morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

[core] standard RDP race condition on sec_flags

Browse Source 
Had a race condition when using standard RDP security layer, where
multiple threads accessed |rdp->sec_flags| and modified it. This commit
removes the above field and converts to using a stack variable.
This commit is contained in:
Eyal Tolchinsky
2025-03-26 17:03:14 +02:00
parent 0abe122b2b
commit 9be45a9fac
20 changed files with 300 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
libfreerdp/core/activation.c
View File

@@ -75,7 +75,8 @@ BOOL rdp_recv_server_synchronize_pdu(rdpRdp* rdp, wStream* s)
BOOL rdp_send_server_synchronize_pdu(rdpRdp* rdp)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -87,7 +88,7 @@ BOOL rdp_send_server_synchronize_pdu(rdpRdp* rdp)
}
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SYNCHRONIZE, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SYNCHRONIZE, rdp->mcs->userId, sec_flags);
}
BOOL rdp_recv_client_synchronize_pdu(rdpRdp* rdp, wStream* s)
@@ -99,7 +100,8 @@ BOOL rdp_recv_client_synchronize_pdu(rdpRdp* rdp, wStream* s)
BOOL rdp_send_client_synchronize_pdu(rdpRdp* rdp)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -111,7 +113,7 @@ BOOL rdp_send_client_synchronize_pdu(rdpRdp* rdp)
}
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SYNCHRONIZE, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SYNCHRONIZE, rdp->mcs->userId, sec_flags);
}
static BOOL rdp_recv_control_pdu(wStream* s, UINT16* action, UINT16* grantId, UINT32* controlId)
@@ -175,7 +177,8 @@ BOOL rdp_recv_server_control_pdu(rdpRdp* rdp, wStream* s)
BOOL rdp_send_server_control_cooperate_pdu(rdpRdp* rdp)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
if (!Stream_CheckAndLogRequiredCapacity(TAG, (s), 8))
@@ -188,12 +191,13 @@ BOOL rdp_send_server_control_cooperate_pdu(rdpRdp* rdp)
Stream_Write_UINT32(s, 0); /* controlId (4 bytes) */
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_CONTROL, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_CONTROL, rdp->mcs->userId, sec_flags);
}
BOOL rdp_send_server_control_granted_pdu(rdpRdp* rdp)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
if (!Stream_CheckAndLogRequiredCapacity(TAG, (s), 8))
@@ -206,7 +210,7 @@ BOOL rdp_send_server_control_granted_pdu(rdpRdp* rdp)
Stream_Write_UINT16(s, CTRLACTION_GRANTED_CONTROL); /* action (2 bytes) */
Stream_Write_UINT16(s, rdp->mcs->userId); /* grantId (2 bytes) */
Stream_Write_UINT32(s, 0x03EA); /* controlId (4 bytes) */
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_CONTROL, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_CONTROL, rdp->mcs->userId, sec_flags);
}
BOOL rdp_send_client_control_pdu(rdpRdp* rdp, UINT16 action)
@@ -226,7 +230,8 @@ BOOL rdp_send_client_control_pdu(rdpRdp* rdp, UINT16 action)
return FALSE;
}
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
if (!rdp_write_client_control_pdu(s, action, GrantId, ControlId))
@@ -236,7 +241,7 @@ BOOL rdp_send_client_control_pdu(rdpRdp* rdp, UINT16 action)
}
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_CONTROL, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_CONTROL, rdp->mcs->userId, sec_flags);
}
static BOOL rdp_write_client_persistent_key_list_pdu(wStream* s,
@@ -403,7 +408,8 @@ BOOL rdp_send_client_persistent_key_list_pdu(rdpRdp* rdp)
info.totalEntriesCache0, info.totalEntriesCache1, info.totalEntriesCache2,
info.totalEntriesCache3, info.totalEntriesCache4);
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
{
@@ -421,7 +427,8 @@ BOOL rdp_send_client_persistent_key_list_pdu(rdpRdp* rdp)
WINPR_ASSERT(rdp->mcs);
free(keyList);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_BITMAP_CACHE_PERSISTENT_LIST, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_BITMAP_CACHE_PERSISTENT_LIST, rdp->mcs->userId,
sec_flags);
}
BOOL rdp_recv_client_font_list_pdu(wStream* s)
@@ -514,7 +521,8 @@ static BOOL rdp_write_client_font_list_pdu(wStream* s, UINT16 flags)
BOOL rdp_send_client_font_list_pdu(rdpRdp* rdp, UINT16 flags)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
if (!rdp_write_client_font_list_pdu(s, flags))
@@ -524,7 +532,7 @@ BOOL rdp_send_client_font_list_pdu(rdpRdp* rdp, UINT16 flags)
}
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_FONT_LIST, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_FONT_LIST, rdp->mcs->userId, sec_flags);
}
BOOL rdp_recv_font_map_pdu(rdpRdp* rdp, wStream* s)
@@ -581,7 +589,8 @@ BOOL rdp_recv_font_map_pdu(rdpRdp* rdp, wStream* s)
BOOL rdp_send_server_font_map_pdu(rdpRdp* rdp)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
if (!Stream_CheckAndLogRequiredCapacity(TAG, (s), 8))
@@ -595,7 +604,7 @@ BOOL rdp_send_server_font_map_pdu(rdpRdp* rdp)
Stream_Write_UINT16(s, 4); /* entrySize (2 bytes) */
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_FONT_MAP, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_FONT_MAP, rdp->mcs->userId, sec_flags);
}
BOOL rdp_recv_deactivate_all(rdpRdp* rdp, wStream* s)
@@ -651,7 +660,8 @@ BOOL rdp_recv_deactivate_all(rdpRdp* rdp, wStream* s)
BOOL rdp_send_deactivate_all(rdpRdp* rdp)
{
wStream* s = rdp_send_stream_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_send_stream_pdu_init(rdp, &sec_flags);
BOOL status = FALSE;
if (!s)
@@ -667,7 +677,7 @@ BOOL rdp_send_deactivate_all(rdpRdp* rdp)
Stream_Write_UINT8(s, 0); /* sourceDescriptor (should be 0x00) */
WINPR_ASSERT(rdp->mcs);
status = rdp_send_pdu(rdp, s, PDU_TYPE_DEACTIVATE_ALL, rdp->mcs->userId);
status = rdp_send_pdu(rdp, s, PDU_TYPE_DEACTIVATE_ALL, rdp->mcs->userId, sec_flags);
fail:
Stream_Release(s);
return status;

42
libfreerdp/core/autodetect.c
View File

@@ -134,12 +134,13 @@ static BOOL autodetect_send_rtt_measure_request(rdpAutoDetect* autodetect,
UINT16 sequenceNumber)
{
UINT16 requestType = 0;
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(autodetect);
WINPR_ASSERT(autodetect->context);
s = rdp_message_channel_pdu_init(autodetect->context->rdp);
s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -154,18 +155,20 @@ static BOOL autodetect_send_rtt_measure_request(rdpAutoDetect* autodetect,
Stream_Write_UINT16(s, sequenceNumber); /* sequenceNumber (2 bytes) */
Stream_Write_UINT16(s, requestType); /* requestType (2 bytes) */
autodetect->rttMeasureStartTime = GetTickCount64();
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_REQ);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_REQ);
}
static BOOL autodetect_send_rtt_measure_response(rdpAutoDetect* autodetect, UINT16 sequenceNumber)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(autodetect);
WINPR_ASSERT(autodetect->context);
/* Send the response PDU to the server */
s = rdp_message_channel_pdu_init(autodetect->context->rdp);
s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -176,7 +179,8 @@ static BOOL autodetect_send_rtt_measure_response(rdpAutoDetect* autodetect, UINT
Stream_Write_UINT8(s, TYPE_ID_AUTODETECT_RESPONSE); /* headerTypeId (1 byte) */
Stream_Write_UINT16(s, sequenceNumber); /* sequenceNumber (2 bytes) */
Stream_Write_UINT16(s, RDP_RTT_RESPONSE_TYPE); /* responseType (1 byte) */
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_RSP);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_RSP);
}
static BOOL autodetect_send_bandwidth_measure_start(rdpAutoDetect* autodetect,
@@ -184,12 +188,13 @@ static BOOL autodetect_send_bandwidth_measure_start(rdpAutoDetect* autodetect,
UINT16 sequenceNumber)
{
UINT16 requestType = 0;
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(autodetect);
WINPR_ASSERT(autodetect->context);
s = rdp_message_channel_pdu_init(autodetect->context->rdp);
s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -204,7 +209,8 @@ static BOOL autodetect_send_bandwidth_measure_start(rdpAutoDetect* autodetect,
Stream_Write_UINT8(s, TYPE_ID_AUTODETECT_REQUEST); /* headerTypeId (1 byte) */
Stream_Write_UINT16(s, sequenceNumber); /* sequenceNumber (2 bytes) */
Stream_Write_UINT16(s, requestType); /* requestType (2 bytes) */
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_REQ);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_REQ);
}
static BOOL
@@ -212,6 +218,7 @@ autodetect_send_bandwidth_measure_payload(rdpAutoDetect* autodetect,
WINPR_ATTR_UNUSED RDP_TRANSPORT_TYPE transport,
UINT16 sequenceNumber, UINT16 payloadLength)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(autodetect);
@@ -219,7 +226,7 @@ autodetect_send_bandwidth_measure_payload(rdpAutoDetect* autodetect,
WINPR_ASSERT(freerdp_get_state(autodetect->context) < CONNECTION_STATE_ACTIVE);
s = rdp_message_channel_pdu_init(autodetect->context->rdp);
s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -244,7 +251,8 @@ autodetect_send_bandwidth_measure_payload(rdpAutoDetect* autodetect,
/* Random data (better measurement in case the line is compressed) */
winpr_RAND(Stream_Pointer(s), payloadLength);
Stream_Seek(s, payloadLength);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_REQ);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_REQ);
}
static BOOL autodetect_send_bandwidth_measure_stop(rdpAutoDetect* autodetect,
@@ -252,12 +260,13 @@ static BOOL autodetect_send_bandwidth_measure_stop(rdpAutoDetect* autodetect,
UINT16 sequenceNumber, UINT16 payloadLength)
{
UINT16 requestType = 0;
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(autodetect);
WINPR_ASSERT(autodetect->context);
s = rdp_message_channel_pdu_init(autodetect->context->rdp);
s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -300,7 +309,8 @@ static BOOL autodetect_send_bandwidth_measure_stop(rdpAutoDetect* autodetect,
}
}
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_REQ);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_REQ);
}
static BOOL autodetect_send_bandwidth_measure_results(rdpAutoDetect* autodetect,
@@ -308,6 +318,7 @@ static BOOL autodetect_send_bandwidth_measure_results(rdpAutoDetect* autodetect,
UINT16 responseType, UINT16 sequenceNumber)
{
BOOL success = TRUE;
UINT32 sec_flags = 0;
UINT64 timeDelta = GetTickCount64();
WINPR_ASSERT(autodetect);
@@ -326,7 +337,7 @@ static BOOL autodetect_send_bandwidth_measure_results(rdpAutoDetect* autodetect,
timeDelta -= autodetect->bandwidthMeasureStartTime;
/* Send the result PDU to the server */
wStream* s = rdp_message_channel_pdu_init(autodetect->context->rdp);
wStream* s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -353,7 +364,8 @@ static BOOL autodetect_send_bandwidth_measure_results(rdpAutoDetect* autodetect,
return FALSE;
}
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_RSP);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_RSP);
}
static BOOL autodetect_send_netchar_result(rdpAutoDetect* autodetect,
@@ -361,12 +373,13 @@ static BOOL autodetect_send_netchar_result(rdpAutoDetect* autodetect,
UINT16 sequenceNumber,
const rdpNetworkCharacteristicsResult* result)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(autodetect);
WINPR_ASSERT(autodetect->context);
s = rdp_message_channel_pdu_init(autodetect->context->rdp);
s = rdp_message_channel_pdu_init(autodetect->context->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -411,7 +424,8 @@ static BOOL autodetect_send_netchar_result(rdpAutoDetect* autodetect,
break;
}
return rdp_send_message_channel_pdu(autodetect->context->rdp, s, SEC_AUTODETECT_REQ);
return rdp_send_message_channel_pdu(autodetect->context->rdp, s,
sec_flags | SEC_AUTODETECT_REQ);
}
static FREERDP_AUTODETECT_STATE

