summaryrefslogtreecommitdiffstats
path: root/libxrdp
diff options
context:
space:
mode:
Diffstat (limited to 'libxrdp')
-rw-r--r--libxrdp/libxrdp.c62
-rw-r--r--libxrdp/libxrdpinc.h2
-rw-r--r--libxrdp/xrdp_bitmap_compress.c2
-rw-r--r--libxrdp/xrdp_channel.c1
-rw-r--r--libxrdp/xrdp_orders.c134
-rw-r--r--libxrdp/xrdp_rdp.c46
-rw-r--r--libxrdp/xrdp_sec.c76
-rw-r--r--libxrdp/xrdp_tcp.c2
8 files changed, 180 insertions, 145 deletions
diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c
index 0d7a86b1..05e67eb7 100644
--- a/libxrdp/libxrdp.c
+++ b/libxrdp/libxrdp.c
@@ -133,9 +133,9 @@ libxrdp_process_data(struct xrdp_session* session)
int EXPORT_CC
libxrdp_send_palette(struct xrdp_session* session, int* palette)
{
- int i;
- int color;
- struct stream* s;
+ int i = 0;
+ int color = 0;
+ struct stream* s = (struct stream *)NULL;
if (session->client_info->bpp > 8)
{
@@ -203,21 +203,21 @@ int EXPORT_CC
libxrdp_send_bitmap(struct xrdp_session* session, int width, int height,
int bpp, char* data, int x, int y, int cx, int cy)
{
- int line_size;
- int i;
- int j;
- int total_lines;
- int lines_sending;
- int Bpp;
- int e;
- int bufsize;
- int total_bufsize;
- int num_updates;
- char* p_num_updates;
- char* p;
- char* q;
- struct stream* s;
- struct stream* temp_s;
+ int line_size = 0;
+ int i = 0;
+ int j = 0;
+ int total_lines = 0;
+ int lines_sending = 0;
+ int Bpp = 0;
+ int e = 0;
+ int bufsize = 0;
+ int total_bufsize = 0;
+ int num_updates = 0;
+ char* p_num_updates = (char *)NULL;
+ char* p = (char *)NULL;
+ char* q = (char *)NULL;
+ struct stream* s = (struct stream *)NULL;
+ struct stream* temp_s = (struct stream *)NULL;
DEBUG(("libxrdp_send_bitmap sending bitmap"));
Bpp = (bpp + 7) / 8;
@@ -651,10 +651,10 @@ int EXPORT_CC
libxrdp_query_channel(struct xrdp_session* session, int index,
char* channel_name, int* channel_flags)
{
- int count;
- struct xrdp_rdp* rdp;
- struct xrdp_mcs* mcs;
- struct mcs_channel_item* channel_item;
+ int count = 0;
+ struct xrdp_rdp* rdp = (struct xrdp_rdp *)NULL;
+ struct xrdp_mcs* mcs = (struct xrdp_mcs *)NULL;
+ struct mcs_channel_item* channel_item = (struct mcs_channel_item *)NULL;
rdp = (struct xrdp_rdp*)session->rdp;
mcs = rdp->sec_layer->mcs_layer;
@@ -687,11 +687,11 @@ libxrdp_query_channel(struct xrdp_session* session, int index,
int EXPORT_CC
libxrdp_get_channel_id(struct xrdp_session* session, char* name)
{
- int index;
- int count;
- struct xrdp_rdp* rdp;
- struct xrdp_mcs* mcs;
- struct mcs_channel_item* channel_item;
+ int index = 0;
+ int count = 0;
+ struct xrdp_rdp* rdp = NULL;
+ struct xrdp_mcs* mcs = NULL;
+ struct mcs_channel_item* channel_item = NULL;
rdp = (struct xrdp_rdp*)session->rdp;
mcs = rdp->sec_layer->mcs_layer;
@@ -717,10 +717,10 @@ libxrdp_send_to_channel(struct xrdp_session* session, int channel_id,
char* data, int data_len,
int total_data_len, int flags)
{
- struct xrdp_rdp* rdp;
- struct xrdp_sec* sec;
- struct xrdp_channel* chan;
- struct stream* s;
+ struct xrdp_rdp* rdp = NULL;
+ struct xrdp_sec* sec = NULL;
+ struct xrdp_channel* chan = NULL;
+ struct stream* s = NULL;
rdp = (struct xrdp_rdp*)session->rdp;
sec = rdp->sec_layer;
diff --git a/libxrdp/libxrdpinc.h b/libxrdp/libxrdpinc.h
index 258fbb83..a8ee6640 100644
--- a/libxrdp/libxrdpinc.h
+++ b/libxrdp/libxrdpinc.h
@@ -20,7 +20,7 @@
*/
-#if !defined(LIBXRDPINC_H)
+#ifndef LIBXRDPINC_H
#define LIBXRDPINC_H
struct xrdp_client_info
diff --git a/libxrdp/xrdp_bitmap_compress.c b/libxrdp/xrdp_bitmap_compress.c
