size is limited to 32 pixel in width and height
unless LARGE_POINTER_FLAG_96x96 is set which increases the size
to 96 pixel.
2020-04-22 11:10:56 +02:00
Armin Novak
58be47bc63
Added expert settings /tune and /tune-list
2020-04-21 17:30:24 +02:00
David Fort
7733fe7a8a
Merge pull request #6060 from akallabeth/warnings
...
Fix some compiler warnings
2020-04-16 10:54:43 +02:00
Raul Fernandes
971be4fe9b
Cache the calculated color
...
In desktop area, the next color has high odds to be the same of previous color.
If we cache the value, it can be reused by the next pixel avoiding recalculation.
This optimization can halve the function's processing.
2020-04-15 13:25:52 +02:00
Martin Fleisz
9e1b2eb42e
Merge pull request #6081 from akallabeth/disable_spincount
...
Disable spincount
2020-04-15 13:24:26 +02:00
akallabeth
1a4f0badf7
Moved PROGRESSIVE_BLOCK_REGION to heap.
2020-04-14 18:27:05 +02:00
Armin Novak
9445552ecc
Fixed #6067 : Better CMake warning for deactivated image scaling
2020-04-13 09:56:19 +02:00
Armin Novak
24bd601f8d
Fixed data type warnings
2020-04-11 09:43:14 +02:00
Armin Novak
ebf44f80eb
Fixed format string warnings.
2020-04-11 09:43:01 +02:00
Linus Heckemann
89e4e24c31
tls: support non-RSA keys
2020-04-10 17:57:34 +02:00
akallabeth
a9daba0190
Check for int overflow in gdi_InvalidateRegion
2020-04-09 18:00:51 +02:00
akallabeth
6c0aeb10d2
Allow icon info with empty bitmap data.
2020-04-09 18:00:51 +02:00
akallabeth
232c7f4783
Abort order read on invalid element count.
2020-04-09 18:00:51 +02:00
akallabeth
acc6023643
Fixed possible NULL access.
2020-04-09 18:00:51 +02:00
akallabeth
a3996af062
Refactored gdi region
...
* Added a unit test
* Fixed const correctness of function arguments
* Added return values for all functions
2020-04-09 18:00:51 +02:00
akallabeth
b677b5db25
Proper error return from gdi_rect_str and gdi_regn_str
2020-04-09 18:00:51 +02:00
akallabeth
97efff4e90
Refactored order stream manipulation
...
* Use stream seek instead of setting pointer directly
* Add log messages in case of inconsistencies
* Fixed missing stream advance in update_decompress_brush
2020-04-09 18:00:51 +02:00
akallabeth
17f547ae11
Fixed CVE-2020-11521: Out of bounds write in planar codec.
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
907640a924
Fixed CVE-2020-11522: Limit number of DELTA_RECT to 45.
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
7b1d4b4939
Fix CVE-2020-11524: out of bounds access in interleaved
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
e075f348d2
Added debug logging and claping to all region functions
2020-04-09 18:00:51 +02:00
akallabeth
ce21b9d7ec
Fix CVE-2020-11523: clamp invalid rectangles to size 0
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
192856cb59
Fixed #6012 : CVE-2020-11526: Out of bounds read in update_recv_orders
...
Thanks to @hac425xxx and Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
0b6b92a25a
Fixed CVE-2020-11525: Out of bounds read in bitmap_cache_new
...
Thanks to Sunglin and HuanGMz from Knownsec 404
2020-04-09 18:00:51 +02:00
akallabeth
e6d10041c1
Fix #6033 : freeaddrinfo must not be called with NULL arguments.
2020-04-09 14:26:46 +02:00
Norbert Federa
c367f65d42
Merge pull request #6019 from akallabeth/bound_access_fixes
...
Fix issues with boundary access.
2020-04-06 13:53:28 +02:00
akallabeth
6f00add067
Export remaining packet length from rdp_read_share_control_header
2020-04-06 13:18:35 +02:00
akallabeth
0ad894adbc
Fixed substream read in rdp_recv_tpkt_pdu
2020-04-06 11:58:48 +02:00
akallabeth
0533c05be3
Fixed rdp_recv_tpkt_pdu parsing, use substream.
