Use a consistent style of returning a new STREAM object from functions
that output data, rather than requiring an existing structure to be
passed in. This generally makes the memory management more straight
forward and allows us to do more proper bounds checking of everything.
This also adds some new STREAM macros to make it easier to manage
them without poking around in the internal structure.
This commit includes fixes for a set of 21 vulnerabilities in
rdesktop when a malicious RDP server is used.
All vulnerabilities was identified and reported by Eyal Itkin.
* Add rdp_protocol_error function that is used in several fixes
* Refactor of process_bitmap_updates
* Fix possible integer overflow in s_check_rem() on 32bit arch
* Fix memory corruption in process_bitmap_data - CVE-2018-8794
* Fix remote code execution in process_bitmap_data - CVE-2018-8795
* Fix remote code execution in process_plane - CVE-2018-8797
* Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
* Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
* Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
* Fix Denial of Service in sec_recv - CVE-2018-20176
* Fix minor information leak in rdpdr_process - CVE-2018-8791
* Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
* Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
* Fix Denial of Service in process_bitmap_data - CVE-2018-8796
* Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
* Fix Denial of Service in process_secondary_order - CVE-2018-8799
* Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
* Fix major information leak in ui_clip_handle_data - CVE-2018-20174
* Fix memory corruption in rdp_in_unistr - CVE-2018-20177
* Fix Denial of Service in process_demand_active - CVE-2018-20178
* Fix remote code execution in lspci_process - CVE-2018-20179
* Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
* Fix remote code execution in seamless_process - CVE-2018-20181
* Fix remote code execution in seamless_process_line - CVE-2018-20182
When the server does not comply with our initial session size
request, we disable the dynamic session resize feature.
Co-authored-by: Henrik Andersson <hean01@cendio.com>
Co-authored-by: Karl Mikaelsson <derfian@cendio.se>
A correct user initated disconnect sequence should send
a MCS Disconnect Provider Ultimatum PDU defined in T.128
upon a disconnect. This commit adds the implementation
the mentioned PDU and the actual write of the packet.
Signed-off-by: Henrik Andersson <hean01@cendio.com>
Renamed to function to match the PDU it was processing. Removed the
function from proto.h and made it static - there's nothing calling
this from outside of rdp.c. Fixed the logging output to output the
error code instead of the pointer value.
Extract ui_init_connection() into smaller functions
to clarify purpose.
Signed-off-by: Henrik Andersson <hean01@cendio.com>
Signed-off-by: Thomas Nilefalk <thoni56@cendio.se>
This adds support for resizing the RDP session dynamically based on
the window size. Some complicated logic has been added to avoid
sending excessive amounts of resize requests to the RDP server.
When supported, this resize mechanism should use the RDPEDISP way of
signalling the server to initiate a Deactivate/Activate sequence, but
rdesktop will fall back on Disconnect/Reconnect if RDPEDISP is not
supported by the server.
ui_select has been refactored and most functionality has been broken
out into three new functions, simplifying ui_select into a loop.
Signed-off-by: Henrik Andersson <hean01@cendio.com>
Signed-off-by: Karl Mikaelsson <derfian@cendio.se>
Signed-off-by: Thomas Nilefalk <thoni56@cendio.se>
Solves problem with hidden cursors at login screen (part of
issue #165)
Signed-off-by: Karl Mikaelsson <derfian@cendio.se>
Signed-off-by: Henrik Andersson <hean01@cendio.se>
This commit will add a logging system to solve the problem that
one actually need to recompile rdesktop from source to enable
different debug logging.
- Same logging api for all kind of logging and messages to
end user.
- Adding -v for verbose output when running rdesktop.
- All messages are logged into a subject and with a type, eg:
logger(Keyboard, Notice, "Autos-electing %s based on locale.", locale);
- Debug logging is enabled trough a environment variable RDEKSTOP_DEBUG,
which specifies subjects of interest, comma separated. There is a special
subject named All which includes all subject for debug loggin. There is also
a simple logic opeartor '!' = NOT which can be used in combination like:
RDESKTOP_DEBUG=All,!Graphics,!Sound
Which would give debug log output for All subject except Graphics and Sound.
redirection were the RDPDR channel is shutdown by server.