10
libfreerdp/core/capabilities.c
View File

@@ -4695,7 +4695,8 @@ static BOOL rdp_write_demand_active(wLog* log, wStream* s, rdpSettings* settings
BOOL rdp_send_demand_active(rdpRdp* rdp)
{
wStream* s = rdp_send_stream_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_send_stream_pdu_init(rdp, &sec_flags);
BOOL status = 0;
if (!s)
@@ -4703,7 +4704,7 @@ BOOL rdp_send_demand_active(rdpRdp* rdp)
rdp->settings->ShareId = 0x10000 + rdp->mcs->userId;
status = rdp_write_demand_active(rdp->log, s, rdp->settings) &&
rdp_send_pdu(rdp, s, PDU_TYPE_DEMAND_ACTIVE, rdp->mcs->userId);
rdp_send_pdu(rdp, s, PDU_TYPE_DEMAND_ACTIVE, rdp->mcs->userId, sec_flags);
Stream_Release(s);
return status;
}
@@ -4934,14 +4935,15 @@ static BOOL rdp_write_confirm_active(wLog* log, wStream* s, rdpSettings* setting
BOOL rdp_send_confirm_active(rdpRdp* rdp)
{
wStream* s = rdp_send_stream_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_send_stream_pdu_init(rdp, &sec_flags);
BOOL status = 0;
if (!s)
return FALSE;
status = rdp_write_confirm_active(rdp->log, s, rdp->settings) &&
rdp_send_pdu(rdp, s, PDU_TYPE_CONFIRM_ACTIVE, rdp->mcs->userId);
rdp_send_pdu(rdp, s, PDU_TYPE_CONFIRM_ACTIVE, rdp->mcs->userId, sec_flags);
Stream_Release(s);
return status;
}

5
libfreerdp/core/channels.c
View File

@@ -299,7 +299,8 @@ BOOL freerdp_channel_send_packet(rdpRdp* rdp, UINT16 channelId, size_t totalSize
if (totalSize > UINT32_MAX)
return FALSE;
wStream* s = rdp_send_stream_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_send_stream_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -316,5 +317,5 @@ BOOL freerdp_channel_send_packet(rdpRdp* rdp, UINT16 channelId, size_t totalSize
Stream_Write(s, data, chunkSize);
/* WLog_DBG(TAG, "sending data (flags=0x%x size=%d)", flags, size); */
return rdp_send(rdp, s, channelId);
return rdp_send(rdp, s, channelId, sec_flags);
}

15
libfreerdp/core/connection.c
View File

@@ -779,9 +779,10 @@ static BOOL rdp_client_establish_keys(rdpRdp* rdp)
goto end;
}
if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID))
UINT32 sec_flags = SEC_EXCHANGE_PKT | SEC_LICENSE_ENCRYPT_SC;
if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
goto end;
if (!rdp_write_security_header(rdp, s, SEC_EXCHANGE_PKT | SEC_LICENSE_ENCRYPT_SC))
if (!rdp_write_security_header(rdp, s, sec_flags))
goto end;
Stream_Write_UINT32(s, info->ModulusLength + 8);
@@ -885,7 +886,7 @@ BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
UINT32 rand_len = 0;
UINT16 channel_id = 0;
UINT16 length = 0;
UINT16 sec_flags = 0;
UINT32 sec_flags = 0;
BOOL ret = FALSE;
WINPR_ASSERT(rdp);
@@ -1164,7 +1165,7 @@ state_run_t rdp_handle_message_channel(rdpRdp* rdp, wStream* s, UINT16 channelId
return STATE_RUN_FAILED;
}
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
return STATE_RUN_FAILED;
@@ -1220,7 +1221,7 @@ state_run_t rdp_client_connect_license(rdpRdp* rdp, wStream* s)
LICENSE_STATE state = LICENSE_STATE_ABORTED;
UINT16 length = 0;
UINT16 channelId = 0;
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
WINPR_ASSERT(rdp);
if (!rdp_read_header(rdp, s, &length, &channelId))
@@ -2191,13 +2192,13 @@ state_run_t rdp_client_connect_confirm_active(rdpRdp* rdp, WINPR_ATTR_UNUSED wSt
}
BOOL rdp_handle_optional_rdp_decryption(rdpRdp* rdp, wStream* s, UINT16* length,
UINT16* pSecurityFlags)
UINT32* pSecurityFlags)
{
BOOL rc = FALSE;
WINPR_ASSERT(rdp);
WINPR_ASSERT(rdp->settings);
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
if (rdp->settings->UseRdpSecurityLayer)
{
if (!rdp_read_security_header(rdp, s, &securityFlags, length))

2
libfreerdp/core/connection.h
View File

@@ -76,6 +76,6 @@ FREERDP_LOCAL BOOL rdp_channels_from_mcs(rdpSettings* settings, const rdpRdp* rd
FREERDP_LOCAL state_run_t rdp_handle_message_channel(rdpRdp* rdp, wStream* s, UINT16 channelId,
UINT16 length);
FREERDP_LOCAL BOOL rdp_handle_optional_rdp_decryption(rdpRdp* rdp, wStream* s, UINT16* length,
UINT16* pSecurityFlags);
UINT32* pSecurityFlags);
#endif /* FREERDP_LIB_CORE_CONNECTION_H */

5
libfreerdp/core/display.c
View File

@@ -75,7 +75,8 @@ BOOL freerdp_display_send_monitor_layout(rdpContext* context, UINT32 monitorCoun
const MONITOR_DEF* monitorDefArray)
{
rdpRdp* rdp = context->rdp;
wStream* st = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* st = rdp_data_pdu_init(rdp, &sec_flags);
if (!st)
return FALSE;
@@ -86,5 +87,5 @@ BOOL freerdp_display_send_monitor_layout(rdpContext* context, UINT32 monitorCoun
return FALSE;
}
return rdp_send_data_pdu(rdp, st, DATA_PDU_TYPE_MONITOR_LAYOUT, 0);
return rdp_send_data_pdu(rdp, st, DATA_PDU_TYPE_MONITOR_LAYOUT, 0, sec_flags);
}

