kekePower/rdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,019 Commits 1 Branch 0 Tags 2.8 MiB
master
Commit Graph

2019 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Markus Beth
b02996136b Fix memory leak 
Variables of type mpz_t must be cleared with mpz_clear().
 2019-02-05 22:48:48 +01:00
Markus Beth
caae8af53c Fix memory leaks on certificate handling 
Call rdssl_cert_free() for all certificates created with
rdssl_cert_read().
 2019-02-05 22:48:32 +01:00
Markus Beth
35d8c932ab Fix memory leaks on certificate handling 
Certificates initialized with gnutls_x509_crt_init() must be freed with
gnutls_x509_crt_deinit().
Memory allocated with malloc() should be freed with free() not
gnutls_free().
 2019-02-05 22:34:10 +01:00
Markus Beth
116e125139 Fix memory leaks 
The return values of XGetAtomName() have to be freed with XFree().
 2019-02-05 22:34:10 +01:00
Alexander Zakharov
85f99edd65 Update copyrights 2019-02-01 11:21:32 +03:00
Alexander Zakharov
d4fe8e8421
Merge pull request #309 from markusbeth/fix_heap_overflow 
fix heap overflow in libtasn_read_cert_pk_parameters
 2019-02-01 10:46:13 +03:00
Markus Beth
30b9571586 fix heap overflow in libtasn_read_cert_pk_parameters 
use correct size to memcpy() the exponent data in
libtasn_read_cert_pk_parameters
 2019-02-01 08:30:19 +01:00
Alexander Zakharov
ff875768ed
Merge pull request #307 from derfian/drive-redirection-offsets 
Fix device redirection offsets
 2019-01-31 13:20:04 +03:00
Karl Mikaelsson
5351182410 Fix problems with transferring large files 
The entire device redirection framework is documented to use 64-bit
offsets rather than 32-bit offsets. This should fix any problems
transfering large files with rdesktop.

Co-Authored-By: gpatel-fr <44170243+gpatel-fr@users.noreply.github.com>
 2019-01-31 10:51:19 +01:00
Henrik Andersson
8ea0b446ef Add report of activation/expiration dates 2019-01-31 10:40:12 +01:00
Henrik Andersson
fcf3e923ba
Merge pull request #298 from rdesktop/GnuTLS 
Replace OpenSSL with GnuTLS Nettle, libtasn1
 2019-01-30 17:34:07 +01:00
Henrik Andersson
9acb0ccaa3 Dont use status bits not available in v3.2.0 2019-01-30 17:16:14 +01:00
Henrik Andersson
e021920813 This commit have multiple fixes: 
- Break out code from tcp.c into utils.c for handling
   of adding certificate exceptions

 - Add clarifications why a certificate is untrusted

 - Add simplified certificate view with fingerprints for
   review.
 2019-01-30 16:12:15 +01:00
Karl Mikaelsson
aa5935cb11
Merge pull request #305 from wallix/master 
Fix checking the length of remaining data in stream for very compact orders.
 2019-01-30 11:07:13 +01:00
Pierre Ossman
17363d9e4d Get a private copy of the redirect cookie 
We accidentally just changed the pointer rather than copying the
cookie in to our freshly allocated buffer. This caused problems
after 74b2129e as we started freeing the stream buffers on
disconnect.
 2019-01-30 11:00:23 +01:00
Karl Mikaelsson
28b3c6b621 Explain the +7 constant while processing secondary drawing orders 2019-01-30 10:49:27 +01:00
Karl Mikaelsson
4e6787c889 Add types and stream infrastructure for 64-bit integers 
In preparation for reading 64-bit file offsets.
 2019-01-29 16:41:39 +01:00
Henrik Andersson
b9a50db894 Print full cert for review 2019-01-29 10:38:14 +01:00
Henrik Andersson
f8581c40b0 Remove unused code block and add generic error logging 2019-01-29 10:38:14 +01:00
Henrik Andersson
eacecac99c Set base requirement of GnuTLS to >= 3.2.0 2019-01-29 10:38:14 +01:00
Henrik Andersson
bc3a5789e4 Cleanup unused leftovers from commit 3191c341b9 2019-01-29 10:38:14 +01:00
Henrik Andersson
78a9dcff68 Refactor of public key cert check 
Reafctored public key check from libtasn_read_cert_pk_parameters()
into its own function libtasn_cert_pk_oid(). The make use of it
instead of gnutls_x509_crt_get_pk_oid().
 2019-01-29 10:38:14 +01:00
Henrik Andersson
e33b9b7ea6 Fix build for clang 2019-01-29 10:38:14 +01:00
Henrik Andersson
6577cc57e9 Do not use DN as key for certificate cache as it is insecure 2019-01-29 10:38:14 +01:00
Henrik Andersson
3ab19d543c Revert "Added implementation of a gnutls pubkey store (tdb)" 
This reverts commit f493395fc7e36e504c27cab8ad973042c55f0767.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
95fac5e1f6 Revert "Use base64 encode/decode routines from nettle instead of gnutls" 
This reverts commit 252bc346e2379475f8547d4a458743bed067448d.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
18287bdacf Add certificate verification against system trust store 
Verify the certificate from the peer against the system’s default
trusted CAs. If certificate fails the verification a fallback to
use the certificate cache is used.

