Use a consistent style of returning a new STREAM object from functions
that output data, rather than requiring an existing structure to be
passed in. This generally makes the memory management more straight
forward and allows us to do more proper bounds checking of everything.
This also adds some new STREAM macros to make it easier to manage
them without poking around in the internal structure.
Make sure the buffer handling is a bit more sane so we can verify
offsets and boundaries. Also adds some more helper macros to shuffle
data between two different STREAM instead of trying to poke around
in the internals.
Make them more match in_uint8a and in_uint8p in that one copies and
the other just gives you a pointer and it is up to the caller how
to fill it in. This can be useful when other APIs are used to
generate the data as it avoids a temporary buffer.
Avoids mistakes by making sure everyone allocates these the same
way.
The smart card code still has manual allocation because it has it's
own magical memory management.
This macro checks if a pointer is valid _after_ we've already used
that pointer. So it will only trigger if we're already performed some
for of buffer overflow. As such, it provides little to no value and
can only server to encourage broken behaviour.
Let's remove it and replace it with proper bounds checking before
access instead.
This commit includes fixes for a set of 21 vulnerabilities in
rdesktop when a malicious RDP server is used.
All vulnerabilities was identified and reported by Eyal Itkin.
* Add rdp_protocol_error function that is used in several fixes
* Refactor of process_bitmap_updates
* Fix possible integer overflow in s_check_rem() on 32bit arch
* Fix memory corruption in process_bitmap_data - CVE-2018-8794
* Fix remote code execution in process_bitmap_data - CVE-2018-8795
* Fix remote code execution in process_plane - CVE-2018-8797
* Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
* Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
* Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
* Fix Denial of Service in sec_recv - CVE-2018-20176
* Fix minor information leak in rdpdr_process - CVE-2018-8791
* Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
* Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
* Fix Denial of Service in process_bitmap_data - CVE-2018-8796
* Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
* Fix Denial of Service in process_secondary_order - CVE-2018-8799
* Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
* Fix major information leak in ui_clip_handle_data - CVE-2018-20174
* Fix memory corruption in rdp_in_unistr - CVE-2018-20177
* Fix Denial of Service in process_demand_active - CVE-2018-20178
* Fix remote code execution in lspci_process - CVE-2018-20179
* Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
* Fix remote code execution in seamless_process - CVE-2018-20181
* Fix remote code execution in seamless_process_line - CVE-2018-20182