45
libfreerdp/core/fastpath.c
View File

@@ -970,7 +970,7 @@ static UINT32 fastpath_get_sec_bytes(rdpRdp* rdp)
return sec_bytes;
}
wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath)
wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath, UINT32* sec_flags)
{
rdpRdp* rdp = NULL;
wStream* s = NULL;
@@ -988,20 +988,21 @@ wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath)
if (rdp->do_crypt)
{
rdp->sec_flags |= SEC_ENCRYPT;
*sec_flags |= SEC_ENCRYPT;
if (rdp->do_secure_checksum)
rdp->sec_flags |= SEC_SECURE_CHECKSUM;
*sec_flags |= SEC_SECURE_CHECKSUM;
}
Stream_Seek(s, fastpath_get_sec_bytes(rdp));
return s;
}
wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE eventCode)
wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE eventCode,
UINT32* sec_flags)
{
wStream* s = NULL;
s = fastpath_input_pdu_init_header(fastpath);
s = fastpath_input_pdu_init_header(fastpath, sec_flags);
if (!s)
return NULL;
@@ -1012,7 +1013,8 @@ wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags, BYTE ev
return s;
}
BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t iNumEvents)
BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t iNumEvents,
UINT32 sec_flags)
{
BOOL rc = FALSE;
BYTE eventHeader = 0;
@@ -1053,10 +1055,10 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t
eventHeader = FASTPATH_INPUT_ACTION_FASTPATH;
eventHeader |= (iNumEvents << 2); /* numberEvents */
if (rdp->sec_flags & SEC_ENCRYPT)
if (sec_flags & SEC_ENCRYPT)
eventHeader |= (FASTPATH_INPUT_ENCRYPTED << 6);
if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
if (sec_flags & SEC_SECURE_CHECKSUM)
eventHeader |= (FASTPATH_INPUT_SECURE_CHECKSUM << 6);
Stream_SetPosition(s, 0);
@@ -1064,7 +1066,7 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t
/* Write length later, RDP encryption might add a padding */
Stream_Seek(s, 2);
if (rdp->sec_flags & SEC_ENCRYPT)
if (sec_flags & SEC_ENCRYPT)
{
BOOL status = FALSE;
if (!security_lock(rdp))
@@ -1109,7 +1111,7 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t
BOOL res = 0;
if (!Stream_CheckAndLogRequiredCapacity(TAG, s, 8))
goto unlock;
if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
if (sec_flags & SEC_SECURE_CHECKSUM)
res = security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, TRUE,
Stream_Pointer(s), 8);
else
@@ -1128,7 +1130,6 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, size_t
goto fail;
}
rdp->sec_flags = 0;
/*
* We always encode length in two bytes, even though we could use
* only one byte if length <= 0x7F. It is just easier that way,
@@ -1150,9 +1151,9 @@ fail:
return rc;
}
BOOL fastpath_send_input_pdu(rdpFastPath* fastpath, wStream* s)
BOOL fastpath_send_input_pdu(rdpFastPath* fastpath, wStream* s, UINT32 sec_flags)
{
return fastpath_send_multiple_input_pdu(fastpath, s, 1);
return fastpath_send_multiple_input_pdu(fastpath, s, 1, sec_flags);
}
wStream* fastpath_update_pdu_init(rdpFastPath* fastpath)
@@ -1179,6 +1180,7 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
UINT32 fpUpdateHeaderSize = 0;
FASTPATH_UPDATE_PDU_HEADER fpUpdatePduHeader = { 0 };
FASTPATH_UPDATE_HEADER fpUpdateHeader = { 0 };
UINT32 sec_flags = 0;
if (!fastpath || !fastpath->rdp || !fastpath->fs || !s)
return FALSE;
@@ -1221,10 +1223,10 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
if (rdp->do_crypt)
{
rdp->sec_flags |= SEC_ENCRYPT;
sec_flags |= SEC_ENCRYPT;
if (rdp->do_secure_checksum)
rdp->sec_flags |= SEC_SECURE_CHECKSUM;
sec_flags |= SEC_SECURE_CHECKSUM;
}
for (int fragment = 0; (totalLength > 0) || (fragment == 0); fragment++)
@@ -1243,10 +1245,10 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
const BYTE* pSrcData = Stream_Pointer(s);
UINT32 SrcSize = DstSize = fpUpdateHeader.size;
if (rdp->sec_flags & SEC_ENCRYPT)
if (sec_flags & SEC_ENCRYPT)
fpUpdatePduHeader.secFlags |= FASTPATH_OUTPUT_ENCRYPTED;
if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
if (sec_flags & SEC_SECURE_CHECKSUM)
fpUpdatePduHeader.secFlags |= FASTPATH_OUTPUT_SECURE_CHECKSUM;
if (settings->CompressionEnabled && !skipCompression)
@@ -1285,7 +1287,7 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
fpUpdatePduHeaderSize = fastpath_get_update_pdu_header_size(&fpUpdatePduHeader, rdp);
fpHeaderSize = fpUpdateHeaderSize + fpUpdatePduHeaderSize;
if (rdp->sec_flags & SEC_ENCRYPT)
if (sec_flags & SEC_ENCRYPT)
{
pSignature = Stream_Buffer(fs) + 3;
@@ -1321,7 +1323,7 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
if (pad)
Stream_Zero(fs, pad);
if (rdp->sec_flags & SEC_ENCRYPT)
if (sec_flags & SEC_ENCRYPT)
{
BOOL res = FALSE;
if (!security_lock(rdp))
@@ -1341,7 +1343,7 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
else
{
// TODO: Ensure stream capacity
if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
if (sec_flags & SEC_SECURE_CHECKSUM)
status =
security_salted_mac_signature(rdp, data, dataSize, TRUE, pSignature, 8);
else
@@ -1370,7 +1372,6 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
Stream_Seek(s, SrcSize);
}
rdp->sec_flags = 0;
return status;
}
@@ -1420,7 +1421,7 @@ BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length)
WINPR_ASSERT(fastpath);
if (fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_ENCRYPTED)
{
const UINT16 flags =
const UINT32 flags =
(fastpath_get_encryption_flags(fastpath) & FASTPATH_OUTPUT_SECURE_CHECKSUM)
? SEC_SECURE_CHECKSUM
: 0;

8
libfreerdp/core/fastpath.h
View File

@@ -132,12 +132,12 @@ FREERDP_LOCAL state_run_t fastpath_recv_inputs(rdpFastPath* fastpath, wStream* s
FREERDP_LOCAL BOOL fastpath_decrypt(rdpFastPath* fastpath, wStream* s, UINT16* length);
FREERDP_LOCAL wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath);
FREERDP_LOCAL wStream* fastpath_input_pdu_init_header(rdpFastPath* fastpath, UINT32* sec_flags);
FREERDP_LOCAL wStream* fastpath_input_pdu_init(rdpFastPath* fastpath, BYTE eventFlags,
BYTE eventCode);
BYTE eventCode, UINT32* sec_flags);
FREERDP_LOCAL BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s,
size_t iEventCount);
FREERDP_LOCAL BOOL fastpath_send_input_pdu(rdpFastPath* fastpath, wStream* s);
size_t iEventCount, UINT32 sec_flags);
FREERDP_LOCAL BOOL fastpath_send_input_pdu(rdpFastPath* fastpath, wStream* s, UINT32 sec_flags);
WINPR_ATTR_MALLOC(Stream_Release, 1)
FREERDP_LOCAL wStream* fastpath_update_pdu_init(rdpFastPath* fastpath);

5
libfreerdp/core/heartbeat.c
View File

@@ -58,7 +58,8 @@ state_run_t rdp_recv_heartbeat_packet(rdpRdp* rdp, wStream* s)
BOOL freerdp_heartbeat_send_heartbeat_pdu(freerdp_peer* peer, BYTE period, BYTE count1, BYTE count2)
{
rdpRdp* rdp = peer->context->rdp;
wStream* s = rdp_message_channel_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_message_channel_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -72,7 +73,7 @@ BOOL freerdp_heartbeat_send_heartbeat_pdu(freerdp_peer* peer, BYTE period, BYTE
"sending Heartbeat PDU -> period=%" PRIu8 ", count1=%" PRIu8 ", count2=%" PRIu8 "",
period, count1, count2);
if (!rdp_send_message_channel_pdu(rdp, s, SEC_HEARTBEAT))
if (!rdp_send_message_channel_pdu(rdp, s, sec_flags | SEC_HEARTBEAT))
return FALSE;
return TRUE;

19
libfreerdp/core/info.c
View File

@@ -977,7 +977,7 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s)
{
UINT16 length = 0;
UINT16 channelId = 0;
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE);
@@ -1016,10 +1016,10 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s)
BOOL rdp_send_client_info(rdpRdp* rdp)
{
UINT32 sec_flags = SEC_INFO_PKT;
wStream* s = NULL;
WINPR_ASSERT(rdp);
rdp->sec_flags |= SEC_INFO_PKT;
s = rdp_send_stream_init(rdp);
s = rdp_send_stream_init(rdp, &sec_flags);
if (!s)
{
@@ -1032,7 +1032,7 @@ BOOL rdp_send_client_info(rdpRdp* rdp)
Stream_Release(s);
return FALSE;
}
return rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID);
return rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID, sec_flags);
}
static void rdp_free_logon_info(logon_info* info)
@@ -1525,10 +1525,11 @@ static BOOL rdp_write_logon_info_ex(wStream* s, logon_info_ex* info)
BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
BOOL status = 0;
rdpRdp* rdp = context->rdp;
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -1560,7 +1561,8 @@ BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data)
}
if (status)
status = rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SAVE_SESSION_INFO, rdp->mcs->userId);
status =
rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SAVE_SESSION_INFO, rdp->mcs->userId, sec_flags);
else
Stream_Release(s);
@@ -1569,13 +1571,14 @@ BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data)
BOOL rdp_send_server_status_info(rdpContext* context, UINT32 status)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = context->rdp;
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
Stream_Write_UINT32(s, status);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_STATUS_INFO, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_STATUS_INFO, rdp->mcs->userId, sec_flags);
}

