Commit Graph

87 Commits

Author SHA1 Message Date
Armin Novak
f5fff7658a Made some functions static. 2016-10-06 13:43:12 +02:00
Norbert Federa
7a42a8dd5b freerdp/core/gcc: channel name hardening
According to [MS-RDPBCGR 2.2.1.3.4.1 Channel Definition Structure]
the channel name must be an 8-byte array containing a null-terminated
collection of seven ANSI characters that uniquely identify the channel.

We did not check if the transmitted name was null-terminated which
could have the usual severe effects on stabiliy and security since
the channel name is used in several functions expecting a null-
terminated string (strlen, printf, etc.)
2016-05-30 14:40:23 +02:00
Norbert Federa
ef4b29e5b3 ConvertFromUnicode fixes and misc hardening
- Added missing ConvertFromUnicode checks
- If ConvertToUnicode allocates memory, guarantee the null termination
  similar to ConvertFromUnicode's implementation
- Fixed some TestUnicodeConversion.c CTest return values
- Added some CTests for ConvertFromUnicode and ConvertToUnicode
- Misc code and protocol hardening fixes in the surrounding code regions
  that have been touched
2016-03-03 16:56:19 +01:00
Bernhard Miklautz
e02af8287e Merge pull request #3160 from akallabeth/stream_fixes
Stream fixes
2016-03-01 16:44:19 +01:00
Armin Novak
5805ba8e52 Removed crypto_nonce. 2016-02-27 22:40:43 +01:00
Armin Novak
e79eee2bb1 Fixed Stream API misuse. 2016-02-25 20:01:12 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
06da644007 Unified md5 functions. 2016-02-24 16:46:25 +01:00
Vic Lee
73f895fd55 gcc: assigned string must not be freed. 2016-02-03 13:34:58 +08:00
Bernhard Miklautz
8ec39039e5 Merge pull request #3076 from akallabeth/remove_fixed_size_heap_strings
Removed fixed size strings.
2016-02-01 13:02:38 +01:00
Armin Novak
73ec3d6aca Removed fixed size strings. 2016-01-21 15:45:21 +01:00
davewheel
121a234866 Add better handling of monitors
This patch makes FreeRDP announce the support for monitor layout PDU. It also
adds support for servers to announce the monitors layout.
2016-01-20 16:56:04 +01:00
davewheel
ca9e908f3c Fix a security issue in monitors packet handling
The number of announced monitors was not checked, so if a client was announcing
a big number, it could override other fields in settings and more...
2016-01-20 16:56:04 +01:00
Vic Lee
6f639c1e34 gcc: read and write desktop scale settings in core data. 2015-08-27 16:19:40 +08:00
Vic Lee
8394d8c677 gcc: read and write monitor extended data. 2015-08-27 15:26:37 +08:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
David FORT
c0b191a1c6 Fix a too big Stream_EnsureRemainingCapacity() 2015-04-07 15:19:59 +02:00
David FORT
d84c760f7d Fix a typo in server-side code 2015-04-01 22:26:38 +02:00
David FORT
23e11e5a3d Fix code style 2015-04-01 16:58:25 +02:00
David FORT
5302bad2b7 Drop the limit on key size 2015-04-01 15:11:57 +02:00
Martin Haimberger
bba342a6be added set_error_info function
if an error_info is set, a TS_SET_ERROR_INFO_PDU
will be sent to the client on disconnect with
the error_info
2015-01-13 08:09:36 -08:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
1c88822ccb libfreerdp-core: treat GCC data block 0xC009 as CS_MULTITRANSPORT 2014-11-19 21:00:28 -05:00
Vic Lee
0e7797ffca libfreerdp-core: server-side mcs message channel. 2014-10-29 00:49:27 +08:00
Marc-André Moreau
02646b349f Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	libfreerdp/core/gcc.c
2014-10-25 10:29:06 -04:00
Norbert Federa
9c2e90df7d core: fix pointer caps, slowpath kbd and a gcc fix
* According to MS-RDPBCGR 2.2.7.1.5 the pointerCacheSize is optional
  and its absence or a zero value indicates missing client support for
  the New Pointer Update.

* Added and fixed some comments regarding the meaning of the KBDFLAGS_DOWN
  keyboard flag and how it is currently used in the code.
  "Fixed" the slow path keyboard input to generate the same keyboard flags
  as the corresponding fast path code.

