We don't know when the caller might be done with a stream, so we
can end up with code overwriting things in a stream that is in use
elsewhere.
Solve the issue by returning a new stream each time and leave it
up to the callers to free it.
Make them more match in_uint8a and in_uint8p in that one copies and
the other just gives you a pointer and it is up to the caller how
to fill it in. This can be useful when other APIs are used to
generate the data as it avoids a temporary buffer.
This commit includes fixes for a set of 21 vulnerabilities in
rdesktop when a malicious RDP server is used.
All vulnerabilities was identified and reported by Eyal Itkin.
* Add rdp_protocol_error function that is used in several fixes
* Refactor of process_bitmap_updates
* Fix possible integer overflow in s_check_rem() on 32bit arch
* Fix memory corruption in process_bitmap_data - CVE-2018-8794
* Fix remote code execution in process_bitmap_data - CVE-2018-8795
* Fix remote code execution in process_plane - CVE-2018-8797
* Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
* Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
* Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
* Fix Denial of Service in sec_recv - CVE-2018-20176
* Fix minor information leak in rdpdr_process - CVE-2018-8791
* Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
* Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
* Fix Denial of Service in process_bitmap_data - CVE-2018-8796
* Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
* Fix Denial of Service in process_secondary_order - CVE-2018-8799
* Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
* Fix major information leak in ui_clip_handle_data - CVE-2018-20174
* Fix memory corruption in rdp_in_unistr - CVE-2018-20177
* Fix Denial of Service in process_demand_active - CVE-2018-20178
* Fix remote code execution in lspci_process - CVE-2018-20179
* Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
* Fix remote code execution in seamless_process - CVE-2018-20181
* Fix remote code execution in seamless_process_line - CVE-2018-20182
This commit will add a logging system to solve the problem that
one actually need to recompile rdesktop from source to enable
different debug logging.
- Same logging api for all kind of logging and messages to
end user.
- Adding -v for verbose output when running rdesktop.
- All messages are logged into a subject and with a type, eg:
logger(Keyboard, Notice, "Autos-electing %s based on locale.", locale);
- Debug logging is enabled trough a environment variable RDEKSTOP_DEBUG,
which specifies subjects of interest, comma separated. There is a special
subject named All which includes all subject for debug loggin. There is also
a simple logic opeartor '!' = NOT which can be used in combination like:
RDESKTOP_DEBUG=All,!Graphics,!Sound
Which would give debug log output for All subject except Graphics and Sound.
Generalizes code for sending clipboard format announces to RDP side,
and uses new code in appropriate places.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@1024 423420c4-83ab-492f-b58f-81f9feb106b5
RDPSND), in particular:
* channel layer takes care of virtual channel header
* split X dependent parts out of CLIPRDR, simplified IPC implementation
* initial RDPDR implementation
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@431 423420c4-83ab-492f-b58f-81f9feb106b5
This might solve trouble cutting in X, pasting to Windows when source OS is
(FJK-)IRIX.
There is still a need for better code when selecting format. This is a quick
hack.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@421 423420c4-83ab-492f-b58f-81f9feb106b5
should be sent or not after transferring data X -> Windows.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@419 423420c4-83ab-492f-b58f-81f9feb106b5
Moved DEBUG_CLIPBOARD in cliprdr_send_format_announce.
(Thanks goes to Maikel Verheijen <maikel <at> ladot <dot> com> for pointing
this out)
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@417 423420c4-83ab-492f-b58f-81f9feb106b5
Fixed a compiler warning by typecasting correctly.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@394 423420c4-83ab-492f-b58f-81f9feb106b5
Still won't handle transfers that demand INCR on the X side.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@391 423420c4-83ab-492f-b58f-81f9feb106b5
Can't handle INCR yet, but at least we handle larger transfers than
1592 bytes.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@390 423420c4-83ab-492f-b58f-81f9feb106b5
null byte (although space is allocated for it as it seems).
Resend format announces if they fail, with a small delay. Ugly hack, but
it works..
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@388 423420c4-83ab-492f-b58f-81f9feb106b5
* Send a hardcoded string to the server when it wants our clipboard data.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@384 423420c4-83ab-492f-b58f-81f9feb106b5
A lot of stuff remains for a full implementation.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@383 423420c4-83ab-492f-b58f-81f9feb106b5