85
libfreerdp/core/input.c
View File

@@ -56,10 +56,10 @@ static void rdp_write_input_event_header(wStream* s, UINT32 time, UINT16 type)
Stream_Write_UINT16(s, type); /* messageType (2 bytes) */
}
static wStream* rdp_client_input_pdu_init(rdpRdp* rdp, UINT16 type)
static wStream* rdp_client_input_pdu_init(rdpRdp* rdp, UINT16 type, UINT32* sec_flags)
{
wStream* s = NULL;
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, sec_flags);
if (!s)
return NULL;
@@ -69,9 +69,9 @@ static wStream* rdp_client_input_pdu_init(rdpRdp* rdp, UINT16 type)
return s;
}
static BOOL rdp_send_client_input_pdu(rdpRdp* rdp, wStream* s)
static BOOL rdp_send_client_input_pdu(rdpRdp* rdp, wStream* s, UINT32 sec_flags)
{
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_INPUT, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_INPUT, rdp->mcs->userId, sec_flags);
}
static void input_write_synchronize_event(wStream* s, UINT32 flags)
@@ -95,6 +95,7 @@ static BOOL input_ensure_client_running(rdpInput* input)
static BOOL input_send_synchronize_event(rdpInput* input, UINT32 flags)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -106,13 +107,13 @@ static BOOL input_send_synchronize_event(rdpInput* input, UINT32 flags)
if (!input_ensure_client_running(input))
return FALSE;
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_SYNC);
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_SYNC, &sec_flags);
if (!s)
return FALSE;
input_write_synchronize_event(s, flags);
return rdp_send_client_input_pdu(rdp, s);
return rdp_send_client_input_pdu(rdp, s, sec_flags);
}
static void input_write_keyboard_event(wStream* s, UINT16 flags, UINT16 code)
@@ -127,6 +128,7 @@ static void input_write_keyboard_event(wStream* s, UINT16 flags, UINT16 code)
static BOOL input_send_keyboard_event(rdpInput* input, UINT16 flags, UINT8 code)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -138,13 +140,13 @@ static BOOL input_send_keyboard_event(rdpInput* input, UINT16 flags, UINT8 code)
if (!input_ensure_client_running(input))
return FALSE;
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_SCANCODE);
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_SCANCODE, &sec_flags);
if (!s)
return FALSE;
input_write_keyboard_event(s, flags, code);
return rdp_send_client_input_pdu(rdp, s);
return rdp_send_client_input_pdu(rdp, s, sec_flags);
}
static void input_write_unicode_keyboard_event(wStream* s, UINT16 flags, UINT16 code)
@@ -156,6 +158,7 @@ static void input_write_unicode_keyboard_event(wStream* s, UINT16 flags, UINT16
static BOOL input_send_unicode_keyboard_event(rdpInput* input, UINT16 flags, UINT16 code)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -172,13 +175,13 @@ static BOOL input_send_unicode_keyboard_event(rdpInput* input, UINT16 flags, UIN
}
rdp = input->context->rdp;
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_UNICODE);
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_UNICODE, &sec_flags);
if (!s)
return FALSE;
input_write_unicode_keyboard_event(s, flags, code);
return rdp_send_client_input_pdu(rdp, s);
return rdp_send_client_input_pdu(rdp, s, sec_flags);
}
static void input_write_mouse_event(wStream* s, UINT16 flags, UINT16 x, UINT16 y)
@@ -190,6 +193,7 @@ static void input_write_mouse_event(wStream* s, UINT16 flags, UINT16 x, UINT16 y
static BOOL input_send_mouse_event(rdpInput* input, UINT16 flags, UINT16 x, UINT16 y)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -213,17 +217,18 @@ static BOOL input_send_mouse_event(rdpInput* input, UINT16 flags, UINT16 x, UINT
}
}
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_MOUSE);
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_MOUSE, &sec_flags);
if (!s)
return FALSE;
input_write_mouse_event(s, flags, x, y);
return rdp_send_client_input_pdu(rdp, s);
return rdp_send_client_input_pdu(rdp, s, sec_flags);
}
static BOOL input_send_relmouse_event(rdpInput* input, UINT16 flags, INT16 xDelta, INT16 yDelta)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -241,7 +246,7 @@ static BOOL input_send_relmouse_event(rdpInput* input, UINT16 flags, INT16 xDelt
return FALSE;
}
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_MOUSEREL);
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_MOUSEREL, &sec_flags);
if (!s)
return FALSE;
@@ -250,7 +255,7 @@ static BOOL input_send_relmouse_event(rdpInput* input, UINT16 flags, INT16 xDelt
Stream_Write_INT16(s, xDelta); /* xDelta (2 bytes) */
Stream_Write_INT16(s, yDelta); /* yDelta (2 bytes) */
return rdp_send_client_input_pdu(rdp, s);
return rdp_send_client_input_pdu(rdp, s, sec_flags);
}
static void input_write_extended_mouse_event(wStream* s, UINT16 flags, UINT16 x, UINT16 y)
@@ -262,6 +267,7 @@ static void input_write_extended_mouse_event(wStream* s, UINT16 flags, UINT16 x,
static BOOL input_send_extended_mouse_event(rdpInput* input, UINT16 flags, UINT16 x, UINT16 y)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -284,13 +290,13 @@ static BOOL input_send_extended_mouse_event(rdpInput* input, UINT16 flags, UINT1
return TRUE;
}
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_MOUSEX);
s = rdp_client_input_pdu_init(rdp, INPUT_EVENT_MOUSEX, &sec_flags);
if (!s)
return FALSE;
input_write_extended_mouse_event(s, flags, x, y);
return rdp_send_client_input_pdu(rdp, s);
return rdp_send_client_input_pdu(rdp, s, sec_flags);
}
static BOOL input_send_focus_in_event(rdpInput* input, UINT16 toggleStates)
@@ -335,6 +341,7 @@ static BOOL input_send_keyboard_pause_event(rdpInput* input)
static BOOL input_send_fastpath_synchronize_event(rdpInput* input, UINT32 flags)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -348,16 +355,17 @@ static BOOL input_send_fastpath_synchronize_event(rdpInput* input, UINT32 flags)
return FALSE;
/* The FastPath Synchronization eventFlags has identical values as SlowPath */
s = fastpath_input_pdu_init(rdp->fastpath, (BYTE)flags, FASTPATH_INPUT_EVENT_SYNC);
s = fastpath_input_pdu_init(rdp->fastpath, (BYTE)flags, FASTPATH_INPUT_EVENT_SYNC, &sec_flags);
if (!s)
return FALSE;
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_keyboard_event(rdpInput* input, UINT16 flags, UINT8 code)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
BYTE eventFlags = 0;
rdpRdp* rdp = NULL;
@@ -374,18 +382,20 @@ static BOOL input_send_fastpath_keyboard_event(rdpInput* input, UINT16 flags, UI
eventFlags |= (flags & KBD_FLAGS_RELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0;
eventFlags |= (flags & KBD_FLAGS_EXTENDED) ? FASTPATH_INPUT_KBDFLAGS_EXTENDED : 0;
eventFlags |= (flags & KBD_FLAGS_EXTENDED1) ? FASTPATH_INPUT_KBDFLAGS_PREFIX_E1 : 0;
s = fastpath_input_pdu_init(rdp->fastpath, eventFlags, FASTPATH_INPUT_EVENT_SCANCODE);
s = fastpath_input_pdu_init(rdp->fastpath, eventFlags, FASTPATH_INPUT_EVENT_SCANCODE,
&sec_flags);
if (!s)
return FALSE;
WINPR_ASSERT(code <= UINT8_MAX);
Stream_Write_UINT8(s, code); /* keyCode (1 byte) */
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_unicode_keyboard_event(rdpInput* input, UINT16 flags, UINT16 code)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
BYTE eventFlags = 0;
rdpRdp* rdp = NULL;
@@ -407,17 +417,19 @@ static BOOL input_send_fastpath_unicode_keyboard_event(rdpInput* input, UINT16 f
}
eventFlags |= (flags & KBD_FLAGS_RELEASE) ? FASTPATH_INPUT_KBDFLAGS_RELEASE : 0;
s = fastpath_input_pdu_init(rdp->fastpath, eventFlags, FASTPATH_INPUT_EVENT_UNICODE);
s = fastpath_input_pdu_init(rdp->fastpath, eventFlags, FASTPATH_INPUT_EVENT_UNICODE,
&sec_flags);
if (!s)
return FALSE;
Stream_Write_UINT16(s, code); /* unicodeCode (2 bytes) */
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_mouse_event(rdpInput* input, UINT16 flags, UINT16 x, UINT16 y)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -443,18 +455,19 @@ static BOOL input_send_fastpath_mouse_event(rdpInput* input, UINT16 flags, UINT1
}
}
s = fastpath_input_pdu_init(rdp->fastpath, 0, FASTPATH_INPUT_EVENT_MOUSE);
s = fastpath_input_pdu_init(rdp->fastpath, 0, FASTPATH_INPUT_EVENT_MOUSE, &sec_flags);
if (!s)
return FALSE;
input_write_mouse_event(s, flags, x, y);
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_extended_mouse_event(rdpInput* input, UINT16 flags, UINT16 x,
UINT16 y)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -476,18 +489,19 @@ static BOOL input_send_fastpath_extended_mouse_event(rdpInput* input, UINT16 fla
return TRUE;
}
s = fastpath_input_pdu_init(rdp->fastpath, 0, FASTPATH_INPUT_EVENT_MOUSEX);
s = fastpath_input_pdu_init(rdp->fastpath, 0, FASTPATH_INPUT_EVENT_MOUSEX, &sec_flags);
if (!s)
return FALSE;
input_write_extended_mouse_event(s, flags, x, y);
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_relmouse_event(rdpInput* input, UINT16 flags, INT16 xDelta,
INT16 yDelta)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
rdpRdp* rdp = NULL;
@@ -507,7 +521,7 @@ static BOOL input_send_fastpath_relmouse_event(rdpInput* input, UINT16 flags, IN
return FALSE;
}
s = fastpath_input_pdu_init(rdp->fastpath, 0, TS_FP_RELPOINTER_EVENT);
s = fastpath_input_pdu_init(rdp->fastpath, 0, TS_FP_RELPOINTER_EVENT, &sec_flags);
if (!s)
return FALSE;
@@ -515,7 +529,7 @@ static BOOL input_send_fastpath_relmouse_event(rdpInput* input, UINT16 flags, IN
Stream_Write_UINT16(s, flags); /* pointerFlags (2 bytes) */
Stream_Write_INT16(s, xDelta); /* xDelta (2 bytes) */
Stream_Write_INT16(s, yDelta); /* yDelta (2 bytes) */
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_qoe_event(rdpInput* input, UINT32 timestampMS)
@@ -536,7 +550,8 @@ static BOOL input_send_fastpath_qoe_event(rdpInput* input, UINT32 timestampMS)
return FALSE;
}
wStream* s = fastpath_input_pdu_init(rdp->fastpath, 0, TS_FP_QOETIMESTAMP_EVENT);
UINT32 sec_flags = 0;
wStream* s = fastpath_input_pdu_init(rdp->fastpath, 0, TS_FP_QOETIMESTAMP_EVENT, &sec_flags);
if (!s)
return FALSE;
@@ -548,11 +563,12 @@ static BOOL input_send_fastpath_qoe_event(rdpInput* input, UINT32 timestampMS)
}
Stream_Write_UINT32(s, timestampMS);
return fastpath_send_input_pdu(rdp->fastpath, s);
return fastpath_send_input_pdu(rdp->fastpath, s, sec_flags);
}
static BOOL input_send_fastpath_focus_in_event(rdpInput* input, UINT16 toggleStates)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
BYTE eventFlags = 0;
rdpRdp* rdp = NULL;
@@ -566,7 +582,7 @@ static BOOL input_send_fastpath_focus_in_event(rdpInput* input, UINT16 toggleSta
if (!input_ensure_client_running(input))
return FALSE;
s = fastpath_input_pdu_init_header(rdp->fastpath);
s = fastpath_input_pdu_init_header(rdp->fastpath, &sec_flags);
if (!s)
return FALSE;
@@ -582,7 +598,7 @@ static BOOL input_send_fastpath_focus_in_event(rdpInput* input, UINT16 toggleSta
eventFlags = FASTPATH_INPUT_KBDFLAGS_RELEASE | FASTPATH_INPUT_EVENT_SCANCODE << 5;
Stream_Write_UINT8(s, eventFlags); /* Key Release event (1 byte) */
Stream_Write_UINT8(s, 0x0f); /* keyCode (1 byte) */
return fastpath_send_multiple_input_pdu(rdp->fastpath, s, 3);
return fastpath_send_multiple_input_pdu(rdp->fastpath, s, 3, sec_flags);
}
static BOOL input_send_fastpath_keyboard_pause_event(rdpInput* input)
@@ -591,6 +607,7 @@ static BOOL input_send_fastpath_keyboard_pause_event(rdpInput* input)
* and pause-up sent nothing. However, reverse engineering mstsc shows
* it sending the following sequence:
*/
UINT32 sec_flags = 0;
wStream* s = NULL;
const BYTE keyDownEvent = FASTPATH_INPUT_EVENT_SCANCODE << 5;
const BYTE keyUpEvent = (FASTPATH_INPUT_EVENT_SCANCODE << 5) | FASTPATH_INPUT_KBDFLAGS_RELEASE;
@@ -605,7 +622,7 @@ static BOOL input_send_fastpath_keyboard_pause_event(rdpInput* input)
if (!input_ensure_client_running(input))
return FALSE;
s = fastpath_input_pdu_init_header(rdp->fastpath);
s = fastpath_input_pdu_init_header(rdp->fastpath, &sec_flags);
if (!s)
return FALSE;
@@ -622,7 +639,7 @@ static BOOL input_send_fastpath_keyboard_pause_event(rdpInput* input)
/* Numlock down (0x45) */
Stream_Write_UINT8(s, keyUpEvent);
Stream_Write_UINT8(s, RDP_SCANCODE_CODE(RDP_SCANCODE_NUMLOCK));
return fastpath_send_multiple_input_pdu(rdp->fastpath, s, 4);
return fastpath_send_multiple_input_pdu(rdp->fastpath, s, 4, sec_flags);
}
static BOOL input_recv_sync_event(rdpInput* input, wStream* s)