The RDPDR channel is shutdown by server when responses from
abdonend iorequests are received on a reinitialized RDPDR
channel. This fix adds epochs for RDPDR channel and tags
iorequest to specific epoch to handle abdonend iorequest.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1836 423420c4-83ab-492f-b58f-81f9feb106b5
and implement the usage of the new command in rdesktop.
If a seamless command is specified the persistent mode
of the session will be changed to non-persistent.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1822 423420c4-83ab-492f-b58f-81f9feb106b5
new window is created. This fixes issues with seamless
protocol parser between reconnects.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1820 423420c4-83ab-492f-b58f-81f9feb106b5
instead of using hardcoded buffer sizes and assumtion that conversion
just fits the size.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1773 423420c4-83ab-492f-b58f-81f9feb106b5
- Make sure that ui is created if processing demand active PDU
- Make sure we use precached bitmap cache again
This fixes bugs #367 and #368
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1732 423420c4-83ab-492f-b58f-81f9feb106b5
which corrupts the stream and prevents a SSL reconnect to work.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1720 423420c4-83ab-492f-b58f-81f9feb106b5
- Implementation of ctrl functionality were slaves can call
a method into existing master process, more information is
found in doc/ctrl.txt
- Implementation of new seamless SPAWN functionality so which
is used by the ctrl to spawn processes in a seamless rdp session
out of process.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1689 423420c4-83ab-492f-b58f-81f9feb106b5
disabled by default and is enabled using argument --enable-credssp
to configure script.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1676 423420c4-83ab-492f-b58f-81f9feb106b5
adding Enhanced RDP Security support to rdesktop and brings
support for TLSv1 tunnel functionality.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1659 423420c4-83ab-492f-b58f-81f9feb106b5
- Added helper functions for SHA1 hash to hash the hostname used for
licenses filename to hide information of what host user X connects
from in a infrastructure with NFS mounted home directories.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1644 423420c4-83ab-492f-b58f-81f9feb106b5
- Changes to always start the rdpdr channel
due assumtions that this channel is supposed
to always be up and running.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1607 423420c4-83ab-492f-b58f-81f9feb106b5
the rdpdr channel to be initiated.
RDPEA nor RDPBCGR mention a relation between audio and
the rdpdr channel.
See. support request #2717082
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1604 423420c4-83ab-492f-b58f-81f9feb106b5
when using smart cards in conjunction with RandR.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1561 423420c4-83ab-492f-b58f-81f9feb106b5
size, and the screen size is changed, rdesktop will automatically
reconnect using the new screen size. This feature uses the previously
implemented autoreconnect feature.
The new UI function ui_seamless_end() has been introduced, to make it
possible to resize in seamless mode as well.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1556 423420c4-83ab-492f-b58f-81f9feb106b5
behaviour of setting the session size in ui_init is not going to work,
due to xrandr, as pointed out in r1538. However, the approach
implemented in this revision doesn't work either: When the window is
created before the connection, this means that as soon as X11 events
are recieved, this is going to trigger RDP transmissions. For example,
a call to reset_modifiers_keys. But if the RDP connection is not
ready, the WTS is not prepared to handle such data. We must wait with,
for example, keyboard input until the connection is READY. OTOH, we
can't just ignore those X11 events; that might lead to that we are not
sending information that we need to send.
So, it is actually better to wait with creating the window until we
have been connected. An additional advantage of this is that for the
load balancing / session directory case, there's no risk of confusion
of which RDP connection we are actually sending data to.
The previous behaviour of creating the window after we have been
connected has been restored.
Since we still need to set connection data (currently screen size) on
a per connection basis, we need to create a new UI function for this.
Non-X11 backends need to implement this new function.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1545 423420c4-83ab-492f-b58f-81f9feb106b5