2020-04-06 11:22:18 +02:00
akallabeth
df55f40ecf
Fixed incorrect parser error message.
2020-04-06 10:42:06 +02:00
akallabeth
a022958ddf
Better error message for partial parsed capability
2020-04-03 15:10:49 +02:00
akallabeth
cba63b6d43
Added fallback to CMDTYPE_STREAM_SURFACE_BITS
...
Since our samples were incorrect, add a fallback with a log warnings
to the old CMDTYPE_STREAM_SURFACE_BITS by default behaviour.
2020-04-03 12:18:59 +02:00
akallabeth
88ad9ca56b
Fix sending/receiving surface bits command.
...
* Pass on proper command type to application
* On send let the server implementation decide to send
2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
2020-04-03 12:00:53 +02:00
akallabeth
2a379bfe09
Fixed invalid seek size in patrial pdu parse case
2020-04-02 17:41:49 +02:00
akallabeth
21320d973c
Use safe seek for capability parsing
...
thanks to @hardening for pointing that one out.
2020-04-02 17:39:51 +02:00
akallabeth
ddfd0cdccf
Use substreams to parse gcc_read_server_data_blocks
2020-04-02 17:39:43 +02:00
akallabeth
6b2bc41935
Fix #6010 : Check length in read_icon_info
2020-04-02 17:34:02 +02:00
akallabeth
67c2aa52b2
Fixed #6013 : Check new length is > 0
2020-04-02 17:33:54 +02:00
akallabeth
3627aaf7d2
Fixed #6011 : Bounds check in rdp_read_font_capability_set
2020-04-02 17:28:17 +02:00
akallabeth
f8890a645c
Fixed #6005 : Bounds checks in update_read_bitmap_data
2020-04-02 17:28:10 +02:00
akallabeth
ed53cd148f
Fixed #6006 : bounds checks in update_read_synchronize
2020-04-02 17:28:04 +02:00
akallabeth
f5e73cc7c9
Fixed #6009 : Bounds checks in autodetect_recv_bandwidth_measure_results
2020-04-02 17:27:59 +02:00
akallabeth
9301bfe730
Fixed #6007 : Boundary checks in rdp_read_flow_control_pdu
2020-04-02 17:27:53 +02:00
akallabeth
58dc36b3c8
Fixed possible NULL dereference
2020-04-02 17:27:10 +02:00
akallabeth
bc33a50c5a
Treat NULL and empty string as the same for credentials.
2020-03-24 12:34:35 +01:00
akallabeth
cf2f674283
Initialize KeyboardHook with define instead of magic number
2020-03-18 17:22:08 +01:00
Armin Novak
4216646746
Fixed length checks for compressed rdp data.
2020-03-10 14:05:10 +01:00
Armin Novak
297ad536a2
Cleaned up bulk_compress/decompress, prettified log.
2020-03-10 14:05:10 +01:00
Armin Novak
49b17e4e03
Refactored bulk compression
...
* Arguments now opaque
* Removed internal functions from external interface
2020-03-10 14:05:10 +01:00
Armin Novak
3ba66db99d
Unify pReceiveChannelData and psPeerReceiveChannelData
...
Fix definitions of the two function pointers.
Use and definition did not match, fix that.
Will create warnings in external projects
2020-03-10 12:21:14 +01:00
Armin Novak
d5b5088eac
Fixed misinterpretation of SendChannelData
...
SendChannelData was defined with a return value of type int, but
used as BOOL everywhere. Fix the definition to match use.
2020-03-10 12:21:14 +01:00
Armin Novak
c7187928e9
Fix tpkt header length checks for encrypted packets
...
If securityFlag SEC_ENCRYPT is set, remove the encryption headers from
the TPKT header length on comparison.
2020-03-10 12:20:50 +01:00
Armin Novak
cc49a212bd
Default to positive return for missing callbacks
...
