diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 4b01b9411..2ce41eb11 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -270,7 +270,7 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp) } /* encrypt client random */ - memset(crypt_client_random, 0, sizeof(crypt_client_random)); + ZeroMemory(crypt_client_random, sizeof(crypt_client_random)); crypto_nonce(client_random, sizeof(client_random)); key_len = rdp->settings->RdpServerCertificate->cert_info.ModulusLength; mod = rdp->settings->RdpServerCertificate->cert_info.Modulus; @@ -279,7 +279,7 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp) /* send crypt client random to server */ length = RDP_PACKET_HEADER_MAX_LENGTH + RDP_SECURITY_HEADER_LENGTH + 4 + key_len + 8; - s = transport_send_stream_init(rdp->mcs->transport, length); + s = Stream_New(NULL, length); rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID); rdp_write_security_header(s, SEC_EXCHANGE_PKT); @@ -294,6 +294,8 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp) return FALSE; } + Stream_Free(s, TRUE); + /* now calculate encrypt / decrypt and update keys */ if (!security_establish_keys(client_random, rdp)) { @@ -301,6 +303,7 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp) } rdp->do_crypt = TRUE; + if (rdp->settings->SaltedChecksum) rdp->do_secure_checksum = TRUE; diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c index 77e4088a8..b98d41e9a 100644 --- a/libfreerdp/core/license.c +++ b/libfreerdp/core/license.c @@ -163,7 +163,7 @@ wStream* license_send_stream_init(rdpLicense* license) { wStream* s; - s = transport_send_stream_init(license->rdp->transport, 4096); + s = Stream_New(NULL, 4096); Stream_Seek(s, LICENSE_PACKET_HEADER_MAX_LENGTH); return s; @@ -212,6 +212,8 @@ BOOL license_send(rdpLicense* license, wStream* s, BYTE type) if (transport_write(license->rdp->transport, s) < 0) return FALSE; + Stream_Free(s, TRUE); + return TRUE; } @@ -578,6 +580,8 @@ BOOL license_read_binary_blob(wStream* s, LICENSE_BLOB* blob) void license_write_binary_blob(wStream* s, LICENSE_BLOB* blob) { + Stream_EnsureRemainingCapacity(s, blob->length + 4); + Stream_Write_UINT16(s, blob->type); /* wBlobType (2 bytes) */ Stream_Write_UINT16(s, blob->length); /* wBlobLen (2 bytes) */ @@ -597,6 +601,8 @@ void license_write_encrypted_premaster_secret_blob(wStream* s, LICENSE_BLOB* blo return; } + Stream_EnsureRemainingCapacity(s, length + 4); + Stream_Write_UINT16(s, blob->type); /* wBlobType (2 bytes) */ Stream_Write_UINT16(s, length); /* wBlobLen (2 bytes) */ @@ -991,6 +997,8 @@ void license_write_platform_challenge_response_packet(rdpLicense* license, wStre { license_write_binary_blob(s, license->EncryptedPlatformChallenge); /* EncryptedPlatformChallengeResponse */ license_write_binary_blob(s, license->EncryptedHardwareId); /* EncryptedHWID */ + + Stream_EnsureRemainingCapacity(s, 16); Stream_Write(s, macData, 16); /* MACData */ } diff --git a/libfreerdp/core/mcs.c b/libfreerdp/core/mcs.c index a672e4e27..a25304594 100644 --- a/libfreerdp/core/mcs.c +++ b/libfreerdp/core/mcs.c @@ -261,6 +261,7 @@ static void mcs_init_domain_parameters(DomainParameters* domainParameters, BOOL mcs_read_domain_parameters(wStream* s, DomainParameters* domainParameters) { int length; + return ber_read_sequence_tag(s, &length) && ber_read_integer(s, &(domainParameters->maxChannelIds)) && @@ -453,12 +454,12 @@ void mcs_write_connect_response(wStream* s, rdpMcs* mcs, wStream* user_data) BOOL mcs_send_connect_initial(rdpMcs* mcs) { - wStream* s; + int status; int length; + wStream* s; BYTE *bm, *em; wStream* gcc_CCrq; wStream* client_data; - int status; client_data = Stream_New(NULL, 512); gcc_write_client_data_blocks(client_data, mcs->transport->settings); @@ -467,7 +468,8 @@ BOOL mcs_send_connect_initial(rdpMcs* mcs) gcc_write_conference_create_request(gcc_CCrq, client_data); length = Stream_GetPosition(gcc_CCrq) + 7; - s = transport_send_stream_init(mcs->transport, 1024); + s = Stream_New(NULL, 1024 + length); + Stream_GetPointer(s, bm); Stream_Seek(s, 7); @@ -483,6 +485,7 @@ BOOL mcs_send_connect_initial(rdpMcs* mcs) status = transport_write(mcs->transport, s); + Stream_Free(s, TRUE); Stream_Free(gcc_CCrq, TRUE); Stream_Free(client_data, TRUE); @@ -533,9 +536,9 @@ BOOL mcs_recv_connect_response(rdpMcs* mcs, wStream* s) BOOL mcs_send_connect_response(rdpMcs* mcs) { - wStream* s; int length; - int ret; + int status; + wStream* s; BYTE *bm, *em; wStream* gcc_CCrsp; wStream* server_data; @@ -547,7 +550,8 @@ BOOL mcs_send_connect_response(rdpMcs* mcs) gcc_write_conference_create_response(gcc_CCrsp, server_data); length = Stream_GetPosition(gcc_CCrsp) + 7; - s = transport_send_stream_init(mcs->transport, 1024); + s = Stream_New(NULL, length + 1024); + Stream_GetPointer(s, bm); Stream_Seek(s, 7); @@ -561,12 +565,13 @@ BOOL mcs_send_connect_response(rdpMcs* mcs) Stream_SetPointer(s, em); Stream_SealLength(s); - ret = transport_write(mcs->transport, s); + status = transport_write(mcs->transport, s); + Stream_Free(s, TRUE); Stream_Free(gcc_CCrsp, TRUE); Stream_Free(server_data, TRUE); - return (ret < 0) ? FALSE : TRUE; + return (status < 0) ? FALSE : TRUE; } /** @@ -582,6 +587,7 @@ BOOL mcs_recv_erect_domain_request(rdpMcs* mcs, wStream* s) enum DomainMCSPDU MCSPDU; MCSPDU = DomainMCSPDU_ErectDomainRequest; + return mcs_read_domain_mcspdu_header(s, &MCSPDU, &length); } @@ -594,8 +600,10 @@ BOOL mcs_recv_erect_domain_request(rdpMcs* mcs, wStream* s) BOOL mcs_send_erect_domain_request(rdpMcs* mcs) { wStream* s; + int status; UINT16 length = 12; - s = transport_send_stream_init(mcs->transport, length); + + s = Stream_New(NULL, length); mcs_write_domain_mcspdu_header(s, DomainMCSPDU_ErectDomainRequest, length, 0); @@ -604,10 +612,11 @@ BOOL mcs_send_erect_domain_request(rdpMcs* mcs) Stream_SealLength(s); - if (transport_write(mcs->transport, s) < 0) - return FALSE; + status = transport_write(mcs->transport, s); - return TRUE; + Stream_Free(s, TRUE); + + return (status < 0) ? FALSE : TRUE; } /** @@ -623,6 +632,7 @@ BOOL mcs_recv_attach_user_request(rdpMcs* mcs, wStream* s) enum DomainMCSPDU MCSPDU; MCSPDU = DomainMCSPDU_AttachUserRequest; + return mcs_read_domain_mcspdu_header(s, &MCSPDU, &length); } @@ -635,17 +645,20 @@ BOOL mcs_recv_attach_user_request(rdpMcs* mcs, wStream* s) BOOL mcs_send_attach_user_request(rdpMcs* mcs) { wStream* s; + int status; UINT16 length = 8; - s = transport_send_stream_init(mcs->transport, length); + + s = Stream_New(NULL, length); mcs_write_domain_mcspdu_header(s, DomainMCSPDU_AttachUserRequest, length, 0); Stream_SealLength(s); - if (transport_write(mcs->transport, s) < 0) - return FALSE; + status = transport_write(mcs->transport, s); - return TRUE; + Stream_Free(s, TRUE); + + return (status < 0) ? FALSE : TRUE; } /** @@ -661,6 +674,7 @@ BOOL mcs_recv_attach_user_confirm(rdpMcs* mcs, wStream* s) enum DomainMCSPDU MCSPDU; MCSPDU = DomainMCSPDU_AttachUserConfirm; + return mcs_read_domain_mcspdu_header(s, &MCSPDU, &length) && per_read_enumerated(s, &result, MCS_Result_enum_length) && /* result */ @@ -676,9 +690,10 @@ BOOL mcs_recv_attach_user_confirm(rdpMcs* mcs, wStream* s) BOOL mcs_send_attach_user_confirm(rdpMcs* mcs) { wStream* s; + int status; UINT16 length = 11; - s = transport_send_stream_init(mcs->transport, length); + s = Stream_New(NULL, length); mcs_write_domain_mcspdu_header(s, DomainMCSPDU_AttachUserConfirm, length, 2); @@ -688,9 +703,11 @@ BOOL mcs_send_attach_user_confirm(rdpMcs* mcs) Stream_SealLength(s); - transport_write(mcs->transport, s); + status = transport_write(mcs->transport, s); - return TRUE; + Stream_Free(s, TRUE); + + return (status < 0) ? FALSE : TRUE; } /** @@ -707,6 +724,7 @@ BOOL mcs_recv_channel_join_request(rdpMcs* mcs, wStream* s, UINT16* channel_id) UINT16 user_id; MCSPDU = DomainMCSPDU_ChannelJoinRequest; + return mcs_read_domain_mcspdu_header(s, &MCSPDU, &length) && per_read_integer16(s, &user_id, MCS_BASE_CHANNEL_ID) && @@ -724,8 +742,10 @@ BOOL mcs_recv_channel_join_request(rdpMcs* mcs, wStream* s, UINT16* channel_id) BOOL mcs_send_channel_join_request(rdpMcs* mcs, UINT16 channel_id) { wStream* s; + int status; UINT16 length = 12; - s = transport_send_stream_init(mcs->transport, 12); + + s = Stream_New(NULL, length); mcs_write_domain_mcspdu_header(s, DomainMCSPDU_ChannelJoinRequest, length, 0); @@ -734,10 +754,11 @@ BOOL mcs_send_channel_join_request(rdpMcs* mcs, UINT16 channel_id) Stream_SealLength(s); - if (transport_write(mcs->transport, s) < 0) - return FALSE; + status = transport_write(mcs->transport, s); - return TRUE; + Stream_Free(s, TRUE); + + return (status < 0) ? FALSE : TRUE; } /** @@ -776,8 +797,10 @@ BOOL mcs_recv_channel_join_confirm(rdpMcs* mcs, wStream* s, UINT16* channel_id) BOOL mcs_send_channel_join_confirm(rdpMcs* mcs, UINT16 channel_id) { wStream* s; + int status; UINT16 length = 15; - s = transport_send_stream_init(mcs->transport, 15); + + s = Stream_New(NULL, length); mcs_write_domain_mcspdu_header(s, DomainMCSPDU_ChannelJoinConfirm, length, 2); @@ -788,9 +811,11 @@ BOOL mcs_send_channel_join_confirm(rdpMcs* mcs, UINT16 channel_id) Stream_SealLength(s); - transport_write(mcs->transport, s); + status = transport_write(mcs->transport, s); - return TRUE; + Stream_Free(s, TRUE); + + return (status < 0) ? FALSE : TRUE; } /** @@ -801,16 +826,20 @@ BOOL mcs_send_channel_join_confirm(rdpMcs* mcs, UINT16 channel_id) BOOL mcs_send_disconnect_provider_ultimatum(rdpMcs* mcs) { wStream* s; + int status; UINT16 length = 9; - s = transport_send_stream_init(mcs->transport, 9); + + s = Stream_New(NULL, length); mcs_write_domain_mcspdu_header(s, DomainMCSPDU_DisconnectProviderUltimatum, length, 1); per_write_enumerated(s, 0, 0); /* reason */ - transport_write(mcs->transport, s); + status = transport_write(mcs->transport, s); - return TRUE; + Stream_Free(s, TRUE); + + return (status < 0) ? FALSE : TRUE; } /** diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index 7f43bf18f..5499ea174 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -276,7 +276,8 @@ BOOL nego_send_preconnection_pdu(rdpNego* nego) cbSize += cchPCB * 2; } - s = transport_send_stream_init(nego->transport, cbSize); + s = Stream_New(NULL, cbSize); + Stream_Write_UINT32(s, cbSize); /* cbSize */ Stream_Write_UINT32(s, 0); /* Flags */ Stream_Write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */ @@ -294,6 +295,8 @@ BOOL nego_send_preconnection_pdu(rdpNego* nego) if (transport_write(nego->transport, s) < 0) return FALSE; + Stream_Free(s, TRUE); + return TRUE; } @@ -646,7 +649,8 @@ BOOL nego_send_negotiation_request(rdpNego* nego) BYTE *bm, *em; int cookie_length; - s = transport_send_stream_init(nego->transport, 256); + s = Stream_New(NULL, 512); + length = TPDU_CONNECTION_REQUEST_LENGTH; Stream_GetPointer(s, bm); Stream_Seek(s, length); @@ -695,6 +699,8 @@ BOOL nego_send_negotiation_request(rdpNego* nego) if (transport_write(nego->transport, s) < 0) return FALSE; + Stream_Free(s, TRUE); + return TRUE; } @@ -812,7 +818,8 @@ BOOL nego_send_negotiation_response(rdpNego* nego) status = TRUE; settings = nego->transport->settings; - s = transport_send_stream_init(nego->transport, 256); + s = Stream_New(NULL, 512); + length = TPDU_CONNECTION_CONFIRM_LENGTH; Stream_GetPointer(s, bm); Stream_Seek(s, length); @@ -852,6 +859,8 @@ BOOL nego_send_negotiation_response(rdpNego* nego) if (transport_write(nego->transport, s) < 0) return FALSE; + Stream_Free(s, TRUE); + if (status) { /* update settings with negotiated protocol security */ diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index e0ea3f0f1..e4ccccc73 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -498,7 +498,6 @@ static int transport_read_nonblocking(rdpTransport* transport) { int status; - Stream_EnsureCapacity(transport->ReceiveBuffer, 32 * 1024); status = transport_read(transport, transport->ReceiveBuffer); if (status <= 0)