The state buffers used by the following structs in chansrv_fuse.c
are one byte too small for filenames of length XFS_MAXFILENAMELEN:-
- struct state_lookup
- struct state_create
- struct state_rename
In practice, there is no runtime danger, as XFS_MAXFILENAMELEN is 255,
and these buffers will be followed by non-byte aligned data. Nevertheless
this should be fixed to prevent problems if the value is changed.
struct pre_session_item has an entry for the start_ip_addr which is not
being filled in. This is not normally needed, as the IP address of the
session is passed into the session another way, but it is needed if the
session selection Policy contains the 'I' selector.
Files included in distribution tarball must always be enumerated,
not be enumerated conditionally.
Resolves: #3149
(cherry picked from commit e83dcc52eb)
This commit changes the license response PDU to be constructed rather
than simply being contained as a binary blob.
Some constants in common/ms-rdpbcgr.h are renamed with the values
from the specification.
Replaces the existing licensing exchange with a single PDU
saying the user will not issue a license.
This is necessary for clients on FIPS-compliant systems, as these
are unable to decode the licensing exchange packets, due to outdated
cyphers.
The unprivileged user needs to be able to read the certificate and
key files to offer TLS, but should not be able to write to then.
This commit checks the TLS files are read-only, rather than
simply readable
If xrdp is running with dropped privileges it won't be able to delete
the PID file it's created. Places where xrdp is stopped need to cater
for this.
It's prefereable to do this than make the PID file writeable by xrdp
with dropped privileges, as this can still lead to DoS attacks if an
attacker manages to modify the PID file from a compromised xrdp
process.
- xrdp_listen.c is refactored so we can create the
listening socket(s) before dropping privileges.
- The code which reads startup params from xrdp.ini
is moved from xrdp_listen.c to xrdp.c, so it
is only called once if we test the listen before
starting the daemon.
If the setting require_credentials is true, there should be no way
for the user to get to a login screen.
This commit makes the following changes if this flag is active:-
- Makes the checks around TS_INFO_PACKET more explicit.
- Closes the connection if the first login attempt fails.
While here, embed correct file size in BMP file header.
Fixes: #3102
Sponsored by: Krämer Pferdesport GmbH & Co KG
(cherry picked from commit 4968a34cd6)
6257dae74d added a mapping of RDP
scancodes to X11 keycodes to the XUP interface. The intention is
to move this functionality from xorgxrdp to a common lookup
in xrdp.
The mapping of RDP scancodes for extended keys (e.g. Right-CTRL) is
not being done correctly.
In the words of @iskunk
It is no longer possible to refer to the Dvorak layout as just "dvorak"
(as when one would run "setxkbmap dvorak"); one must now use either
"us dvorak" or "us(dvorak)"
See https://bugs.debian.org/1063725
when a multi-monitor session has the top-left vertex of the primary
monitor at a desktop location other than (0,0), minimising and maximising
the session results in the (0,0) co-ordinate of the entire desktop being
placed at the top-left of the primary monitor.
The implementation seems to be at odds with [MS-RDPEGFX] 2.2.2.14 which
suggests the monitorDefArray of the RDPGFX_RESET_GRAPHICS_PDU should be
the same as that in the Monitor Layout PDU ([MS-RDPBCGR] 2.2.12.1)
On a resize, the encoder is deleted. At present this is done by asking
the encoder to exit, and then waiting a second.
- On slower systems, a second may not be enough, and so the encoder
data structures are freed while they are still being used by the
encoder.
- On quicker systems, resizes are delayed by hundreds of milliseconds
longer than they need to be.
This commit adds a wait object which the encoder can use to signal it
has actually finished.
The xrdp_enc_data contains a union for handling surface commands
and gfx commands. Memory processing is different for these two
options.
The default destructor for the encoder FIFO only knows about surface
commands. Consequently, if the encoder has queued GFX data when the
encoder is closed, the destructor processes the queued data as if
it contained surface commands rather than GFX commands. This typically
causes a SEGV as the drects field of the overlaid surface command
structure is not pointing at anything valid when it is freed.
If ./configure is used with devel logging, but without --enable-pixman,
the stub pixman development files are used.
However, in this configuration, the pixman_region_selfcheck() function
is declared, but not defined.
This is a regression introduced in 7e58209b19
The get_sorted_session_displays() is broken in that it
doesn't produce a sorted list of displays.
The problem is the qsort comparison function which has 2 errors in 4 lines:-
1) The test is the wrong way round (i.e. arg1 < arg2 produces a +ve
result instead of -ve)
2) Subtracting two unsigned ints in C will never return < 0
The broken function has been masked by other display checks which mean
that it is only visible in a few situations:-
1) Starting two sessions very closely to each other may allocate the
same display to both sessions.
2) If /tmp is namespaced, the other display checks do not work, and
more than two sessions cannot be started.
matt335672