The certificate cache is used to give the user the option to add
exceptions for invalid certificates. For example; self-signed
certificates etc.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
2a955dbf84 Never silently add a certificate to cache 
A user always needs to approve to add an exception for
a invalid certificate.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
d931ad5fab Bump ubuntu up from 14.04 to 16.04 2019-01-29 10:38:14 +01:00
Henrik Andersson
a61bb39dec Fix compiling warnings 2019-01-29 10:38:14 +01:00
Henrik Andersson
4bae3de6cd Add requirement of GnuTLS version 3.0 
This is required for gnutls_store_pubkey/gnutls_verify_pubkey
api used in pubkey cache verification.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
307ca2eb03 Use base64 encode/decode routines from nettle instead of gnutls 
This relaxes the version requirement for gnutls
 2019-01-29 10:38:14 +01:00
Henrik Andersson
4781868e33 Added implementation of a gnutls pubkey store (tdb) 
This fixes the problem with the default gnutls implementaion
that keys could not be updated eg. overwritten.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
11ca5446d9 Make certificate mismatch handling use util_dialog_choice() 2019-01-29 10:38:14 +01:00
Henrik Andersson
9c47a9fe66 Add util_dialog_choice() for display prompt and handle response 2019-01-29 10:38:13 +01:00
Alexander Zakharov
d7d55cf3f7 PoC: Check server's certificate 2019-01-29 10:38:13 +01:00
Alexander Zakharov
78afb19536 Fix Travis CI OSX build 2019-01-29 10:38:13 +01:00
Alexander Zakharov
23e22e3834 Temporary fix for gnutls_handshake() failure 2019-01-29 10:38:13 +01:00
Alexander Zakharov
90fd660803 Parse X.509 certificate, get RSA public key, RSA encrypt 
Also add support older (< 3.5.0) GnuTLS versions
 2019-01-29 10:38:13 +01:00
Alexander Zakharov
166d1bc14d Replace OpenSSL with GnuTLS for all network communications 2019-01-29 10:38:13 +01:00
Alexander Zakharov
00d9e0c4c8 Replace HMAC_MD5, SHA1, RC4, MD5 with Nettle's counterparts 2019-01-29 10:38:13 +01:00
Alexander Zakharov
673b267e66 Add ASN.1 parsing routines 2019-01-29 10:38:13 +01:00
Henrik Andersson
bc727e7ef1 One should be able to provide empty password via -p 2019-01-29 10:28:14 +01:00
Karl Mikaelsson
e92916eaae
Merge pull request #306 from rdesktop/uglym8-ewmh-fullscreen 
Change the way we do fullscreen
 2019-01-28 16:21:21 +01:00
XiaopengZHOU
6249a5fec3
Fix checking the length of remaining data in stream for very compact orders. 2019-01-28 12:11:03 +01:00
Alexander Zakharov
1cbc2aa739 Change the way we do fullscreen 2019-01-28 11:09:16 +01:00
Henrik Andersson
1353fd75dd
Merge pull request #73 from uglym8/fix_sc_death 
Handle insufficient server side buffer for smartcard operations
 2019-01-23 14:26:39 +01:00
Alexander Zakharov
758f7b5156 scard: Fix buffer overflow 
Even though we can detect that the server buffer is too small to
receive the APDU result we don't prevent the actual copy of this result
to allocated buffer which results in overflow.
 2019-01-23 16:12:21 +03:00
Alexander Zakharov
774a657975 Handle insufficient server side buffer for smartcard operations 
We should pay attention to OutputBufferLength of DR_CONTROL_REQ
and send STATUS_BUFFER_TOO_SMALL if it's insufficient for returned
result.
 2019-01-23 16:12:21 +03:00
Henrik Andersson
d12204b424 Bumb version of supported redirect PDU 
Before this change we announce that we support redirection
packet version 3 (Microsoft RDP 5.1 and 5.2 clients), this
makes the server to only send back LB_TARGET_NET_ADDRESS which
includes an IP address for the redirection. Announcing version
4 (Microsoft RDP 6.0 and 6.1 clients) will make the server to
send a LB_TARGET_FQDN which solves a few problems, for example
using kerberos authentication.

Fixes issue #303
 2019-01-22 13:20:13 +01:00