When using +async-update, default to positive return if some
client callback is not implemented.
2020-03-10 08:59:52 +01:00
Armin Novak
5b9b7f331b
Fixed memory leak in tls_get_channel_bindings
2020-03-06 11:37:35 +01:00
Armin Novak
9c999b7135
Added raw function wrapping X509_digest
2020-03-06 11:37:35 +01:00
Armin Novak
2be6e4117f
Let ssl backend handle hash checks.
2020-03-06 11:37:35 +01:00
Armin Novak
00fa84b514
Check cert against CertificateAcceptedFingerprints
...
CertificateAcceptedFingerprints may contain a list of certificate
hashes and the corresponding fingerprint.
If one of the hashes matches consider the certificate accepted.
2020-03-06 11:37:35 +01:00
Armin Novak
d3b36ab299
Added CertificateAcceptedFingerprints to settings
2020-03-06 11:37:35 +01:00
Armin Novak
07605b0281
Consume all TPKT data reading new/upgrade license
2020-03-05 13:48:58 +01:00
Armin Novak
f1098aa17c
rdp_recv_tpkt_pdu verbose debug parsing issues
...
Print out parsing issues found in MCS Channel 1003 parsing.
2020-03-05 13:48:58 +01:00
Armin Novak
8e55c44088
tpkt_ensure_stream_consumed now more verbose.
...
tpkt_ensure_stream_consumed now writes the function it was called
from to the log. This should help identify areas the check failed.
2020-03-05 13:48:58 +01:00
Armin Novak
825d63cf0c
Added clarifications in freerdp_channel_process
2020-03-04 15:01:36 +01:00
Armin Novak
d7ba252cd7
Fixed arguments for peer->ReceiveChannelData
2020-03-04 14:52:19 +01:00
Armin Novak
0f729d2b2c
Fixed conversion and return checks.
...
* Fix some missing argument checks for function pointer implementations
* Fix broken return value check for client->SendChannelData
* Updated const correctness for function pointer implementations
2020-03-04 14:44:03 +01:00
Armin Novak
9398e8e647
Fixed freerdp_channel_process length checks
...
Fragmented data was not handled properly.
2020-03-04 14:44:03 +01:00
Armin Novak
4ad158fac6
Added freerdp_channels_data argument checks.
2020-03-04 14:44:03 +01:00
Armin Novak
3de666a80e
Improve signal handler printout.
2020-03-04 08:22:56 +01:00
Norbert Federa
17e0d25104
dynvc/client: fix and improve channel closing code
...
- fixed and consolitate the duplicated code for sending the
CLOSE_REQUEST_PDU to the server into dvcman_close_channel
- call dvcman_close_channel if a dynamic channel plugin fails
to process the received channel data
- rdpegfx: don't try to remove a non-existing cache entry,
return an error instead which now will close the channel, as
expected by Microsoft's windows protocols test suite
2020-03-04 08:03:56 +01:00
Armin Novak
bda2731035
Fixed reading suppress output pdu
...
Optional rectangle must be read from PDU
2020-03-03 13:10:24 +01:00
Armin Novak
1b91c77350
Fixed shadow server with mstsc as client.
2020-03-03 12:27:19 +01:00
Armin Novak
0d1c440cf5
Consume stream data in autoconnect
...
TPKT checks failed due to payload data not consumed in autodetect.
2020-03-02 13:54:44 +01:00
Armin Novak
be714d2a13
Fixed tpkt header length checks.
...
TPKT header length and consumption of data was not consistently
checked. This adds checks after each packet processed and fixes
any inconsistencies found.
2020-03-02 11:40:35 +01:00
Armin Novak
039bb88fef
Fixed warnings in capabilities.c
2020-03-02 11:40:35 +01:00
Armin Novak
171e73d797
Fixed compiler warnings in info.c
2020-03-02 11:40:35 +01:00
Armin Novak
318cb3dd47
Added tpkt header length plausibility checks.
2020-03-02 11:40:35 +01:00