index ccf128f7..fcaab1f7 100644
--- a/libxrdp/xrdp_bitmap_compress.c
+++ b/libxrdp/xrdp_bitmap_compress.c
@@ -950,7 +950,7 @@ xrdp_bitmap_compress(char* in_data, int width, int height,
}
else if ((bpp == 15) || (bpp == 16))
{
- mix = 0xffff;
+ mix = (bpp == 15) ? 0xba1f : 0xffff;
out_count = end * 2;
line = in_data + width * start_line * 2;
while (start_line >= 0 && out_count < 32768)
diff --git a/libxrdp/xrdp_channel.c b/libxrdp/xrdp_channel.c
index 15320ebd..00497c35 100644
--- a/libxrdp/xrdp_channel.c
+++ b/libxrdp/xrdp_channel.c
@@ -170,6 +170,7 @@ xrdp_channel_process(struct xrdp_channel* self, struct stream* s,
g_writeln("xrdp_channel_process, channel not found");
return 1;
}
+ rv = 0;
in_uint32_le(s, length);
in_uint32_le(s, flags);
rv = xrdp_channel_call_callback(self, s, channel_id, length, flags);
diff --git a/libxrdp/xrdp_orders.c b/libxrdp/xrdp_orders.c
index b12fa27d..ff2ed3d0 100644
--- a/libxrdp/xrdp_orders.c
+++ b/libxrdp/xrdp_orders.c
@@ -127,6 +127,10 @@ xrdp_orders_send(struct xrdp_orders* self)
int APP_CC
xrdp_orders_force_send(struct xrdp_orders* self)
{
+ if (self == 0)
+ {
+ return 1;
+ }
if ((self->order_level > 0) && (self->order_count > 0))
{
s_mark_end(self->out_s);
@@ -336,10 +340,10 @@ xrdp_order_pack_small_or_tiny(struct xrdp_orders* self,
char* present_ptr, int present,
int present_size)
{
- int move_up_count;
- int index;
- int size;
- int keep_looking;
+ int move_up_count = 0;
+ int index = 0;
+ int size = 0;
+ int keep_looking = 1;
move_up_count = 0;
keep_looking = 1;
@@ -527,11 +531,11 @@ xrdp_orders_screen_blt(struct xrdp_orders* self, int x, int y,
int cx, int cy, int srcx, int srcy,
int rop, struct xrdp_rect* rect)
{
- int order_flags;
- int vals[12];
- int present;
- char* present_ptr;
- char* order_flags_ptr;
+ int order_flags = 0;
+ int vals[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ int present = 0;
+ char* present_ptr = (char *)NULL;
+ char* order_flags_ptr = (char *)NULL;
xrdp_orders_check(self, 25);
self->order_count++;
@@ -996,13 +1000,15 @@ xrdp_orders_line(struct xrdp_orders* self, int mix_mode,
struct xrdp_pen* pen,
struct xrdp_rect* rect)
{
- int order_flags;
- int vals[8];
- int present;
- char* present_ptr;
- char* order_flags_ptr;
+ int order_flags = 0;
+ int vals[8] = {0, 0, 0, 0, 0, 0, 0, 0};
+ int present = 0;
+ char* present_ptr = (char *)NULL;
+ char* order_flags_ptr = (char *)NULL;
struct xrdp_pen blank_pen;
+ g_memset(&blank_pen,0,sizeof(struct xrdp_pen));
+
/* if mix mode or rop are out of range, mstsc build 6000+ will parse the orders
wrong */
if ((mix_mode < 1) || (mix_mode > 2)) /* TRANSPARENT(1) or OPAQUE(2) */
@@ -1176,11 +1182,11 @@ xrdp_orders_mem_blt(struct xrdp_orders* self, int cache_id,
int rop, int srcx, int srcy,
int cache_idx, struct xrdp_rect* rect)
{
- int order_flags;
- int vals[12];
- int present;
- char* present_ptr;
- char* order_flags_ptr;
+ int order_flags = 0;
+ int vals[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ int present = 0;
+ char* present_ptr = (char *)NULL;
+ char* order_flags_ptr = (char *)NULL;
xrdp_orders_check(self, 30);
self->order_count++;
@@ -1352,10 +1358,10 @@ xrdp_orders_text(struct xrdp_orders* self,
int x, int y, char* data, int data_len,
struct xrdp_rect* rect)
{
- int order_flags;
- int present;
- char* present_ptr;
- char* order_flags_ptr;
+ int order_flags = 0;
+ int present = 0;
+ char* present_ptr = (char *)NULL;