51
libfreerdp/core/license.c
View File

@@ -296,7 +296,7 @@ static const char* licencse_blob_type_string(UINT16 type)
return "BB_UNKNOWN";
}
}
static wStream* license_send_stream_init(rdpLicense* license);
static wStream* license_send_stream_init(rdpLicense* license, UINT32* sec_flags);
static void license_generate_randoms(rdpLicense* license);
static BOOL license_generate_keys(rdpLicense* license);
@@ -725,14 +725,15 @@ static BOOL license_write_preamble(wStream* s, BYTE bMsgType, BYTE flags, UINT16
* @return stream or NULL
*/
wStream* license_send_stream_init(rdpLicense* license)
wStream* license_send_stream_init(rdpLicense* license, UINT32* sec_flags)
{
WINPR_ASSERT(license);
WINPR_ASSERT(license->rdp);
WINPR_ASSERT(sec_flags);
const BOOL do_crypt = license->rdp->do_crypt;
license->rdp->sec_flags = SEC_LICENSE_PKT;
*sec_flags = SEC_LICENSE_PKT;
/*
* Encryption of licensing packets is optional even if the rdp security
@@ -744,11 +745,11 @@ wStream* license_send_stream_init(rdpLicense* license)
if (do_crypt)
{
license->rdp->sec_flags |= SEC_LICENSE_ENCRYPT_CS;
*sec_flags |= SEC_LICENSE_ENCRYPT_CS;
license->rdp->do_crypt = license->rdp->do_crypt_license;
}
wStream* s = rdp_send_stream_init(license->rdp);
wStream* s = rdp_send_stream_init(license->rdp, sec_flags);
if (!s)
return NULL;
@@ -770,7 +771,7 @@ fail:
* @param s stream
*/
static BOOL license_send(rdpLicense* license, wStream* s, BYTE type)
static BOOL license_send(rdpLicense* license, wStream* s, BYTE type, UINT32 sec_flags)
{
WINPR_ASSERT(license);
WINPR_ASSERT(license->rdp);
@@ -808,8 +809,7 @@ static BOOL license_send(rdpLicense* license, wStream* s, BYTE type)
wMsgSize);
#endif
Stream_SetPosition(s, length);
const BOOL ret = rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID);
rdp->sec_flags = 0;
const BOOL ret = rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID, sec_flags);
return ret;
}
@@ -828,7 +828,8 @@ BOOL license_write_server_upgrade_license(const rdpLicense* license, wStream* s)
static BOOL license_server_send_new_or_upgrade_license(rdpLicense* license, BOOL upgrade)
{
wStream* s = license_send_stream_init(license);
UINT32 sec_flags = 0;
wStream* s = license_send_stream_init(license, &sec_flags);
const BYTE type = upgrade ? UPGRADE_LICENSE : NEW_LICENSE;
if (!s)
@@ -837,7 +838,7 @@ static BOOL license_server_send_new_or_upgrade_license(rdpLicense* license, BOOL
if (!license_write_server_upgrade_license(license, s))
goto fail;
return license_send(license, s, type);
return license_send(license, s, type, sec_flags);
fail:
Stream_Release(s);
@@ -1752,7 +1753,8 @@ BOOL license_send_license_info(rdpLicense* license, const LICENSE_BLOB* calBlob,
if (!info)
return FALSE;
wStream* s = license_send_stream_init(license);
UINT32 sec_flags = 0;
wStream* s = license_send_stream_init(license, &sec_flags);
if (!s)
return FALSE;
@@ -1785,7 +1787,7 @@ BOOL license_send_license_info(rdpLicense* license, const LICENSE_BLOB* calBlob,
goto error;
Stream_Write(s, signature, signature_length);
return license_send(license, s, LICENSE_INFO);
return license_send(license, s, LICENSE_INFO, sec_flags);
error:
Stream_Release(s);
@@ -1957,14 +1959,15 @@ BOOL license_write_license_request_packet(const rdpLicense* license, wStream* s)
static BOOL license_send_license_request_packet(rdpLicense* license)
{
wStream* s = license_send_stream_init(license);
UINT32 sec_flags = 0;
wStream* s = license_send_stream_init(license, &sec_flags);
if (!s)
return FALSE;
if (!license_write_license_request_packet(license, s))
goto fail;
return license_send(license, s, LICENSE_REQUEST);
return license_send(license, s, LICENSE_REQUEST, sec_flags);
fail:
Stream_Release(s);
@@ -2026,7 +2029,8 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s)
BOOL license_send_error_alert(rdpLicense* license, UINT32 dwErrorCode, UINT32 dwStateTransition,
const LICENSE_BLOB* info)
{
wStream* s = license_send_stream_init(license);
UINT32 sec_flags = 0;
wStream* s = license_send_stream_init(license, &sec_flags);
if (!s)
goto fail;
@@ -2042,7 +2046,7 @@ BOOL license_send_error_alert(rdpLicense* license, UINT32 dwErrorCode, UINT32 dw
goto fail;
}
return license_send(license, s, ERROR_ALERT);
return license_send(license, s, ERROR_ALERT, sec_flags);
fail:
Stream_Release(s);
return FALSE;
@@ -2050,7 +2054,8 @@ fail:
BOOL license_send_platform_challenge_packet(rdpLicense* license)
{
wStream* s = license_send_stream_init(license);
UINT32 sec_flags = 0;
wStream* s = license_send_stream_init(license, &sec_flags);
if (!s)
goto fail;
@@ -2073,7 +2078,7 @@ BOOL license_send_platform_challenge_packet(rdpLicense* license)
Stream_Write(s, license->MACData, sizeof(license->MACData));
return license_send(license, s, PLATFORM_CHALLENGE);
return license_send(license, s, PLATFORM_CHALLENGE, sec_flags);
fail:
Stream_Release(s);
return FALSE;
@@ -2413,6 +2418,7 @@ BOOL license_read_new_license_request_packet(rdpLicense* license, wStream* s)
BOOL license_answer_license_request(rdpLicense* license)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
BYTE* license_data = NULL;
size_t license_size = 0;
@@ -2461,7 +2467,7 @@ BOOL license_answer_license_request(rdpLicense* license)
DEBUG_LICENSE("Sending New License Packet");
s = license_send_stream_init(license);
s = license_send_stream_init(license, &sec_flags);
if (!s)
return FALSE;
if (license->rdp->settings->Username != NULL)
@@ -2502,7 +2508,7 @@ BOOL license_answer_license_request(rdpLicense* license)
return FALSE;
}
return license_send(license, s, NEW_LICENSE_REQUEST);
return license_send(license, s, NEW_LICENSE_REQUEST, sec_flags);
}
/**
@@ -2585,12 +2591,13 @@ BOOL license_send_platform_challenge_response(rdpLicense* license)
winpr_HexLogDump(license->log, WLOG_DEBUG, license->EncryptedHardwareId->data,
license->EncryptedHardwareId->length);
#endif
wStream* s = license_send_stream_init(license);
UINT32 sec_flags = 0;
wStream* s = license_send_stream_init(license, &sec_flags);
if (!s)
return FALSE;
if (license_write_client_platform_challenge_response(license, s))
return license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
return license_send(license, s, PLATFORM_CHALLENGE_RESPONSE, sec_flags);
Stream_Release(s);
return FALSE;

