From 358ac53b6627470521f1cddf2a125ed1d5155602 Mon Sep 17 00:00:00 2001
From: Armin Novak <anovak@thincast.com>
Date: Fri, 2 Dec 2022 22:04:39 +0100
Subject: [PATCH] [core,license] print a warning on invalid packet

* add stringify function for securityFlags
* print a error message on unexpected packet
---
 libfreerdp/core/connection.c |  7 +++++++
 libfreerdp/core/rdp.c        | 38 ++++++++++++++++++++++++++++++++++++
 libfreerdp/core/rdp.h        |  2 ++
 3 files changed, 47 insertions(+)

diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c
index 2a3a5c566..5c6f2e3c9 100644
--- a/libfreerdp/core/connection.c
+++ b/libfreerdp/core/connection.c
@@ -1131,7 +1131,14 @@ state_run_t rdp_client_connect_license(rdpRdp* rdp, wStream* s)
 	}
 
 	if ((securityFlags & SEC_LICENSE_PKT) == 0)
+	{
+		char buffer[512] = { 0 };
+		char lbuffer[32] = { 0 };
+		WLog_ERR(TAG, "[%s] securityFlags=%s, missing required flag %s",
+		         rdp_security_flag_string(securityFlags, buffer, sizeof(buffer)),
+		         rdp_security_flag_string(SEC_LICENSE_PKT, lbuffer, sizeof(lbuffer)));
 		return STATE_RUN_FAILED;
+	}
 
 	status = license_recv(rdp->license, s);
 
diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c
index 6cca7d344..f7a557de3 100644
--- a/libfreerdp/core/rdp.c
+++ b/libfreerdp/core/rdp.c
@@ -2437,3 +2437,41 @@ BOOL rdp_reset_rc4_decrypt_keys(rdpRdp* rdp)
 	rdp->decrypt_use_count = 0;
 	return rdp->rc4_decrypt_key != NULL;
 }
+
+const char* rdp_security_flag_string(UINT32 securityFlags, char* buffer, size_t size)
+{
+	if (securityFlags & SEC_EXCHANGE_PKT)
+		winpr_str_append("SEC_EXCHANGE_PKT", buffer, size, "|");
+	if (securityFlags & SEC_TRANSPORT_REQ)
+		winpr_str_append("SEC_TRANSPORT_REQ", buffer, size, "|");
+	if (securityFlags & SEC_TRANSPORT_RSP)
+		winpr_str_append("SEC_TRANSPORT_RSP", buffer, size, "|");
+	if (securityFlags & SEC_ENCRYPT)
+		winpr_str_append("SEC_ENCRYPT", buffer, size, "|");
+	if (securityFlags & SEC_RESET_SEQNO)
+		winpr_str_append("SEC_RESET_SEQNO", buffer, size, "|");
+	if (securityFlags & SEC_IGNORE_SEQNO)
+		winpr_str_append("SEC_IGNORE_SEQNO", buffer, size, "|");
+	if (securityFlags & SEC_INFO_PKT)
+		winpr_str_append("SEC_INFO_PKT", buffer, size, "|");
+	if (securityFlags & SEC_LICENSE_PKT)
+		winpr_str_append("SEC_LICENSE_PKT", buffer, size, "|");
+	if (securityFlags & SEC_LICENSE_ENCRYPT_CS)
+		winpr_str_append("SEC_LICENSE_ENCRYPT_CS", buffer, size, "|");
+	if (securityFlags & SEC_LICENSE_ENCRYPT_SC)
+		winpr_str_append("SEC_LICENSE_ENCRYPT_SC", buffer, size, "|");
+	if (securityFlags & SEC_REDIRECTION_PKT)
+		winpr_str_append("SEC_REDIRECTION_PKT", buffer, size, "|");
+	if (securityFlags & SEC_SECURE_CHECKSUM)
+		winpr_str_append("SEC_SECURE_CHECKSUM", buffer, size, "|");
+	if (securityFlags & SEC_AUTODETECT_REQ)
+		winpr_str_append("SEC_AUTODETECT_REQ", buffer, size, "|");
+	if (securityFlags & SEC_AUTODETECT_RSP)
+		winpr_str_append("SEC_AUTODETECT_RSP", buffer, size, "|");
+	if (securityFlags & SEC_HEARTBEAT)
+		winpr_str_append("SEC_HEARTBEAT", buffer, size, "|");
+	if (securityFlags & SEC_FLAGSHI_VALID)
+		winpr_str_append("SEC_FLAGSHI_VALID", buffer, size, "|");
+
+	return buffer;
+}
diff --git a/libfreerdp/core/rdp.h b/libfreerdp/core/rdp.h
index 1582fb7cf..c0402ea9c 100644
--- a/libfreerdp/core/rdp.h
+++ b/libfreerdp/core/rdp.h
@@ -291,4 +291,6 @@ BOOL rdp_reset_rc4_encrypt_keys(rdpRdp* rdp);
 void rdp_free_rc4_decrypt_keys(rdpRdp* rdp);
 BOOL rdp_reset_rc4_decrypt_keys(rdpRdp* rdp);
 
+const char* rdp_security_flag_string(UINT32 securityFlags, char* buffer, size_t size);
+
 #endif /* FREERDP_LIB_CORE_RDP_H */