kekePower/rdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,979 Commits 1 Branch 0 Tags 2.8 MiB
e1537061bf
Commit Graph

1979 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pierre Ossman
e1537061bf Fix packet debug output in rdp_protocol_error() 
We're trying to print the entire packet, not just what's left.
 2019-05-06 13:30:13 +02:00
Pierre Ossman
d8b0f3782a Give source code info in rdp_protocol_error() 
Makes it easier to debug things by seeing exactly where the protocol
handling crashed.
 2019-05-06 13:29:44 +02:00
Pierre Ossman
092fc20921 Use STRNCPY() macro in smart card code 
The previous code did not do a proper bounds check and could result
in buffer overflows and unterminated strings if long names were
specified.
 2019-05-06 13:28:31 +02:00
Pierre Ossman
48b184477e Fix bad call to strncat() 2019-04-12 14:37:24 +02:00
Pierre Ossman
cf95138c9b Don't use strncpy() when not needed 
It upsets the compiler warnings when you do strncpy() with the
source buffer size as the limit. It is also unnecessary to use
strncpy() here as we just allocated a buffer guaranteed to be
large enough.
 2019-04-12 14:37:24 +02:00
Pierre Ossman
df94870c91 Remove unused variables and functions 2019-04-12 14:37:24 +02:00
Pierre Ossman
836e008853 Fix fast path stream array 
There are 16 possible codes, not 15.

(even if we currently don't know what to do with the last code)
 2019-04-12 14:37:24 +02:00
Pierre Ossman
a4bdfcfe76 Don't check certificate purpose on older GnuTLS 
The feature was added in 3.6.0, so avoid compilation errors if
building with an older GnuTLS.
 2019-03-01 11:17:40 +01:00
Alexander Zakharov
49caf6e7c3
Merge pull request #313 from markusbeth/fix_format_strings 
fix "Too few arguments to formatting function"
 2019-02-08 09:27:58 +03:00
Markus Beth
e7fb28f28e fix "Too few arguments to formatting function" 2019-02-07 23:52:24 +01:00
Markus Beth
b02996136b Fix memory leak 
Variables of type mpz_t must be cleared with mpz_clear().
 2019-02-05 22:48:48 +01:00
Markus Beth
caae8af53c Fix memory leaks on certificate handling 
Call rdssl_cert_free() for all certificates created with
rdssl_cert_read().
 2019-02-05 22:48:32 +01:00
Markus Beth
35d8c932ab Fix memory leaks on certificate handling 
Certificates initialized with gnutls_x509_crt_init() must be freed with
gnutls_x509_crt_deinit().
Memory allocated with malloc() should be freed with free() not
gnutls_free().
 2019-02-05 22:34:10 +01:00
Markus Beth
116e125139 Fix memory leaks 
The return values of XGetAtomName() have to be freed with XFree().
 2019-02-05 22:34:10 +01:00
Alexander Zakharov
85f99edd65 Update copyrights 2019-02-01 11:21:32 +03:00
Alexander Zakharov
d4fe8e8421
Merge pull request #309 from markusbeth/fix_heap_overflow 
fix heap overflow in libtasn_read_cert_pk_parameters
 2019-02-01 10:46:13 +03:00
Markus Beth
30b9571586 fix heap overflow in libtasn_read_cert_pk_parameters 
use correct size to memcpy() the exponent data in
libtasn_read_cert_pk_parameters
 2019-02-01 08:30:19 +01:00
Alexander Zakharov
ff875768ed
Merge pull request #307 from derfian/drive-redirection-offsets 
Fix device redirection offsets
 2019-01-31 13:20:04 +03:00
Karl Mikaelsson
5351182410 Fix problems with transferring large files 
The entire device redirection framework is documented to use 64-bit
offsets rather than 32-bit offsets. This should fix any problems
transfering large files with rdesktop.

Co-Authored-By: gpatel-fr <44170243+gpatel-fr@users.noreply.github.com>
 2019-01-31 10:51:19 +01:00
Henrik Andersson
8ea0b446ef Add report of activation/expiration dates 2019-01-31 10:40:12 +01:00
Henrik Andersson
fcf3e923ba
Merge pull request #298 from rdesktop/GnuTLS 
Replace OpenSSL with GnuTLS Nettle, libtasn1
 2019-01-30 17:34:07 +01:00
Henrik Andersson
9acb0ccaa3 Dont use status bits not available in v3.2.0 2019-01-30 17:16:14 +01:00
Henrik Andersson
e021920813 This commit have multiple fixes: 
- Break out code from tcp.c into utils.c for handling
   of adding certificate exceptions

