mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,230 Commits 9 Branches 44 Tags 20 MiB
2c6419475c
Commit Graph

4230 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
matt335672
7780fd4ccb CVE-2022-23484 
Add check for RAIL window text size
 2022-12-09 18:11:03 +00:00
matt335672
f2282db410 CVE-2022-23483 
Sanitise channel data being passed from application

Avoids OOB read if the size field is incorrect.
 2022-12-09 18:11:03 +00:00
matt335672
1e42426db5 CVE-2022-23482 
Check minimum length of TS_UD_CS_CORE message
 2022-12-09 18:11:03 +00:00
matt335672
bc6b052959 CVE-2022-23481 
Add length checks to client confirm active PDU parsing
 2022-12-09 18:11:03 +00:00
matt335672
b5b047458e Remove unused g_full_name_for_filesystem 
Not only was this unused, the way it was read could lead to a
buffer overflow (CVE-2022-23480)
 2022-12-09 18:11:03 +00:00
matt335672
ae7c17e1f6 CVE-2022-23480 
Added length checking to redirector response parsing
 2022-12-09 18:11:03 +00:00
matt335672
5d1cb432ca Changes to cope with trans->header_size being unsigned 2022-12-09 17:54:53 +00:00
matt335672
b1147f5faa CVE-2022-23479 
Detect attempts to overflow input buffer

If application code hasn't properly sanitised the header_size
for a transport, it is possible for read requests to be issued
which overflow the input buffer. This change detects this
at a low level and bounces the read request.
 2022-12-09 17:34:25 +00:00
matt335672
cea7313257 CVE-2022-23478 
Fix potential OOB write if invalid chansrv channel opened

Also removed an unnecessary dynamic memory allocation
 2022-12-09 17:33:54 +00:00
matt335672
96afae1ec5 CVE-2022-23477 
Prevent buffer overflow for oversized audio format from client
 2022-12-09 17:33:34 +00:00
matt335672
3dab2c23da CVE-2022-23468 
Login window - replace g_sprintf() withl g_snprintf() calls
 2022-12-09 17:33:06 +00:00
matt335672
89c873e4aa Set permissions on pcsc socket dir to owner only 
There is no reason for any user other than the current one to be able
to communicate with the remote smartcard.
 2022-12-09 11:55:31 +00:00
matt335672
e05d223462
Merge pull request #2443 from neutrinolabs/metalefty-patch-1 
SECURITY.md: mention including GitHub account in vuln report
 2022-12-01 09:34:12 +00:00
metalefty
790db4df03
SECURITY.md: mention including GitHub account in vuln report 2022-12-01 15:47:21 +09:00
matt335672
8fc5610dad
Remove unnecesssary data from struct auth_info (#2438) 
When using PAM authentication, a copy is made of the username and password in the auth_info structure.

The password copy is not cleared from memory when the structure is deallocated. This could mean the password is revealed to an attacker from a coredump.

One solution is to clear the password when the struct is deallocated. However, the username and password in the auth_info struct are only required for the duration of the PAM conversation function. A better solution is to remove the username and password from the auth_info struct entirely, and just use pointers for the duration of the time the callback function is used.
 2022-11-28 10:05:20 +00:00
matt335672
791db0998a
Merge pull request #2437 from matt335672/fix_font_use_after_free 
Fix regression use-after-free
 2022-11-23 11:13:51 +00:00
matt335672
4c8997f033 Fix regression use-after-free 
93d97dcb introduced a use-after-free error. The default_font for the
window manager may be used as the font for the main window manager
painter, and so deleting the default_font may cause the painter to
access deallocated memory.

At the point xrdp_wm_init() is called, the only active painter
should be the window manager one.
 2022-11-23 11:02:21 +00:00
matt335672
b0ab1c8529
Merge pull request #2425 from seflerZ/touchpad 
Disable touch events on XVNC session
 2022-11-21 10:02:53 +00:00
sefler
a2ac6b694a code refactored 2022-11-20 13:31:03 +08:00
sefler
fb34012482 change comments 2022-11-20 13:31:03 +08:00
sefler
94447752f2 use enum 2022-11-20 13:31:03 +08:00
sefler
e97a66593b Disabel touch events on XVNC session 2022-11-20 13:31:03 +08:00
matt335672
a63ce2bacd
Merge pull request #2435 from matt335672/fix_font_leak 
Fix memory leak in font handler
 2022-11-18 15:45:14 +00:00
matt335672
93d97dcb08 Fix memory leak in font handler 
The following sequence of events results in a memory leak as a font
is loaded twice
1) Invoke login screen
2) Try to log in to session, which fails
3) Back to login screen

