diff options
Diffstat (limited to 'libxrdp')
-rw-r--r-- | libxrdp/libxrdp.c | 62 | ||||
-rw-r--r-- | libxrdp/libxrdpinc.h | 2 | ||||
-rw-r--r-- | libxrdp/xrdp_bitmap_compress.c | 2 | ||||
-rw-r--r-- | libxrdp/xrdp_channel.c | 1 | ||||
-rw-r--r-- | libxrdp/xrdp_orders.c | 134 | ||||
-rw-r--r-- | libxrdp/xrdp_rdp.c | 46 | ||||
-rw-r--r-- | libxrdp/xrdp_sec.c | 76 | ||||
-rw-r--r-- | libxrdp/xrdp_tcp.c | 2 |
8 files changed, 180 insertions, 145 deletions
diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c index 0d7a86b1..05e67eb7 100644 --- a/libxrdp/libxrdp.c +++ b/libxrdp/libxrdp.c @@ -133,9 +133,9 @@ libxrdp_process_data(struct xrdp_session* session) int EXPORT_CC libxrdp_send_palette(struct xrdp_session* session, int* palette) { - int i; - int color; - struct stream* s; + int i = 0; + int color = 0; + struct stream* s = (struct stream *)NULL; if (session->client_info->bpp > 8) { @@ -203,21 +203,21 @@ int EXPORT_CC libxrdp_send_bitmap(struct xrdp_session* session, int width, int height, int bpp, char* data, int x, int y, int cx, int cy) { - int line_size; - int i; - int j; - int total_lines; - int lines_sending; - int Bpp; - int e; - int bufsize; - int total_bufsize; - int num_updates; - char* p_num_updates; - char* p; - char* q; - struct stream* s; - struct stream* temp_s; + int line_size = 0; + int i = 0; + int j = 0; + int total_lines = 0; + int lines_sending = 0; + int Bpp = 0; + int e = 0; + int bufsize = 0; + int total_bufsize = 0; + int num_updates = 0; + char* p_num_updates = (char *)NULL; + char* p = (char *)NULL; + char* q = (char *)NULL; + struct stream* s = (struct stream *)NULL; + struct stream* temp_s = (struct stream *)NULL; DEBUG(("libxrdp_send_bitmap sending bitmap")); Bpp = (bpp + 7) / 8; @@ -651,10 +651,10 @@ int EXPORT_CC libxrdp_query_channel(struct xrdp_session* session, int index, char* channel_name, int* channel_flags) { - int count; - struct xrdp_rdp* rdp; - struct xrdp_mcs* mcs; - struct mcs_channel_item* channel_item; + int count = 0; + struct xrdp_rdp* rdp = (struct xrdp_rdp *)NULL; + struct xrdp_mcs* mcs = (struct xrdp_mcs *)NULL; + struct mcs_channel_item* channel_item = (struct mcs_channel_item *)NULL; rdp = (struct xrdp_rdp*)session->rdp; mcs = rdp->sec_layer->mcs_layer; @@ -687,11 +687,11 @@ libxrdp_query_channel(struct xrdp_session* session, int index, int EXPORT_CC libxrdp_get_channel_id(struct xrdp_session* session, char* name) { - int index; - int count; - struct xrdp_rdp* rdp; - struct xrdp_mcs* mcs; - struct mcs_channel_item* channel_item; + int index = 0; + int count = 0; + struct xrdp_rdp* rdp = NULL; + struct xrdp_mcs* mcs = NULL; + struct mcs_channel_item* channel_item = NULL; rdp = (struct xrdp_rdp*)session->rdp; mcs = rdp->sec_layer->mcs_layer; @@ -717,10 +717,10 @@ libxrdp_send_to_channel(struct xrdp_session* session, int channel_id, char* data, int data_len, int total_data_len, int flags) { - struct xrdp_rdp* rdp; - struct xrdp_sec* sec; - struct xrdp_channel* chan; - struct stream* s; + struct xrdp_rdp* rdp = NULL; + struct xrdp_sec* sec = NULL; + struct xrdp_channel* chan = NULL; + struct stream* s = NULL; rdp = (struct xrdp_rdp*)session->rdp; sec = rdp->sec_layer; diff --git a/libxrdp/libxrdpinc.h b/libxrdp/libxrdpinc.h index 258fbb83..a8ee6640 100644 --- a/libxrdp/libxrdpinc.h +++ b/libxrdp/libxrdpinc.h @@ -20,7 +20,7 @@ */ -#if !defined(LIBXRDPINC_H) +#ifndef LIBXRDPINC_H #define LIBXRDPINC_H struct xrdp_client_info diff --git a/libxrdp/xrdp_bitmap_compress.c b/libxrdp/xrdp_bitmap_compress.c index ccf128f7..fcaab1f7 100644 --- a/libxrdp/xrdp_bitmap_compress.c +++ b/libxrdp/xrdp_bitmap_compress.c @@ -950,7 +950,7 @@ xrdp_bitmap_compress(char* in_data, int width, int height, } else if ((bpp == 15) || (bpp == 16)) { - mix = 0xffff; + mix = (bpp == 15) ? 