 - Add clarifications why a certificate is untrusted

 - Add simplified certificate view with fingerprints for
   review.
 2019-01-30 16:12:15 +01:00
Karl Mikaelsson
aa5935cb11
Merge pull request #305 from wallix/master 
Fix checking the length of remaining data in stream for very compact orders.
 2019-01-30 11:07:13 +01:00
Pierre Ossman
17363d9e4d Get a private copy of the redirect cookie 
We accidentally just changed the pointer rather than copying the
cookie in to our freshly allocated buffer. This caused problems
after 74b2129e as we started freeing the stream buffers on
disconnect.
 2019-01-30 11:00:23 +01:00
Karl Mikaelsson
28b3c6b621 Explain the +7 constant while processing secondary drawing orders 2019-01-30 10:49:27 +01:00
Karl Mikaelsson
4e6787c889 Add types and stream infrastructure for 64-bit integers 
In preparation for reading 64-bit file offsets.
 2019-01-29 16:41:39 +01:00
Henrik Andersson
b9a50db894 Print full cert for review 2019-01-29 10:38:14 +01:00
Henrik Andersson
f8581c40b0 Remove unused code block and add generic error logging 2019-01-29 10:38:14 +01:00
Henrik Andersson
eacecac99c Set base requirement of GnuTLS to >= 3.2.0 2019-01-29 10:38:14 +01:00
Henrik Andersson
bc3a5789e4 Cleanup unused leftovers from commit 3191c341b9 2019-01-29 10:38:14 +01:00
Henrik Andersson
78a9dcff68 Refactor of public key cert check 
Reafctored public key check from libtasn_read_cert_pk_parameters()
into its own function libtasn_cert_pk_oid(). The make use of it
instead of gnutls_x509_crt_get_pk_oid().
 2019-01-29 10:38:14 +01:00
Henrik Andersson
e33b9b7ea6 Fix build for clang 2019-01-29 10:38:14 +01:00
Henrik Andersson
6577cc57e9 Do not use DN as key for certificate cache as it is insecure 2019-01-29 10:38:14 +01:00
Henrik Andersson
3ab19d543c Revert "Added implementation of a gnutls pubkey store (tdb)" 
This reverts commit f493395fc7e36e504c27cab8ad973042c55f0767.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
95fac5e1f6 Revert "Use base64 encode/decode routines from nettle instead of gnutls" 
This reverts commit 252bc346e2379475f8547d4a458743bed067448d.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
18287bdacf Add certificate verification against system trust store 
Verify the certificate from the peer against the system’s default
trusted CAs. If certificate fails the verification a fallback to
use the certificate cache is used.

The certificate cache is used to give the user the option to add
exceptions for invalid certificates. For example; self-signed
certificates etc.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
2a955dbf84 Never silently add a certificate to cache 
A user always needs to approve to add an exception for
a invalid certificate.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
d931ad5fab Bump ubuntu up from 14.04 to 16.04 2019-01-29 10:38:14 +01:00
Henrik Andersson
a61bb39dec Fix compiling warnings 2019-01-29 10:38:14 +01:00
Henrik Andersson
4bae3de6cd Add requirement of GnuTLS version 3.0 
This is required for gnutls_store_pubkey/gnutls_verify_pubkey
api used in pubkey cache verification.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
307ca2eb03 Use base64 encode/decode routines from nettle instead of gnutls 
This relaxes the version requirement for gnutls
 2019-01-29 10:38:14 +01:00
Henrik Andersson
4781868e33 Added implementation of a gnutls pubkey store (tdb) 
This fixes the problem with the default gnutls implementaion
that keys could not be updated eg. overwritten.
 2019-01-29 10:38:14 +01:00
Henrik Andersson
11ca5446d9 Make certificate mismatch handling use util_dialog_choice() 2019-01-29 10:38:14 +01:00
Henrik Andersson
9c47a9fe66 Add util_dialog_choice() for display prompt and handle response 2019-01-29 10:38:13 +01:00
Alexander Zakharov
d7d55cf3f7 PoC: Check server's certificate 2019-01-29 10:38:13 +01:00
Alexander Zakharov
78afb19536 Fix Travis CI OSX build 2019-01-29 10:38:13 +01:00
Alexander Zakharov
23e22e3834 Temporary fix for gnutls_handshake() failure 2019-01-29 10:38:13 +01:00
Alexander Zakharov
90fd660803 Parse X.509 certificate, get RSA public key, RSA encrypt 
Also add support older (< 3.5.0) GnuTLS versions
 2019-01-29 10:38:13 +01:00
Alexander Zakharov
166d1bc14d Replace OpenSSL with GnuTLS for all network communications 2019-01-29 10:38:13 +01:00