10
libfreerdp/core/multitransport.c
View File

@@ -96,7 +96,8 @@ static BOOL multitransport_request_send(rdpMultitransport* multi, UINT32 reqId,
const BYTE* cookie)
{
WINPR_ASSERT(multi);
wStream* s = rdp_message_channel_pdu_init(multi->rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_message_channel_pdu_init(multi->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -111,7 +112,7 @@ static BOOL multitransport_request_send(rdpMultitransport* multi, UINT32 reqId,
Stream_Zero(s, 2); /* reserved (2 bytes) */
Stream_Write(s, cookie, RDPUDP_COOKIE_LEN); /* securityCookie (16 bytes) */
return rdp_send_message_channel_pdu(multi->rdp, s, SEC_TRANSPORT_REQ);
return rdp_send_message_channel_pdu(multi->rdp, s, sec_flags | SEC_TRANSPORT_REQ);
}
state_run_t multitransport_server_request(rdpMultitransport* multi, UINT16 reqProto)
@@ -140,7 +141,8 @@ BOOL multitransport_client_send_response(rdpMultitransport* multi, UINT32 reqId,
{
WINPR_ASSERT(multi);
wStream* s = rdp_message_channel_pdu_init(multi->rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_message_channel_pdu_init(multi->rdp, &sec_flags);
if (!s)
return FALSE;
@@ -156,7 +158,7 @@ BOOL multitransport_client_send_response(rdpMultitransport* multi, UINT32 reqId,
* UNSIGNED but https://learn.microsoft.com/en-us/windows/win32/learnwin32/error-codes-in-com
* defines this as signed... assume the spec is (implicitly) assuming twos complement. */
Stream_Write_INT32(s, hr); /* HResult (4 bytes) */
return rdp_send_message_channel_pdu(multi->rdp, s, SEC_TRANSPORT_RSP);
return rdp_send_message_channel_pdu(multi->rdp, s, sec_flags | SEC_TRANSPORT_RSP);
}
state_run_t multitransport_recv_response(rdpMultitransport* multi, wStream* s)

12
libfreerdp/core/peer.c
View File

@@ -162,7 +162,8 @@ static int freerdp_peer_virtual_channel_write(freerdp_peer* client, HANDLE hChan
while (length > 0)
{
s = rdp_send_stream_init(rdp);
UINT32 sec_flags = 0;
s = rdp_send_stream_init(rdp, &sec_flags);
if (!s)
return -1;
@@ -192,7 +193,7 @@ static int freerdp_peer_virtual_channel_write(freerdp_peer* client, HANDLE hChan
Stream_Write(s, buffer, chunkSize);
WINPR_ASSERT(peerChannel->channelId <= UINT16_MAX);
if (!rdp_send(rdp, s, (UINT16)peerChannel->channelId))
if (!rdp_send(rdp, s, (UINT16)peerChannel->channelId, sec_flags))
return -1;
buffer += chunkSize;
@@ -435,7 +436,7 @@ static state_run_t peer_recv_tpkt_pdu(freerdp_peer* client, wStream* s)
UINT16 pduType = 0;
UINT16 pduSource = 0;
UINT16 channelId = 0;
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
rdpSettings* settings = NULL;
WINPR_ASSERT(s);
@@ -1247,12 +1248,13 @@ static BOOL freerdp_peer_send_server_redirection_pdu(freerdp_peer* peer,
WINPR_ASSERT(peer);
WINPR_ASSERT(peer->context);
wStream* s = rdp_send_stream_pdu_init(peer->context->rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_send_stream_pdu_init(peer->context->rdp, &sec_flags);
if (!s)
return FALSE;
if (!rdp_write_enhanced_security_redirection_packet(s, redirection))
goto fail;
if (!rdp_send_pdu(peer->context->rdp, s, PDU_TYPE_SERVER_REDIRECTION, 0))
if (!rdp_send_pdu(peer->context->rdp, s, PDU_TYPE_SERVER_REDIRECTION, 0, sec_flags))
goto fail;
rc = rdp_reset_runtime_settings(peer->context->rdp);
fail:

