diff options
| author | jsorg71 <jay.sorg@gmail.com> | 2014-03-04 20:32:33 -0800 |
|---|---|---|
| committer | jsorg71 <jay.sorg@gmail.com> | 2014-03-04 20:32:33 -0800 |
| commit | 98c9b8b692999a37e06e5d20349a49e1d99ca981 (patch) | |
| tree | 148dfbe3091798af00a2beed943d8c527b545145 /libxrdp | |
| parent | 932d785deb501895e75e293666867fd26a3510c8 (diff) | |
| parent | 1eb03b14515051b2e91fdcf8c806d7674ea83354 (diff) | |
| download | xrdp-proprietary-98c9b8b692999a37e06e5d20349a49e1d99ca981.tar.gz xrdp-proprietary-98c9b8b692999a37e06e5d20349a49e1d99ca981.zip | |
Merge pull request #112 from speidy/fastpath
libxrdp: fastpath changes
Diffstat (limited to 'libxrdp')
| -rw-r--r-- | libxrdp/xrdp_fastpath.c | 52 | ||||
| -rw-r--r-- | libxrdp/xrdp_sec.c | 43 |
2 files changed, 71 insertions, 24 deletions
diff --git a/libxrdp/xrdp_fastpath.c b/libxrdp/xrdp_fastpath.c index 5f7ccc97..d031f003 100644 --- a/libxrdp/xrdp_fastpath.c +++ b/libxrdp/xrdp_fastpath.c @@ -57,27 +57,31 @@ int APP_CC xrdp_fastpath_recv(struct xrdp_fastpath *self, struct stream *s) { int fp_hdr; - int len = 0; + int len = 0; /* unused */ int byte; - int hdr_len = 2; /* fastpath header length - can be 2 or 3 bytes long, depends on length */ DEBUG((" in xrdp_fastpath_recv")); + if (!s_check_rem(s, 2)) + { + return 1; + } in_uint8(s, fp_hdr); /* fpInputHeader (1 byte) */ - //g_writeln("xrdp_fastpath_recv: header= 0x%8.8x", fp_hdr); + in_uint8(s, byte); /* length 1 (1 byte) */ self->numEvents = (fp_hdr & 0x3C) >> 2; self->secFlags = (fp_hdr & 0xC0) >> 6; - // receive fastpath first length packet - in_uint8(s, byte); /* length 1 */ - if (byte & 0x80) { byte &= ~(0x80); len = (byte << 8); - // receive fastpath second length packet - in_uint8(s, byte); /* length 2 */ - hdr_len++; + + if (!s_check_rem(s, 1)) + { + return 1; + } + in_uint8(s, byte); /* length 2 (1 byte) */ + len += byte; } else @@ -85,8 +89,6 @@ xrdp_fastpath_recv(struct xrdp_fastpath *self, struct stream *s) len = byte; } -// g_writeln("len= %d , numEvents= %d, secFlags= %d, bytesleft: %d", len, self->numEvents, self->secFlags, (s->p - s->data)); - DEBUG((" out xrdp_fastpath_recv")); return 0; @@ -254,8 +256,11 @@ xrdp_fastpath_process_EVENT_SCANCODE(struct xrdp_fastpath *self, int eventFlags, int code; flags = 0; + if (!s_check_rem(s, 1)) + { + return 1; + } in_uint8(s, code); /* keyCode (1 byte) */ - //g_writeln("scan code detected: %d", code); if ((eventFlags & FASTPATH_INPUT_KBDFLAGS_RELEASE)) flags |= KBD_FLAG_UP; @@ -287,6 +292,10 @@ xrdp_fastpath_process_EVENT_MOUSE(struct xrdp_fastpath *self, int eventFlags, st int xPos; int yPos; + if (!s_check_rem(s, 2 + 2 + 2)) + { + return 1; + } in_uint16_le(s, pointerFlags); /* pointerFlags (2 bytes) */ in_uint16_le(s, xPos); /* xPos (2 bytes) */ in_uint16_le(s, yPos); /* yPos (2 bytes) */ @@ -313,6 +322,10 @@ xrdp_fastpath_process_EVENT_MOUSEX(struct xrdp_fastpath *self, int eventFlags, s int xPos; int yPos; + if (!s_check_rem(s, 2 + 2 + 2)) + { + return 1; + } in_uint16_le(s, pointerFlags); /* pointerFlags (2 bytes) */ in_uint16_le(s, xPos); /* xPos (2 