0xba1f : 0xffff; out_count = end * 2; line = in_data + width * start_line * 2; while (start_line >= 0 && out_count < 32768) diff --git a/libxrdp/xrdp_channel.c b/libxrdp/xrdp_channel.c index 15320ebd..00497c35 100644 --- a/libxrdp/xrdp_channel.c +++ b/libxrdp/xrdp_channel.c @@ -170,6 +170,7 @@ xrdp_channel_process(struct xrdp_channel* self, struct stream* s, g_writeln("xrdp_channel_process, channel not found"); return 1; } + rv = 0; in_uint32_le(s, length); in_uint32_le(s, flags); rv = xrdp_channel_call_callback(self, s, channel_id, length, flags); diff --git a/libxrdp/xrdp_orders.c b/libxrdp/xrdp_orders.c index b12fa27d..ff2ed3d0 100644 --- a/libxrdp/xrdp_orders.c +++ b/libxrdp/xrdp_orders.c @@ -127,6 +127,10 @@ xrdp_orders_send(struct xrdp_orders* self) int APP_CC xrdp_orders_force_send(struct xrdp_orders* self) { + if (self == 0) + { + return 1; + } if ((self->order_level > 0) && (self->order_count > 0)) { s_mark_end(self->out_s); @@ -336,10 +340,10 @@ xrdp_order_pack_small_or_tiny(struct xrdp_orders* self, char* present_ptr, int present, int present_size) { - int move_up_count; - int index; - int size; - int keep_looking; + int move_up_count = 0; + int index = 0; + int size = 0; + int keep_looking = 1; move_up_count = 0; keep_looking = 1; @@ -527,11 +531,11 @@ xrdp_orders_screen_blt(struct xrdp_orders* self, int x, int y, int cx, int cy, int srcx, int srcy, int rop, struct xrdp_rect* rect) { - int order_flags; - int vals[12]; - int present; - char* present_ptr; - char* order_flags_ptr; + int order_flags = 0; + int vals[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + int present = 0; + char* present_ptr = (char *)NULL; + char* order_flags_ptr = (char *)NULL; xrdp_orders_check(self, 25); self->order_count++; @@ -996,13 +1000,15 @@ xrdp_orders_line(struct xrdp_orders* self, int mix_mode, struct xrdp_pen* pen, struct xrdp_rect* rect) { - int order_flags; - int vals[8]; - int present; - char* present_ptr; - char* order_flags_ptr; + int order_flags = 0; + int vals[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + int present = 0; + char* present_ptr = (char *)NULL; + char* order_flags_ptr = (char *)NULL; struct xrdp_pen blank_pen; + g_memset(&blank_pen,0,sizeof(struct xrdp_pen)); + /* if mix mode or rop are out of range, mstsc build 6000+ will parse the orders wrong */ if ((mix_mode < 1) || (mix_mode > 2)) /* TRANSPARENT(1) or OPAQUE(2) */ @@ -1176,11 +1182,11 @@ xrdp_orders_mem_blt(struct xrdp_orders* self, int cache_id, int rop, int srcx, int srcy, int cache_idx, struct xrdp_rect* rect) { - int order_flags; - int vals[12]; - int present; - char* present_ptr; - char* order_flags_ptr; + int order_flags = 0; + int vals[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + int present = 0; + char* present_ptr = (char *)NULL; + char* order_flags_ptr = (char *)NULL; xrdp_orders_check(self, 30); self->order_count++; @@ -1352,10 +1358,10 @@ xrdp_orders_text(struct xrdp_orders* self, int x, int y, char* data, int data_len, struct xrdp_rect* rect) { - int order_flags; - int present; - char* present_ptr; - char* order_flags_ptr; + int order_flags = 0; + int present = 0; + char* present_ptr = (char *)NULL; + char* order_flags_ptr = (char *)NULL; xrdp_orders_check(self, 100); self->order_count++; @@ -1546,14 +1552,14 @@ xrdp_orders_send_raw_bitmap(struct xrdp_orders* self, int width, int height, int bpp, char* data, int cache_id, int cache_idx) { - int order_flags; - int len; - int bufsize; - int Bpp; - int i; - int j; - int pixel; - int e; + int order_flags = 0; + int len = 0; + int bufsize = 0; + int Bpp = 0; + int i = 0; + int j = 0; + int pixel = 0; + int e = 0; if (width > 64) { @@ -1626,16 +1632,16 @@ xrdp_orders_send_bitmap(struct xrdp_orders* self, int width, int height, int bpp, char* data, int cache_id, int cache_idx) { - int order_flags; - int len; - int bufsize; - int Bpp; - int i; - int lines_sending; - int e; - struct stream* s; - struct stream* temp_s; - char* p; + int order_flags = 0; + int len = 0; + int bufsize = 0; + int Bpp = 0; + int i = 0; + int lines_sending = 0; + int e = 0; + struct stream* s = NULL; + struct stream* temp_s = NULL; + char* p = NULL; if (width > 64) { @@ -1717,9 +1723,9 @@ xrdp_orders_send_font(struct xrdp_orders* self, struct xrdp_font_char* font_char, int font_index, int char_index) { - int order_flags; - int datasize; - int len; + int order_flags = 0; + int datasize = 0; + int len = 0; datasize = FONT_DATASIZE(font_char); xrdp_orders_check(self, datasize + 18); @@ -1749,14 +1755,14 @@ xrdp_orders_send_raw_bitmap2(struct xrdp_orders* self, int width, int height, int bpp, char* data, int cache_id, int cache_idx) { - int order_flags; - int len; - int bufsize; - int Bpp; - int i; - int j; - int pixel; - int e; + int order_flags = 0; + int len = 0; + int bufsize = 0; + int Bpp = 0; + int i = 0; + int j = 0; + int pixel = 0; + int e = 0; if (width > 64) { @@ -1830,16 +1836,16 @@ xrdp_orders_send_bitmap2(struct xrdp_orders* self, int width, int height, int bpp, char* data, int cache_id, int cache_idx) { - int order_flags; - int len; - int bufsize; - int Bpp; - int i; - int lines_sending; - int e; - struct stream* s; - struct stream* temp_s; - char* p; + int order_flags = 0; + int len = 0; + int bufsize = 0; + int Bpp = 0; + int i = 0; + int lines_sending = 0; + int e = 0; + struct stream* s = NULL; + struct stream* temp_s = NULL; + char* p = NULL; if (width > 64) { @@ -1904,8 +1910,8 @@ int APP_CC xrdp_orders_send_brush(struct xrdp_orders* self, int width, int height, int bpp, int type, int size, char* data, int cache_id) { - int order_flags; - int len; + int order_flags = 0; + int len = 0; xrdp_orders_check(self, size + 12); self->order_count++; diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 63019b0d..686e567c 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -57,13 +57,16 @@ static tui8 g_unknown2[8] = static int APP_CC xrdp_rdp_read_config(struct xrdp_client_info* client_info) { - int index; - struct list* items; - struct list* values; - char* item; - char* value; + int index = 0; + struct list* items = (struct list *)NULL; + struct list* values = (struct list *)NULL; + char* item = (char *)NULL; + char* value = (char *)NULL; char cfg_file[256]; + /* initialize (zero out) local variables: */ + g_memset(cfg_file,0,sizeof(char) * 256); + items = list_create(); items->auto_free = 1; values = list_create(); @@ -124,7 +127,7 @@ xrdp_rdp_read_config(struct xrdp_client_info* client_info) struct xrdp_rdp* APP_CC xrdp_rdp_create(struct xrdp_session* session, struct trans* trans) { - struct xrdp_rdp* self; + struct xrdp_rdp* self = (struct