90
libfreerdp/core/rdp.c
View File

@@ -185,7 +185,7 @@ static BOOL rdp_write_share_data_header(rdpRdp* rdp, wStream* s, size_t length,
* @return \b TRUE for success, \b FALSE otherwise
*/
BOOL rdp_read_security_header(rdpRdp* rdp, wStream* s, UINT16* flags, UINT16* length)
BOOL rdp_read_security_header(rdpRdp* rdp, wStream* s, UINT32* flags, UINT16* length)
{
char buffer[256] = { 0 };
WINPR_ASSERT(s);
@@ -202,7 +202,7 @@ BOOL rdp_read_security_header(rdpRdp* rdp, wStream* s, UINT16* flags, UINT16* le
if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, 4))
return FALSE;
Stream_Read_UINT16(s, *flags); /* flags */
Stream_Read_UINT16(s, *(UINT16*)flags); /* flags */
Stream_Seek(s, 2); /* flagsHi (unused) */
WLog_Print(rdp->log, WLOG_TRACE, "%s",
rdp_security_flag_string(*flags, buffer, sizeof(buffer)));
@@ -221,7 +221,7 @@ BOOL rdp_read_security_header(rdpRdp* rdp, wStream* s, UINT16* flags, UINT16* le
* @return \b TRUE for success, \b FALSE otherwise
*/
BOOL rdp_write_security_header(rdpRdp* rdp, wStream* s, UINT16 flags)
BOOL rdp_write_security_header(rdpRdp* rdp, wStream* s, UINT32 flags)
{
char buffer[256] = { 0 };
WINPR_ASSERT(s);
@@ -232,6 +232,8 @@ BOOL rdp_write_security_header(rdpRdp* rdp, wStream* s, UINT16 flags)
WLog_Print(rdp->log, WLOG_TRACE, "%s", rdp_security_flag_string(flags, buffer, sizeof(buffer)));
/* Basic Security Header */
WINPR_ASSERT((flags & (0xFFFF0000 | SEC_FLAGSHI_VALID)) ==
0); /* SEC_FLAGSHI_VALID is unsupported */
Stream_Write_UINT16(s, flags); /* flags */
Stream_Write_UINT16(s, 0); /* flagsHi (unused) */
return TRUE;
@@ -381,10 +383,11 @@ BOOL rdp_write_share_data_header(rdpRdp* rdp, wStream* s, size_t length, BYTE ty
return TRUE;
}
static BOOL rdp_security_stream_init(rdpRdp* rdp, wStream* s, BOOL sec_header)
static BOOL rdp_security_stream_init(rdpRdp* rdp, wStream* s, BOOL sec_header, UINT32* sec_flags)
{
WINPR_ASSERT(rdp);
WINPR_ASSERT(s);
WINPR_ASSERT(sec_flags);
if (rdp->do_crypt)
{
@@ -397,12 +400,12 @@ static BOOL rdp_security_stream_init(rdpRdp* rdp, wStream* s, BOOL sec_header)
return FALSE;
}
rdp->sec_flags |= SEC_ENCRYPT;
*sec_flags |= SEC_ENCRYPT;
if (rdp->do_secure_checksum)
rdp->sec_flags |= SEC_SECURE_CHECKSUM;
*sec_flags |= SEC_SECURE_CHECKSUM;
}
else if (rdp->sec_flags != 0 || sec_header)
else if (*sec_flags != 0 || sec_header)
{
if (!Stream_SafeSeek(s, 4))
return FALSE;
@@ -411,7 +414,7 @@ static BOOL rdp_security_stream_init(rdpRdp* rdp, wStream* s, BOOL sec_header)
return TRUE;
}
wStream* rdp_send_stream_init(rdpRdp* rdp)
wStream* rdp_send_stream_init(rdpRdp* rdp, UINT32* sec_flags)
{
wStream* s = NULL;
@@ -426,7 +429,7 @@ wStream* rdp_send_stream_init(rdpRdp* rdp)
if (!Stream_SafeSeek(s, RDP_PACKET_HEADER_MAX_LENGTH))
goto fail;
if (!rdp_security_stream_init(rdp, s, FALSE))
if (!rdp_security_stream_init(rdp, s, FALSE, sec_flags))
goto fail;
return s;
@@ -435,9 +438,9 @@ fail:
return NULL;
}
wStream* rdp_send_stream_pdu_init(rdpRdp* rdp)
wStream* rdp_send_stream_pdu_init(rdpRdp* rdp, UINT32* sec_flags)
{
wStream* s = rdp_send_stream_init(rdp);
wStream* s = rdp_send_stream_init(rdp, sec_flags);
if (!s)
return NULL;
@@ -451,9 +454,9 @@ fail:
return NULL;
}
wStream* rdp_data_pdu_init(rdpRdp* rdp)
wStream* rdp_data_pdu_init(rdpRdp* rdp, UINT32* sec_flags)
{
wStream* s = rdp_send_stream_pdu_init(rdp);
wStream* s = rdp_send_stream_pdu_init(rdp, sec_flags);
if (!s)
return NULL;
@@ -503,7 +506,7 @@ BOOL rdp_set_error_info(rdpRdp* rdp, UINT32 errorInfo)
return TRUE;
}
wStream* rdp_message_channel_pdu_init(rdpRdp* rdp)
wStream* rdp_message_channel_pdu_init(rdpRdp* rdp, UINT32* sec_flags)
{
wStream* s = NULL;
@@ -517,7 +520,7 @@ wStream* rdp_message_channel_pdu_init(rdpRdp* rdp)
if (!Stream_SafeSeek(s, RDP_PACKET_HEADER_MAX_LENGTH))
goto fail;
if (!rdp_security_stream_init(rdp, s, TRUE))
if (!rdp_security_stream_init(rdp, s, TRUE, sec_flags))
goto fail;
return s;
@@ -665,7 +668,7 @@ BOOL rdp_read_header(rdpRdp* rdp, wStream* s, UINT16* length, UINT16* channelId)
* @return \b TRUE for success, \b FALSE otherwise
*/
BOOL rdp_write_header(rdpRdp* rdp, wStream* s, size_t length, UINT16 channelId)
BOOL rdp_write_header(rdpRdp* rdp, wStream* s, size_t length, UINT16 channelId, UINT32 sec_flags)
{
WINPR_ASSERT(rdp);
WINPR_ASSERT(rdp->settings);
@@ -677,8 +680,7 @@ BOOL rdp_write_header(rdpRdp* rdp, wStream* s, size_t length, UINT16 channelId)
DomainMCSPDU MCSPDU = (rdp->settings->ServerMode) ? DomainMCSPDU_SendDataIndication
: DomainMCSPDU_SendDataRequest;
if ((rdp->sec_flags & SEC_ENCRYPT) &&
(rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS))
if ((sec_flags & SEC_ENCRYPT) && (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS))
{
const UINT16 body_length = (UINT16)length - RDP_PACKET_HEADER_MAX_LENGTH;
const UINT16 pad = 8 - (body_length % 8);
@@ -716,13 +718,12 @@ static BOOL rdp_security_stream_out(rdpRdp* rdp, wStream* s, size_t length, UINT
if (length > UINT16_MAX)
return FALSE;
sec_flags |= rdp->sec_flags;
*pad = 0;
if (sec_flags != 0)
{
WINPR_ASSERT(sec_flags <= UINT16_MAX);
if (!rdp_write_security_header(rdp, s, (UINT16)sec_flags))
if (!rdp_write_security_header(rdp, s, sec_flags))
return FALSE;
if (sec_flags & SEC_ENCRYPT)
@@ -796,25 +797,23 @@ static BOOL rdp_security_stream_out(rdpRdp* rdp, wStream* s, size_t length, UINT
if (!res)
return FALSE;
}
rdp->sec_flags = 0;
}
return TRUE;
}
static UINT32 rdp_get_sec_bytes(rdpRdp* rdp, UINT16 sec_flags)
static UINT32 rdp_get_sec_bytes(rdpRdp* rdp, UINT32 sec_flags)
{
UINT32 sec_bytes = 0;
if (rdp->sec_flags & SEC_ENCRYPT)
if (sec_flags & SEC_ENCRYPT)
{
sec_bytes = 12;
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
sec_bytes += 4;
}
else if (rdp->sec_flags != 0 || sec_flags != 0)
else if (sec_flags != 0)
{
sec_bytes = 4;
}
@@ -833,7 +832,7 @@ static UINT32 rdp_get_sec_bytes(rdpRdp* rdp, UINT16 sec_flags)
* @param channel_id channel id
*/
BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id)
BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id, UINT32 sec_flags)
{
BOOL rc = FALSE;
UINT32 pad = 0;
@@ -846,10 +845,10 @@ BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channel_id)
size_t length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
if (!rdp_write_header(rdp, s, length, channel_id))
if (!rdp_write_header(rdp, s, length, channel_id, sec_flags))
goto fail;
if (!rdp_security_stream_out(rdp, s, length, 0, &pad))
if (!rdp_security_stream_out(rdp, s, length, sec_flags, &pad))
goto fail;
length += pad;
@@ -865,7 +864,7 @@ fail:
return rc;
}
BOOL rdp_send_pdu(rdpRdp* rdp, wStream* s, UINT16 type, UINT16 channel_id)
BOOL rdp_send_pdu(rdpRdp* rdp, wStream* s, UINT16 type, UINT16 channel_id, UINT32 sec_flags)
{
UINT32 sec_bytes = 0;
size_t sec_hold = 0;
@@ -876,16 +875,16 @@ BOOL rdp_send_pdu(rdpRdp* rdp, wStream* s, UINT16 type, UINT16 channel_id)
size_t length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID))
if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
return FALSE;
sec_bytes = rdp_get_sec_bytes(rdp, 0);
sec_bytes = rdp_get_sec_bytes(rdp, sec_flags);
sec_hold = Stream_GetPosition(s);
Stream_Seek(s, sec_bytes);
if (!rdp_write_share_control_header(rdp, s, length - sec_bytes, type, channel_id))
return FALSE;
Stream_SetPosition(s, sec_hold);
if (!rdp_security_stream_out(rdp, s, length, 0, &pad))
if (!rdp_security_stream_out(rdp, s, length, sec_flags, &pad))
return FALSE;
length += pad;
@@ -898,7 +897,7 @@ BOOL rdp_send_pdu(rdpRdp* rdp, wStream* s, UINT16 type, UINT16 channel_id)
return TRUE;
}
BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id)
BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id, UINT32 sec_flags)
{
BOOL rc = FALSE;
UINT32 sec_bytes = 0;
@@ -913,9 +912,9 @@ BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id)
size_t length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID))
if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
goto fail;
sec_bytes = rdp_get_sec_bytes(rdp, 0);
sec_bytes = rdp_get_sec_bytes(rdp, sec_flags);
sec_hold = Stream_GetPosition(s);
Stream_Seek(s, sec_bytes);
if (!rdp_write_share_control_header(rdp, s, length - sec_bytes, PDU_TYPE_DATA, channel_id))
@@ -924,7 +923,7 @@ BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id)
goto fail;
Stream_SetPosition(s, sec_hold);
if (!rdp_security_stream_out(rdp, s, length, 0, &pad))
if (!rdp_security_stream_out(rdp, s, length, sec_flags, &pad))
goto fail;
length += pad;
@@ -944,7 +943,7 @@ fail:
return rc;
}
BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT16 sec_flags)
BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT32 sec_flags)
{
BOOL rc = FALSE;
UINT32 pad = 0;
@@ -954,7 +953,7 @@ BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT16 sec_flags)
size_t length = Stream_GetPosition(s);
Stream_SetPosition(s, 0);
if (!rdp_write_header(rdp, s, length, rdp->mcs->messageChannelId))
if (!rdp_write_header(rdp, s, length, rdp->mcs->messageChannelId, sec_flags))
goto fail;
if (!rdp_security_stream_out(rdp, s, length, sec_flags, &pad))
@@ -1333,10 +1332,12 @@ out_fail:
return STATE_RUN_FAILED;
}
state_run_t rdp_recv_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT16 securityFlags)
state_run_t rdp_recv_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT32 securityFlags)
{
WINPR_ASSERT(rdp);
WINPR_ASSERT(s);
WINPR_ASSERT((securityFlags & (0xFFFF0000 | SEC_FLAGSHI_VALID)) ==
0); /* SEC_FLAGSHI_VALID is unsupported */
if (securityFlags & SEC_AUTODETECT_REQ)
{
@@ -1458,7 +1459,7 @@ BOOL rdp_read_flow_control_pdu(rdpRdp* rdp, wStream* s, UINT16* type, UINT16* ch
* @return \b TRUE for success, \b FALSE otherwise
*/
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT32 securityFlags)
{
BOOL res = FALSE;
BYTE cmac[8] = { 0 };
@@ -1469,6 +1470,8 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
WINPR_ASSERT(rdp->settings);
WINPR_ASSERT(s);
WINPR_ASSERT(pLength);
WINPR_ASSERT((securityFlags & (0xFFFF0000 | SEC_FLAGSHI_VALID)) ==
0); /* SEC_FLAGSHI_VALID is unsupported */
if (!security_lock(rdp))
return FALSE;
@@ -1621,7 +1624,7 @@ static state_run_t rdp_recv_tpkt_pdu(rdpRdp* rdp, wStream* s)
UINT16 pduType = 0;
UINT16 pduSource = 0;
UINT16 channelId = 0;
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
freerdp* instance = NULL;
WINPR_ASSERT(rdp);
@@ -2192,19 +2195,20 @@ BOOL rdp_channel_send_packet(rdpRdp* rdp, UINT16 channelId, size_t totalSize, UI
BOOL rdp_send_error_info(rdpRdp* rdp)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
BOOL status = 0;
if (rdp->errorInfo == ERRINFO_SUCCESS)
return TRUE;
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
Stream_Write_UINT32(s, rdp->errorInfo); /* error id (4 bytes) */
status = rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SET_ERROR_INFO, 0);
status = rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SET_ERROR_INFO, 0, sec_flags);
return status;
}