bytes) */ in_uint16_le(s, yPos); /* yPos (2 bytes) */ @@ -358,6 +371,10 @@ xrdp_fastpath_process_EVENT_SYNC(struct xrdp_fastpath *self, int eventCode, int int APP_CC xrdp_fastpath_process_EVENT_UNICODE(struct xrdp_fastpath *self, int eventFlags, struct stream *s) { + if (!s_check_rem(s, 2)) + { + return 1; + } in_uint8s(s, 2); return 0; } @@ -373,13 +390,17 @@ xrdp_fastpath_process_input_event(struct xrdp_fastpath *self, struct stream *s) // process fastpath input events for (i = 0 ; i < self->numEvents ; i++) { + if (!s_check_rem(s, 1)) + { + return 1; + } in_uint8(s, eventHeader); eventFlags = (eventHeader & 0x1F); eventCode = (eventHeader >> 5); -// g_writeln("eventCode= %d, eventFlags= %d, numEvents= %d", -// eventCode, eventFlags, self->sec_layer->fastpath_layer->numEvents); + //DEBUG(("xrdp_fastpath_process_input_event: eventCode= %d, eventFlags= %d, numEvents= %d", + // eventCode, eventFlags, self->sec_layer->fastpath_layer->numEvents)); switch (eventCode) { @@ -413,10 +434,9 @@ xrdp_fastpath_process_input_event(struct xrdp_fastpath *self, struct stream *s) { return 1; } - break; default: - g_writeln("xrdp_rdp_process_fastpath_data_input: unknown eventCode %d", eventCode); + g_writeln("xrdp_fastpath_process_input_event: unknown eventCode %d", eventCode); break; } diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index c99f9188..6c04a2e5 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -955,20 +955,43 @@ xrdp_sec_establish_keys(struct xrdp_sec *self) int APP_CC xrdp_sec_recv_fastpath(struct xrdp_sec *self, struct stream *s) { + int ver; + int len; + int pad; + if (xrdp_fastpath_recv(self->fastpath_layer, s) != 0) { return 1; } if (self->crypt_level == CRYPT_LEVEL_FIPS) { - in_uint8s(s, 4); /* fipsInformation (4 bytes) */ - } - - in_uint8s(s, 8); /* dataSignature (8 bytes), skip for now */ - - if (self->fastpath_layer->secFlags & FASTPATH_INPUT_ENCRYPTED) - { - xrdp_sec_decrypt(self, s->p, (int)(s->end - s->p)); + if (!s_check_rem(s, 4)) + { + return 1; + } + in_uint16_le(s, len); + in_uint8(s, ver); /* length (2 bytes) */ + if (len != 0x10) /* length MUST set to 0x10 */ + { + return 1; + } + in_uint8(s, pad); + LLOGLN(10, ("xrdp_sec_recv_fastpath: len %d ver %d pad %d", len, ver, pad)); + in_uint8s(s, 8); /* dataSignature (8 bytes), skip for now */ + LLOGLN(10, ("xrdp_sec_recv_fastpath: data len %d", (int)(s->end - s->p))); + xrdp_sec_fips_decrypt(self, s->p, (int)(s->end - s->p)); + s->end -= pad; + } else { + if (!s_check_rem(s, 8)) + { + return 1; + } + in_uint8s(s, 8); /* dataSignature (8 bytes), skip for now */ + + if (self->fastpath_layer->secFlags & FASTPATH_INPUT_ENCRYPTED) + { + xrdp_sec_decrypt(self, s->p, (int)(s->end - s->p)); + } } if (self->fastpath_layer->numEvents == 0) { @@ -976,6 +999,10 @@ xrdp_sec_recv_fastpath(struct xrdp_sec *self, struct stream *s) * If numberEvents is not provided in fpInputHeader, it will be provided * as one additional byte here. */ + if (!s_check_rem(s, 8)) + { + return 1; + } in_uint8(s, self->fastpath_layer->numEvents); /* numEvents (1 byte) (optional) */ } |