xrdp_rdp *)NULL; DEBUG(("in xrdp_rdp_create")); self = (struct xrdp_rdp*)g_malloc(sizeof(struct xrdp_rdp), 1); @@ -187,10 +190,10 @@ xrdp_rdp_init_data(struct xrdp_rdp* self, struct stream* s) int APP_CC xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code) { - int error; - int len; - int pdu_code; - int chan; + int error = 0; + int len = 0; + int pdu_code = 0; + int chan = 0; DEBUG(("in xrdp_rdp_recv")); if (s->next_packet == 0 || s->next_packet >= s->end) @@ -248,7 +251,7 @@ xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code) int APP_CC xrdp_rdp_send(struct xrdp_rdp* self, struct stream* s, int pdu_type) { - int len; + int len = 0; DEBUG(("in xrdp_rdp_send")); s_pop_layer(s, rdp_hdr); @@ -270,7 +273,7 @@ int APP_CC xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s, int data_pdu_type) { - int len; + int len = 0; DEBUG(("in xrdp_rdp_send_data")); s_pop_layer(s, rdp_hdr); @@ -298,7 +301,7 @@ xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s, int APP_CC xrdp_rdp_send_data_update_sync(struct xrdp_rdp* self) { - struct stream* s; + struct stream * s = (struct stream *)NULL; make_stream(s); init_stream(s, 8192); @@ -327,8 +330,8 @@ xrdp_rdp_send_data_update_sync(struct xrdp_rdp* self) static int APP_CC xrdp_rdp_parse_client_mcs_data(struct xrdp_rdp* self) { - struct stream* p; - int i; + struct stream* p = (struct stream *)NULL; + int i = 0; p = &(self->sec_layer->client_mcs_data); p->p = p->data; @@ -428,7 +431,8 @@ xrdp_rdp_send_demand_active(struct xrdp_rdp* self) out_uint16_le(s, 0x200); /* Protocol version */ out_uint16_le(s, 0); /* pad */ out_uint16_le(s, 0); /* Compression types */ - out_uint16_le(s, 0); /* pad use 0x40d for rdp packets, 0 for not */ + //out_uint16_le(s, 0); /* pad use 0x40d for rdp packets, 0 for not */ + out_uint16_le(s, 0x40d); /* pad use 0x40d for rdp packets, 0 for not */ out_uint16_le(s, 0); /* Update capability */ out_uint16_le(s, 0); /* Remote unshare capability */ out_uint16_le(s, 0); /* Compression level */ @@ -487,10 +491,10 @@ xrdp_rdp_send_demand_active(struct xrdp_rdp* self) out_uint8(s, 0); /* multi dest blt */ out_uint8(s, 0); /* multi pat blt */ out_uint8(s, 0); /* multi screen blt */ - out_uint8(s, 0); /* multi rect */ + out_uint8(s, 1); /* multi rect */ out_uint8(s, 0); /* fast index */ - out_uint8(s, 0); /* polygon */ - out_uint8(s, 0); /* polygon */ + out_uint8(s, 0); /* polygonSC ([MS-RDPEGDI], 2.2.2.2.1.1.2.16) */ + out_uint8(s, 0); /* polygonCB ([MS-RDPEGDI], 2.2.2.2.1.1.2.17) */ out_uint8(s, 0); /* polyline */ out_uint8(s, 0); /* unused */ out_uint8(s, 0); /* fast glyph */ @@ -644,8 +648,8 @@ static int APP_CC xrdp_process_capset_bmpcache2(struct xrdp_rdp* self, struct stream* s, int len) { - int Bpp; - int i; + int Bpp = 0; + int i = 0; self->client_info.bitmap_cache_version = 2; Bpp = (self->client_info.bpp + 7) / 8; diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index 99067ba7..983be09f 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -303,17 +303,19 @@ unicode_in(struct stream* s, int uni_len, char* dst, int dst_len) static int APP_CC xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s) { - int flags; - int len_domain; - int len_user; - int len_password; - int len_program; - int len_directory; - int len_ip; - int len_dll; - int tzone; + int flags = 0; + int len_domain = 0; + int len_user = 0; + int len_password = 0; + int len_program = 0; + int len_directory = 0; + int len_ip = 0; + int len_dll = 0; + int tzone = 0; char tmpdata[256]; + /* initialize (zero out) local variables */ + g_memset(tmpdata,0,sizeof(char)*256); in_uint8s(s, 4); in_uint32_le(s, flags); DEBUG(("in xrdp_sec_process_logon_info flags $%x", flags)); @@ -340,12 +342,30 @@ xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s) DEBUG(("flag RDP_COMPRESSION found")); } in_uint16_le(s, len_domain); + if (len_domain > 511) { + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain > 511")); + return 1; + } in_uint16_le(s, len_user); + if (len_user > 511) { + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user > 511")); + return 1; + } in_uint16_le(s, len_password); + if (len_password > 511) { + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password > 511")); + return 1; + } in_uint16_le(s, len_program); + if (len_program > 511) { + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program > 511")); + return 1; + } in_uint16_le(s, len_directory); - /* todo, we should error out in any of the above lengths are > 512 */ - /* to avoid buffer overruns */ + if (len_directory > 511) { + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory > 511")); + return 1; + } unicode_in(s, len_domain, self->rdp_layer->client_info.domain, 255); DEBUG(("domain %s", self->rdp_layer->client_info.domain)); unicode_in(s, len_user, self->rdp_layer->client_info.username, 255); @@ -386,7 +406,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s) static int APP_CC xrdp_sec_send_lic_initial(struct xrdp_sec* self) { - struct stream* s; + struct stream* s = (struct stream *)NULL; make_stream(s); init_stream(s, 8192); @@ -725,10 +745,10 @@ xrdp_sec_process_mcs_data_channels(struct xrdp_sec* self, struct stream* s) int APP_CC xrdp_sec_process_mcs_data(struct xrdp_sec* self) { - struct stream* s; - char* hold_p; - int tag; - int size; + struct stream* s = (struct stream *)NULL; + char* hold_p = (char *)NULL; + int tag = 0; + int size = 0; s = &self->client_mcs_data; /* set p to beginning */ @@ -861,13 +881,13 @@ xrdp_sec_out_mcs_data(struct xrdp_sec* self) static void APP_CC xrdp_sec_in_mcs_data(struct xrdp_sec* self) { - struct stream* s; - struct xrdp_client_info* client_info; - int index; - char c; + struct stream* s = (struct stream *)NULL; + struct xrdp_client_info* client_info = (struct xrdp_client_info *)NULL; + int index = 0; + char c = 0; - client_info = &self->rdp_layer->client_info; - s = &self->client_mcs_data; + client_info = &(self->rdp_layer->client_info); + s = &(self->client_mcs_data); /* get hostname, its unicode */ s->p = s->data; in_uint8s(s, 47); @@ -896,13 +916,15 @@ xrdp_sec_in_mcs_data(struct xrdp_sec* self) int APP_CC xrdp_sec_incoming(struct xrdp_sec* self) { - struct list* items; - struct list* values; - int index; - char* item; - char* value; + struct list* items = NULL; + struct list* values = NULL; + int index = 0; + char* item = NULL; + char* value = NULL; char key_file[256]; + g_memset(key_file,0,sizeof(char)*256); + DEBUG((" in xrdp_sec_incoming")); g_random(self->server_random, 32); items = list_create(); diff --git a/libxrdp/xrdp_tcp.c b/libxrdp/xrdp_tcp.c index 86a79ea7..e4755ad6 100644 --- a/libxrdp/xrdp_tcp.c +++ b/libxrdp/xrdp_tcp.c @@ -74,6 +74,8 @@ xrdp_tcp_recv(struct xrdp_tcp* self, struct stream* s, int len) int APP_CC xrdp_tcp_send(struct xrdp_tcp* self, struct stream* s) { + int len; + len = s->end - s->data; DEBUG((" in xrdp_tcp_send, gota send %d bytes", len)); if (trans_force_write_s(self->trans, s) != 0) { |