Fix is to make sure font is deleted before being reloaded.
 2022-11-18 14:58:04 +00:00
matt335672
31de86f77a
Merge pull request #2427 from matt335672/check_ft_version 
Fix freetype2 version checking
 2022-11-16 09:32:08 +00:00
metalefty
b34daa1a70
Merge pull request #2426 from metalefty/vnc_mouse_button_678 
vnc: add mouse button 6,7,8 support
 2022-11-16 09:29:43 +09:00
matt335672
3279e16bbf Fix freetype2 version checking 
The version of freetype2 returned by pkg-config --modversion is
not the same as the product release version. Consequently, the
check for version >= 2.8.0 does not work.
 2022-11-14 20:12:34 +00:00
Koichiro IWAO
2b0c903afe vnc: add mouse button 6, 7, 8 support 2022-11-14 22:23:29 +09:00
Koichiro IWAO
70bc5ea092 vnc: Constify existing use of magic numbers 2022-11-14 22:23:29 +09:00
matt335672
a2693d0d22
Merge pull request #2421 from metalefty/constify 
Constify some magic numbers
 2022-11-11 11:51:23 +00:00
matt335672
d5e5bc0675
Merge pull request #2408 from matt335672/bump_autoconf_ver 
Bump autoconf ver
 2022-11-11 11:49:41 +00:00
matt335672
e37b096951
Merge pull request #2420 from matt335672/rfc_compliant_guid 
guid_new() returns GUIDs compatible with RFC4122
 2022-11-11 11:47:41 +00:00
Koichiro IWAO
1b2e1b9a48 Constify some magic numbers 
- CMDTYPE_FRAME_MARKER
- FASTPATH_UPDATETYPE_SURFCMDS
 2022-11-11 11:41:46 +09:00
matt335672
c3bb7dc294 guid_new() returns GUIDs compatible with RFC4122 2022-11-10 14:19:19 +00:00
matt335672
9940f2f5ee
Merge pull request #2416 from matt335672/reload_sesman 
Support and document SIGHUP for xrdp-sesman

A --reload argument is now supported.
 2022-11-09 16:06:41 +00:00
matt335672
3a0a932472 Add --reload option to sesman 
Adds a --reload switch to sesman and plumbs this in
to systemctl reload xrdp-sesman.service
 2022-11-09 09:46:36 +00:00
Mosakuji Hokuto
4ff968bc98
Update pamdir_suse to accommodate with TW pam.d move (#2413) 
On newer builds of openSUSE tumbleweed the path of pam.d has moved from
/usr/etc/pam.d to /usr/lib/pam.d, which prevents install script to
correctly guess pam rules. Updating path in mkpamrules solves the
problem.
 2022-11-08 10:05:55 +00:00
matt335672
9b007f1eec Updated submodule autoconf version to 2.69 2022-11-07 15:51:03 +00:00
matt335672
17dda486a1 Update ax_type_socklen_t.m4 to latest version 
Fixes warning about obsolete macro AC_TRY_COMPILE with autoconf 2.71
 2022-11-07 15:50:22 +00:00
matt335672
b7d0bd784a Bump autoconf version 
* Autoconf version from 2.65 -> 2.69
* AC_PROG_LIBTOOL replaced with LT_INIT
* AC_HELP_STRING replaced with AS_HELP_STRING
 2022-11-07 15:48:20 +00:00
Alexander Pevzner
6c2bc83ec9 LogFile in sesman.ini(5) updated too 
docs/man/sesman.ini.5.in
 2022-11-04 22:34:53 +03:00
Alexander Pevzner
79d6219d9d Code formatting fixed 2022-11-04 22:18:02 +03:00
metalefty
cc43061ed4
Merge pull request #2401 from metalefty/codec_guid 
Record codec GUID to identify unknown codec
 2022-11-04 16:13:30 +09:00
Koichiro IWAO
9120dc9a66 Update header comments 2022-11-04 16:06:50 +09:00
Alexander Pevzner
d6e888cf38 Use LogFile=<stdiut> instead of LogFile=- to redirect log to stdout 2022-11-03 14:44:58 +03:00
Alexander Pevzner
59ca0e1c58 LogFile=- redirects log to stdout, which is useful for debugging 2022-11-02 17:00:44 +03:00
Koichiro IWAO
32da5a7ed6 Replace guid_to_str() with ms_guid_to_str() 2022-11-02 00:20:31 +09:00
Koichiro IWAO
44c977a7c2 Use 8-4-4-4-12 rather than 8-4-4-16 for GUID textual representation 2022-11-01 22:57:07 +09:00
Koichiro IWAO
fe14cb14a3 libxrdp: record codec GUID to identify unknown codec 2022-11-01 19:24:02 +09:00
Koichiro IWAO
791f055e18 common: add function to convert from Microsoft's GUID to string 2022-11-01 19:24:02 +09:00