30
libfreerdp/core/rdp.h
View File

@@ -172,7 +172,6 @@ struct rdp_rdp
UINT32 encrypt_checksum_use_count;
WINPR_CIPHER_CTX* fips_encrypt;
WINPR_CIPHER_CTX* fips_decrypt;
UINT32 sec_flags;
BOOL do_crypt;
BOOL do_crypt_license;
BOOL do_secure_checksum;
@@ -210,8 +209,8 @@ struct rdp_rdp
WINPR_JSON* wellknown;
};
FREERDP_LOCAL BOOL rdp_read_security_header(rdpRdp* rdp, wStream* s, UINT16* flags, UINT16* length);
FREERDP_LOCAL BOOL rdp_write_security_header(rdpRdp* rdp, wStream* s, UINT16 flags);
FREERDP_LOCAL BOOL rdp_read_security_header(rdpRdp* rdp, wStream* s, UINT32* flags, UINT16* length);
FREERDP_LOCAL BOOL rdp_write_security_header(rdpRdp* rdp, wStream* s, UINT32 flags);
FREERDP_LOCAL BOOL rdp_read_share_control_header(rdpRdp* rdp, wStream* s, UINT16* tpktLength,
UINT16* remainingLength, UINT16* type,
@@ -221,29 +220,32 @@ FREERDP_LOCAL BOOL rdp_read_share_data_header(rdpRdp* rdp, wStream* s, UINT16* l
UINT32* share_id, BYTE* compressed_type,
UINT16* compressed_len);
FREERDP_LOCAL wStream* rdp_send_stream_init(rdpRdp* rdp);
FREERDP_LOCAL wStream* rdp_send_stream_pdu_init(rdpRdp* rdp);
FREERDP_LOCAL wStream* rdp_send_stream_init(rdpRdp* rdp, UINT32* sec_flags);
FREERDP_LOCAL wStream* rdp_send_stream_pdu_init(rdpRdp* rdp, UINT32* sec_flags);
FREERDP_LOCAL BOOL rdp_read_header(rdpRdp* rdp, wStream* s, UINT16* length, UINT16* channel_id);
FREERDP_LOCAL BOOL rdp_write_header(rdpRdp* rdp, wStream* s, size_t length, UINT16 channel_id);
FREERDP_LOCAL BOOL rdp_write_header(rdpRdp* rdp, wStream* s, size_t length, UINT16 channel_id,
UINT32 sec_flags);
FREERDP_LOCAL BOOL rdp_send_pdu(rdpRdp* rdp, wStream* s, UINT16 type, UINT16 channel_id);
FREERDP_LOCAL BOOL rdp_send_pdu(rdpRdp* rdp, wStream* s, UINT16 type, UINT16 channel_id,
UINT32 sec_flags);
FREERDP_LOCAL wStream* rdp_data_pdu_init(rdpRdp* rdp);
FREERDP_LOCAL BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id);
FREERDP_LOCAL wStream* rdp_data_pdu_init(rdpRdp* rdp, UINT32* sec_flags);
FREERDP_LOCAL BOOL rdp_send_data_pdu(rdpRdp* rdp, wStream* s, BYTE type, UINT16 channel_id,
UINT32 sec_flags);
FREERDP_LOCAL state_run_t rdp_recv_data_pdu(rdpRdp* rdp, wStream* s);
FREERDP_LOCAL BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channelId);
FREERDP_LOCAL BOOL rdp_send(rdpRdp* rdp, wStream* s, UINT16 channelId, UINT32 sec_flags);
FREERDP_LOCAL BOOL rdp_send_channel_data(rdpRdp* rdp, UINT16 channelId, const BYTE* data,
size_t size);
FREERDP_LOCAL BOOL rdp_channel_send_packet(rdpRdp* rdp, UINT16 channelId, size_t totalSize,
UINT32 flags, const BYTE* data, size_t chunkSize);
FREERDP_LOCAL wStream* rdp_message_channel_pdu_init(rdpRdp* rdp);
FREERDP_LOCAL BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT16 sec_flags);
FREERDP_LOCAL wStream* rdp_message_channel_pdu_init(rdpRdp* rdp, UINT32* sec_flags);
FREERDP_LOCAL BOOL rdp_send_message_channel_pdu(rdpRdp* rdp, wStream* s, UINT32 sec_flags);
FREERDP_LOCAL state_run_t rdp_recv_message_channel_pdu(rdpRdp* rdp, wStream* s,
UINT16 securityFlags);
UINT32 securityFlags);
FREERDP_LOCAL state_run_t rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, wStream* s, UINT16 pduType,
UINT16 length);
@@ -284,7 +286,7 @@ BOOL rdp_finalize_set_flag(rdpRdp* rdp, UINT32 flag);
BOOL rdp_finalize_is_flag_set(rdpRdp* rdp, UINT32 flag);
const char* rdp_finalize_flags_to_str(UINT32 flags, char* buffer, size_t size);
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags);
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT32 securityFlags);
BOOL rdp_set_error_info(rdpRdp* rdp, UINT32 errorInfo);
BOOL rdp_send_error_info(rdpRdp* rdp);

4
libfreerdp/core/test/TestFuzzCoreClient.c
View File

@@ -38,12 +38,12 @@ static BOOL test_client(const uint8_t* Data, size_t Size)
{
UINT16 length = 0;
UINT16 flags = 0;
UINT32 flags = 0;
UINT16 channelId = 0;
UINT16 tpktLength = 0;
UINT16 remainingLength = 0;
UINT16 type = 0;
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
UINT32 share_id = 0;
BYTE compressed_type = 0;
BYTE btype = 0;

4
libfreerdp/core/test/TestFuzzCoreServer.c
View File

@@ -36,12 +36,12 @@ static BOOL test_server(const uint8_t* Data, size_t Size)
{
UINT16 length = 0;
UINT16 flags = 0;
UINT32 flags = 0;
UINT16 channelId = 0;
UINT16 tpktLength = 0;
UINT16 remainingLength = 0;
UINT16 type = 0;
UINT16 securityFlags = 0;
UINT32 securityFlags = 0;
UINT32 share_id = 0;
BYTE compressed_type = 0;
BYTE btype = 0;

34
libfreerdp/core/update.c
View File

@@ -1280,13 +1280,14 @@ static BOOL update_send_refresh_rect(rdpContext* context, BYTE count, const RECT
WINPR_ASSERT(rdp->settings);
if (rdp->settings->RefreshRect)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
update_write_refresh_rect(s, count, areas);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_REFRESH_RECT, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_REFRESH_RECT, rdp->mcs->userId, sec_flags);
}
return TRUE;
@@ -1319,14 +1320,16 @@ static BOOL update_send_suppress_output(rdpContext* context, BYTE allow, const R
WINPR_ASSERT(rdp->settings);
if (rdp->settings->SuppressOutput)
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
update_write_suppress_output(s, allow, area);
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SUPPRESS_OUTPUT, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SUPPRESS_OUTPUT, rdp->mcs->userId,
sec_flags);
}
return TRUE;
@@ -1470,13 +1473,15 @@ static BOOL update_send_frame_acknowledge(rdpContext* context, UINT32 frameId)
WINPR_ASSERT(rdp->settings);
if (rdp->settings->ReceivedCapabilities[CAPSET_TYPE_FRAME_ACKNOWLEDGE])
{
wStream* s = rdp_data_pdu_init(rdp);
UINT32 sec_flags = 0;
wStream* s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
Stream_Write_UINT32(s, frameId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_FRAME_ACKNOWLEDGE, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_FRAME_ACKNOWLEDGE, rdp->mcs->userId,
sec_flags);
}
return TRUE;
@@ -1541,6 +1546,7 @@ out_fail:
static BOOL update_send_play_sound(rdpContext* context, const PLAY_SOUND_UPDATE* play_sound)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(context);
rdpRdp* rdp = context->rdp;
@@ -1553,14 +1559,14 @@ static BOOL update_send_play_sound(rdpContext* context, const PLAY_SOUND_UPDATE*
return TRUE;
}
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
Stream_Write_UINT32(s, play_sound->duration);
Stream_Write_UINT32(s, play_sound->frequency);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_PLAY_SOUND, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_PLAY_SOUND, rdp->mcs->userId, sec_flags);
}
/**
@@ -2454,11 +2460,12 @@ BOOL update_read_suppress_output(rdpUpdate* update, wStream* s)
static BOOL update_send_set_keyboard_indicators(rdpContext* context, UINT16 led_flags)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(context);
rdpRdp* rdp = context->rdp;
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -2467,17 +2474,19 @@ static BOOL update_send_set_keyboard_indicators(rdpContext* context, UINT16 led_
Stream_Write_UINT16(s, led_flags); /* ledFlags (2 bytes) */
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SET_KEYBOARD_INDICATORS, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SET_KEYBOARD_INDICATORS, rdp->mcs->userId,
sec_flags);
}
static BOOL update_send_set_keyboard_ime_status(rdpContext* context, UINT16 imeId, UINT32 imeState,
UINT32 imeConvMode)
{
UINT32 sec_flags = 0;
wStream* s = NULL;
WINPR_ASSERT(context);
rdpRdp* rdp = context->rdp;
s = rdp_data_pdu_init(rdp);
s = rdp_data_pdu_init(rdp, &sec_flags);
if (!s)
return FALSE;
@@ -2488,7 +2497,8 @@ static BOOL update_send_set_keyboard_ime_status(rdpContext* context, UINT16 imeI
Stream_Write_UINT32(s, imeConvMode);
WINPR_ASSERT(rdp->mcs);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SET_KEYBOARD_IME_STATUS, rdp->mcs->userId);
return rdp_send_data_pdu(rdp, s, DATA_PDU_TYPE_SET_KEYBOARD_IME_STATUS, rdp->mcs->userId,
sec_flags);
}
static UINT16 update_calculate_new_or_existing_window(const WINDOW_ORDER_INFO* orderInfo,