+ char* order_flags_ptr = (char *)NULL;
xrdp_orders_check(self, 100);
self->order_count++;
@@ -1546,14 +1552,14 @@ xrdp_orders_send_raw_bitmap(struct xrdp_orders* self,
int width, int height, int bpp, char* data,
int cache_id, int cache_idx)
{
- int order_flags;
- int len;
- int bufsize;
- int Bpp;
- int i;
- int j;
- int pixel;
- int e;
+ int order_flags = 0;
+ int len = 0;
+ int bufsize = 0;
+ int Bpp = 0;
+ int i = 0;
+ int j = 0;
+ int pixel = 0;
+ int e = 0;
if (width > 64)
{
@@ -1626,16 +1632,16 @@ xrdp_orders_send_bitmap(struct xrdp_orders* self,
int width, int height, int bpp, char* data,
int cache_id, int cache_idx)
{
- int order_flags;
- int len;
- int bufsize;
- int Bpp;
- int i;
- int lines_sending;
- int e;
- struct stream* s;
- struct stream* temp_s;
- char* p;
+ int order_flags = 0;
+ int len = 0;
+ int bufsize = 0;
+ int Bpp = 0;
+ int i = 0;
+ int lines_sending = 0;
+ int e = 0;
+ struct stream* s = NULL;
+ struct stream* temp_s = NULL;
+ char* p = NULL;
if (width > 64)
{
@@ -1717,9 +1723,9 @@ xrdp_orders_send_font(struct xrdp_orders* self,
struct xrdp_font_char* font_char,
int font_index, int char_index)
{
- int order_flags;
- int datasize;
- int len;
+ int order_flags = 0;
+ int datasize = 0;
+ int len = 0;
datasize = FONT_DATASIZE(font_char);
xrdp_orders_check(self, datasize + 18);
@@ -1749,14 +1755,14 @@ xrdp_orders_send_raw_bitmap2(struct xrdp_orders* self,
int width, int height, int bpp, char* data,
int cache_id, int cache_idx)
{
- int order_flags;
- int len;
- int bufsize;
- int Bpp;
- int i;
- int j;
- int pixel;
- int e;
+ int order_flags = 0;
+ int len = 0;
+ int bufsize = 0;
+ int Bpp = 0;
+ int i = 0;
+ int j = 0;
+ int pixel = 0;
+ int e = 0;
if (width > 64)
{
@@ -1830,16 +1836,16 @@ xrdp_orders_send_bitmap2(struct xrdp_orders* self,
int width, int height, int bpp, char* data,
int cache_id, int cache_idx)
{
- int order_flags;
- int len;
- int bufsize;
- int Bpp;
- int i;
- int lines_sending;
- int e;
- struct stream* s;
- struct stream* temp_s;
- char* p;
+ int order_flags = 0;
+ int len = 0;
+ int bufsize = 0;
+ int Bpp = 0;
+ int i = 0;
+ int lines_sending = 0;
+ int e = 0;
+ struct stream* s = NULL;
+ struct stream* temp_s = NULL;
+ char* p = NULL;
if (width > 64)
{
@@ -1904,8 +1910,8 @@ int APP_CC
xrdp_orders_send_brush(struct xrdp_orders* self, int width, int height,
int bpp, int type, int size, char* data, int cache_id)
{
- int order_flags;
- int len;
+ int order_flags = 0;
+ int len = 0;
xrdp_orders_check(self, size + 12);
self->order_count++;
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index 63019b0d..686e567c 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -57,13 +57,16 @@ static tui8 g_unknown2[8] =
static int APP_CC
xrdp_rdp_read_config(struct xrdp_client_info* client_info)
{
- int index;
- struct list* items;
- struct list* values;
- char* item;
- char* value;
+ int index = 0;
+ struct list* items = (struct list *)NULL;
+ struct list* values = (struct list *)NULL;
+ char* item = (char *)NULL;
+ char* value = (char *)NULL;
char cfg_file[256];
+ /* initialize (zero out) local variables: */
+ g_memset(cfg_file,0,sizeof(char) * 256);
+
items = list_create();
items->auto_free = 1;
values = list_create();
@@ -124,7 +127,7 @@ xrdp_rdp_read_config(struct xrdp_client_info* client_info)
struct xrdp_rdp* APP_CC
xrdp_rdp_create(struct xrdp_session* session, struct trans* trans)
{
- struct xrdp_rdp* self;
+ struct xrdp_rdp* self = (struct xrdp_rdp *)NULL;