* Some arbitrary value was used for the ConnectPDULength in the GCC
  Conference Create Response. According to MS-RDPBCGR 4.1.4 this value must
  be ignored by the client so we encode a zero value instead.
2014-10-22 12:27:07 +02:00
Mike McDonald
5fa6fa7013 Merge branch 'master' of https://github.com/awakecoding/FreeRDP into awakecoding-staging 2014-10-20 14:42:46 -04:00
Marc-André Moreau
72fff184dd libfreerdp-core: fix RemoteFX/autodetect incompatibility issue with 2008 R2 2014-09-24 17:23:12 -04:00
Mike McDonald
092855fe99 Fixed gcc_write_conference_create_request to send a constant byte of 0x2A instead of attempting to encode the length of the payload. Sending the length is causing older RDP clients to fail the connection when the payload length of the server data blocks exceeded 256 bytes(which is nearly always the case when RDP security is negotiated). Traces of Windows 2003, 2008R2, 2012, 7, and 8 show that Windows always sends a constant of 0x2A (OCTET STRING) followed by a constant of 0x14 (ConnectGCCPDU). 2014-09-23 22:04:02 -04:00
Marc-André Moreau
af858e8f2a shadow: disable RemoteFX if connection type is not LAN 2014-09-23 18:19:05 -04:00
Marc-André Moreau
7574788ba5 libfreerdp-core: fix GCC core data block negotiation 2014-09-22 11:38:33 -04:00
Marc-André Moreau
09fc388e03 shadow: add RefreshRect/SuppressOutput support 2014-09-18 22:18:58 -04:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Hardening
e79c6b7d68 Treat OOM in GCC certificates
This patch treats OOM cases and do a trivial cleanup
2014-05-09 22:37:47 +02:00
Norbert Federa
18cb418c81 core: FIPS for fastpath and RDP security fixes
- fixed invalid stream position if extEncryptionMethods is not used
- enabled 56bit rdp security method
- fixed entropy reduction of the keys for 40 bit and 56 bit
- added rdp security incl. FIPS for fastpath output
- added FIPS encryption to fast path input
- fixed FIPS key generation in server mode
- fixed stream length correction in FIPS mode
- added rdp encryption for licensing packets (apparently some clients,
  specifically cetsc, require the license packets received from the
  server to be encrypted under certain RDP encryption levels)
- replace errnous virtual extended mouse event in focus in event
2014-04-02 14:17:39 +02:00
Hardening
ac7507ab8d Adds some check to treat OOM problems + RDP security fix
Malloc can fail so it will, this patch adds some check in some places
where malloc/strdup results were not checked.

This patch also contains a server side fix for RDP security (credit to nfedera).
The signature len was badly set in the GCC packet. And some other RDP security
oriented fixes are also there.
2014-03-25 23:13:08 +01:00
Marc-André Moreau
65ff98bb99 libfreerdp-core: fix /multimon and /span options 2014-03-25 14:39:21 -04:00
Marc-André Moreau
db7a9d2e77 libfreerdp-core: start moving internal MCS variables out of rdpSettings* 2014-02-15 16:32:38 -05:00
Marc-André Moreau
c5b14a5e0a libfreerdp-core: make use of rdpMcs* instead of rdpSettings* in most GCC functions 2014-02-13 17:50:38 -05:00
Marc-André Moreau
e5990fa60c libfreerdp-core: MCS cleanup, better handling of domain parameters 2014-02-13 17:06:33 -05:00
Marc-André Moreau
cdcd290c44 wfreerdp: fix most build warnings 2014-02-10 22:12:13 -05:00
Marc-André Moreau
6bd4362e6d Merge branch 'auto-detect' of github.com:vworkspace/FreeRDP
Conflicts:
	include/freerdp/settings.h
	libfreerdp/core/gcc.c
	libfreerdp/core/gcc.h
	libfreerdp/core/mcs.h
	libfreerdp/core/rdp.c
2014-01-25 17:08:43 -05:00
Marc-André Moreau
95634f3e4c libfreerdp-core: improve encoding and decoding of GCC core data block 2014-01-24 13:03:37 -05:00
Mike McDonald
07083acc97 First cut at network characteristics auto-detect and multitransport protocol 2014-01-23 18:01:31 -05:00
Marc-André Moreau
1c0e874b5b libfreerdp-core: more GCC and MCS fixes 2014-01-23 17:41:05 -05:00
Marc-André Moreau
38b125f336 libfreerdp-core: fix and update parsing of server-side GCC client data blocks 2014-01-23 16:00:02 -05:00
Hardening
1d6a07d2d5 More security in gcc.c
As strange as it looks, i have found more errors that could lead to
security issues in gcc.c.
2013-11-28 23:17:21 +01:00
Marc-André Moreau
3951a6e1c3 channels/rdpgfx: implement basic negotiation 2013-10-21 23:33:25 -04:00
Marc-André Moreau
367ebf32a3 freerdp: make use of stream macros to access members 2013-05-15 12:14:26 -04:00