Use a consistent style of returning a new STREAM object from functions
that output data, rather than requiring an existing structure to be
passed in. This generally makes the memory management more straight
forward and allows us to do more proper bounds checking of everything.
This also adds some new STREAM macros to make it easier to manage
them without poking around in the internal structure.
We don't know when the caller might be done with a stream, so we
can end up with code overwriting things in a stream that is in use
elsewhere.
Solve the issue by returning a new stream each time and leave it
up to the callers to free it.
This macro checks if a pointer is valid _after_ we've already used
that pointer. So it will only trigger if we're already performed some
for of buffer overflow. As such, it provides little to no value and
can only server to encourage broken behaviour.
Let's remove it and replace it with proper bounds checking before
access instead.
This commit includes fixes for a set of 21 vulnerabilities in
rdesktop when a malicious RDP server is used.
All vulnerabilities was identified and reported by Eyal Itkin.
* Add rdp_protocol_error function that is used in several fixes
* Refactor of process_bitmap_updates
* Fix possible integer overflow in s_check_rem() on 32bit arch
* Fix memory corruption in process_bitmap_data - CVE-2018-8794
* Fix remote code execution in process_bitmap_data - CVE-2018-8795
* Fix remote code execution in process_plane - CVE-2018-8797
* Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
* Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
* Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
* Fix Denial of Service in sec_recv - CVE-2018-20176
* Fix minor information leak in rdpdr_process - CVE-2018-8791
* Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
* Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
* Fix Denial of Service in process_bitmap_data - CVE-2018-8796
* Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
* Fix Denial of Service in process_secondary_order - CVE-2018-8799
* Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
* Fix major information leak in ui_clip_handle_data - CVE-2018-20174
* Fix memory corruption in rdp_in_unistr - CVE-2018-20177
* Fix Denial of Service in process_demand_active - CVE-2018-20178
* Fix remote code execution in lspci_process - CVE-2018-20179
* Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
* Fix remote code execution in seamless_process - CVE-2018-20181
* Fix remote code execution in seamless_process_line - CVE-2018-20182
This happens regularly and it's not an error. An easy way to trigger
this scenario is to let cmd.exe produce a bell sound by tab-completing
something non-existant.
The rdpsnd_process_ping function did not conform to the MS-RDPEA spec
by leaving out the packsize in the reply. The MS-RDPEA spec is rather
clear that this needs to be the same value as received in the training
request.
I think I'm seeing a slight improvement in audio sync after this
change.
This work is done by Nikita Krupenko which sent a patch to
rdesktop in 2010 for version 1.6.0. I have now ported it
over to trunk and it seems to work as expected.
This commit will add a logging system to solve the problem that
one actually need to recompile rdesktop from source to enable
different debug logging.
- Same logging api for all kind of logging and messages to
end user.
- Adding -v for verbose output when running rdesktop.
- All messages are logged into a subject and with a type, eg:
logger(Keyboard, Notice, "Autos-electing %s based on locale.", locale);
- Debug logging is enabled trough a environment variable RDEKSTOP_DEBUG,
which specifies subjects of interest, comma separated. There is a special
subject named All which includes all subject for debug loggin. There is also
a simple logic opeartor '!' = NOT which can be used in combination like:
RDESKTOP_DEBUG=All,!Graphics,!Sound
Which would give debug log output for All subject except Graphics and Sound.
This commit removes the implementation of rdpsnd_rec extension
of rdpsnd protocol from rdesktop. The reason for this is that the
required driver (which only works on Windows 2003) provided by Cendio
is deprecated.
state if we see an unexpected negotiate request.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1593 423420c4-83ab-492f-b58f-81f9feb106b5
so let's not require it. This allows the device to be busy when rdesktop starts
but can be used later when it becomes free.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@1410 423420c4-83ab-492f-b58f-81f9feb106b5
sgi drivers to be selected again, when they only allow one open of the
device.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@1349 423420c4-83ab-492f-b58f-81f9feb106b5
make sure last element of sound-driver-list is NULL
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@1331 423420c4-83ab-492f-b58f-81f9feb106b5
they have finished playing. This also makes the queue system mandatory for
all backends.
git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/trunk/rdesktop@1301 423420c4-83ab-492f-b58f-81f9feb106b5