DEBUG(("in xrdp_rdp_create"));
self = (struct xrdp_rdp*)g_malloc(sizeof(struct xrdp_rdp), 1);
@@ -187,10 +190,10 @@ xrdp_rdp_init_data(struct xrdp_rdp* self, struct stream* s)
int APP_CC
xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code)
{
- int error;
- int len;
- int pdu_code;
- int chan;
+ int error = 0;
+ int len = 0;
+ int pdu_code = 0;
+ int chan = 0;
DEBUG(("in xrdp_rdp_recv"));
if (s->next_packet == 0 || s->next_packet >= s->end)
@@ -248,7 +251,7 @@ xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code)
int APP_CC
xrdp_rdp_send(struct xrdp_rdp* self, struct stream* s, int pdu_type)
{
- int len;
+ int len = 0;
DEBUG(("in xrdp_rdp_send"));
s_pop_layer(s, rdp_hdr);
@@ -270,7 +273,7 @@ int APP_CC
xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s,
int data_pdu_type)
{
- int len;
+ int len = 0;
DEBUG(("in xrdp_rdp_send_data"));
s_pop_layer(s, rdp_hdr);
@@ -298,7 +301,7 @@ xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s,
int APP_CC
xrdp_rdp_send_data_update_sync(struct xrdp_rdp* self)
{
- struct stream* s;
+ struct stream * s = (struct stream *)NULL;
make_stream(s);
init_stream(s, 8192);
@@ -327,8 +330,8 @@ xrdp_rdp_send_data_update_sync(struct xrdp_rdp* self)
static int APP_CC
xrdp_rdp_parse_client_mcs_data(struct xrdp_rdp* self)
{
- struct stream* p;
- int i;
+ struct stream* p = (struct stream *)NULL;
+ int i = 0;
p = &(self->sec_layer->client_mcs_data);
p->p = p->data;
@@ -428,7 +431,8 @@ xrdp_rdp_send_demand_active(struct xrdp_rdp* self)
out_uint16_le(s, 0x200); /* Protocol version */
out_uint16_le(s, 0); /* pad */
out_uint16_le(s, 0); /* Compression types */
- out_uint16_le(s, 0); /* pad use 0x40d for rdp packets, 0 for not */
+ //out_uint16_le(s, 0); /* pad use 0x40d for rdp packets, 0 for not */
+ out_uint16_le(s, 0x40d); /* pad use 0x40d for rdp packets, 0 for not */
out_uint16_le(s, 0); /* Update capability */
out_uint16_le(s, 0); /* Remote unshare capability */
out_uint16_le(s, 0); /* Compression level */
@@ -487,10 +491,10 @@ xrdp_rdp_send_demand_active(struct xrdp_rdp* self)
out_uint8(s, 0); /* multi dest blt */
out_uint8(s, 0); /* multi pat blt */
out_uint8(s, 0); /* multi screen blt */
- out_uint8(s, 0); /* multi rect */
+ out_uint8(s, 1); /* multi rect */
out_uint8(s, 0); /* fast index */
- out_uint8(s, 0); /* polygon */
- out_uint8(s, 0); /* polygon */
+ out_uint8(s, 0); /* polygonSC ([MS-RDPEGDI], 2.2.2.2.1.1.2.16) */
+ out_uint8(s, 0); /* polygonCB ([MS-RDPEGDI], 2.2.2.2.1.1.2.17) */
out_uint8(s, 0); /* polyline */
out_uint8(s, 0); /* unused */
out_uint8(s, 0); /* fast glyph */
@@ -644,8 +648,8 @@ static int APP_CC
xrdp_process_capset_bmpcache2(struct xrdp_rdp* self, struct stream* s,
int len)
{
- int Bpp;
- int i;
+ int Bpp = 0;
+ int i = 0;
self->client_info.bitmap_cache_version = 2;
Bpp = (self->client_info.bpp + 7) / 8;
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
index 99067ba7..983be09f 100644
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -303,17 +303,19 @@ unicode_in(struct stream* s, int uni_len, char* dst, int dst_len)
static int APP_CC
xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s)
{
- int flags;
- int len_domain;
- int len_user;
- int len_password;
- int len_program;
- int len_directory;
- int len_ip;
- int len_dll;
- int tzone;
+ int flags = 0;
+ int len_domain = 0;
+ int len_user = 0;
+ int len_password = 0;
+ int len_program = 0;
+ int len_directory = 0;
+ int len_ip = 0;
+ int len_dll = 0;
+ int tzone = 0;
char tmpdata[256];
+ /* initialize (zero out) local variables */
+ g_memset(tmpdata,0,sizeof(char)*256);
in_uint8s(s, 4);
in_uint32_le(s, flags);
DEBUG(("in xrdp_sec_process_logon_info flags $%x", flags));
@@ -340,12 +342,30 @@ xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s)
DEBUG(("flag RDP_COMPRESSION found"));
}
in_uint16_le(s, len_domain);
+ if (len_domain > 511) {
+ DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain > 511"));
+ return 1;
+ }
in_uint16_le(s, len_user);
+ if (len_user > 511) {
+ DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user > 511"));
+ return 1;
+ }
in_uint16_le(s, len_password);
+ if (len_password > 511) {
+ DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password > 511"));
+ return 1;
+ }
in_uint16_le(s, len_program);
+ if (len_program > 511) {
+ DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program > 511"));
+ return 1;
+ }
in_uint16_le(s, len_directory);
- /* todo, we should error out in any of the above lengths are > 512 */
- /* to avoid buffer overruns */
+ if (len_directory > 511) {
+ DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory > 511"));
+ return 1;
+ }
unicode_in(s, len_domain, self->rdp_layer->client_info.domain, 255);
DEBUG(("domain %s", self->rdp_layer->client_info.domain));
unicode_in(s, len_user, self->rdp_layer->client_info.username, 255);
@@ -386,7 +406,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s)
static int APP_CC
xrdp_sec_send_lic_initial(struct xrdp_sec* self)
{
- struct stream* s;
+ struct stream* s = (struct stream *)NULL;
make_stream(s);
init_stream(s, 8192);
@@ -725,10 +745,10 @@ xrdp_sec_process_mcs_data_channels(struct xrdp_sec* self, struct stream* s)
int APP_CC
xrdp_sec_process_mcs_data(struct xrdp_sec* self)
{
- struct stream* s;
- char* hold_p;
- int tag;
- int size;
+ struct stream* s = (struct stream *)NULL;
+ char* hold_p = (char *)NULL;
+ int tag = 0;
+ int size = 0;
s = &self->client_mcs_data;
/* set p to beginning */
@@ -861,13 +881,13 @@ xrdp_sec_out_mcs_data(struct xrdp_sec* self)
static void APP_CC
xrdp_sec_in_mcs_data(struct xrdp_sec* self)
{
- struct stream* s;
- struct xrdp_client_info* client_info;
- int index;
- char c;
+ struct stream* s = (struct stream *)NULL;
+ struct xrdp_client_info* client_info = (struct xrdp_client_info *)NULL;
+ int index = 0;
+ char c = 0;
- client_info = &self->rdp_layer->client_info;
- s = &self->client_mcs_data;
+ client_info = &(self->rdp_layer->client_info);
+ s = &(self->client_mcs_data);
/* get hostname, its unicode */
s->p = s->data;
in_uint8s(s, 47);
@@ -896,13 +916,15 @@ xrdp_sec_in_mcs_data(struct xrdp_sec* self)
int APP_CC
xrdp_sec_incoming(struct xrdp_sec* self)
{
- struct list* items;
- struct list* values;
- int index;
- char* item;
- char* value;
+ struct list* items = NULL;
+ struct list* values = NULL;
+ int index = 0;
+ char* item = NULL;
+ char* value = NULL;
char key_file[256];
+ g_memset(key_file,0,sizeof(char)*256);
+
DEBUG((" in xrdp_sec_incoming"));
g_random(self->server_random, 32);
items = list_create();
diff --git a/libxrdp/xrdp_tcp.c b/libxrdp/xrdp_tcp.c
index 86a79ea7..e4755ad6 100644
--- a/libxrdp/xrdp_tcp.c
+++ b/libxrdp/xrdp_tcp.c
@@ -74,6 +74,8 @@ xrdp_tcp_recv(struct xrdp_tcp* self, struct stream* s, int len)
int APP_CC
xrdp_tcp_send(struct xrdp_tcp* self, struct stream* s)
{
+ int len;
+ len = s->end - s->data;
DEBUG((" in xrdp_tcp_send, gota send %d bytes", len));
if (trans_force_write_s(self->trans, s) != 0)
{