"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "libxrdp/xrdp_iso.c" between
xrdp-0.9.13.1.tar.gz and xrdp-0.9.14.tar.gz

About: xrdp is a remote desktop protocol (rdp) server (accepting connections from rdesktop and Microsoft’s own terminal server / remote desktop clients).

xrdp_iso.c  (xrdp-0.9.13.1):xrdp_iso.c  (xrdp-0.9.14)
skipping to change at line 131 skipping to change at line 131
} }
/*****************************************************************************/ /*****************************************************************************/
/* returns error */ /* returns error */
static int static int
xrdp_iso_process_rdp_neg_req(struct xrdp_iso *self, struct stream *s) xrdp_iso_process_rdp_neg_req(struct xrdp_iso *self, struct stream *s)
{ {
int flags; int flags;
int len; int len;
if (!s_check_rem(s, 7))
{
LLOGLN(10, ("xrdp_iso_process_rdpNegReq: unexpected end-of-record"));
return 1;
}
in_uint8(s, flags); in_uint8(s, flags);
if (flags != 0x0 && flags != 0x8 && flags != 0x1) if (flags != 0x0 && flags != 0x8 && flags != 0x1)
{ {
LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, flags: %x",flags)); LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, flags: %x",flags));
return 1; return 1;
} }
in_uint16_le(s, len); in_uint16_le(s, len);
if (len != 8) if (len != 8)
{ {
skipping to change at line 155 skipping to change at line 161
in_uint32_le(s, self->requestedProtocol); in_uint32_le(s, self->requestedProtocol);
if (self->requestedProtocol > 0xb) if (self->requestedProtocol > 0xb)
{ {
LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, requestedProtocol: %x", LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, requestedProtocol: %x",
self->requestedProtocol)); self->requestedProtocol));
return 1; return 1;
} }
return 0; return 0;
} }
/*****************************************************************************/ /*****************************************************************************
/* returns error */ * Reads an X.224 PDU (X.224 section 13) preceded by a T.123 TPKT
* header (T.123 section 8)
*
* On entry, the TPKT header length field will have been inspected and used to
* set up the input stream.
*
* On exit, the TPKT header and the fixed part of the PDU header will have been
* removed from the stream.
*
* Returns error
*****************************************************************************/
static int static int
xrdp_iso_recv_msg(struct xrdp_iso *self, struct stream *s, int *code, int *len) xrdp_iso_recv_msg(struct xrdp_iso *self, struct stream *s, int *code, int *len)
{ {
int ver; int ver;
int plen;
*code = 0; *code = 0;
*len = 0; *len = 0;
if (s != self->trans->in_s) if (s != self->trans->in_s)
{ {
LLOGLN(10, ("xrdp_iso_recv_msg error logic")); LLOGLN(10, ("xrdp_iso_recv_msg error logic"));
} }
in_uint8(s, ver); /* TPKT header is 4 bytes, then first 2 bytes of the X.224 CR-TPDU */
if (!s_check_rem(s, 6))
if (ver != 3)
{ {
LLOGLN(10, ("xrdp_iso_recv_msg: bad ver"));
LHEXDUMP(10, (s->data, 4));
return 1; return 1;
} }
in_uint8s(s, 1); in_uint8(s, ver);
in_uint16_be(s, plen); in_uint8s(s, 3); /* Skip reserved field, plus length */
in_uint8(s, *len);
in_uint8(s, *code);
if (plen < 4) if (ver != 3)
{ {
LLOGLN(10, ("xrdp_iso_recv_msg: bad ver"));
LHEXDUMP(10, (s->data, 4));
return 1; return 1;
} }
if (!s_check_rem(s, 2)) if (*len == 255)
{ {
/* X.224 13.2.1 - reserved value */
LLOGLN(10, ("xrdp_iso_recv_msg: reserved length encountered"));
LHEXDUMP(10, (s->data, 4));
return 1; return 1;
} }
in_uint8(s, *len);
in_uint8(s, *code);
if (*code == ISO_PDU_DT) if (*code == ISO_PDU_DT)
{ {
/* Data PDU : X.224 13.7 */
if (!s_check_rem(s, 1)) if (!s_check_rem(s, 1))
{ {
return 1; return 1;
} }
in_uint8s(s, 1); in_uint8s(s, 1);
} }
else else
{ {
/* Other supported PDUs : X.224 13.x */
if (!s_check_rem(s, 5)) if (!s_check_rem(s, 5))
{ {
return 1; return 1;
} }
in_uint8s(s, 5); in_uint8s(s, 5);
} }
return 0; return 0;
} }
skipping to change at line 304 skipping to change at line 322
if (trans_write_copy_s(self->trans, s) != 0) if (trans_write_copy_s(self->trans, s) != 0)
{ {
free_stream(s); free_stream(s);
return 1; return 1;
} }
free_stream(s); free_stream(s);
return 0; return 0;
} }
/*****************************************************************************/ /*****************************************************************************
* Process an X.224 connection request PDU
*
* See MS-RDPCGR v20190923 sections 2.2.1.1 and 3.3.5.3.1.
*
* From the latter, in particular:-
* - The length embedded in the TPKT header MUST be examined for
* consistency with the received data. If there is a discrepancy, the
* connection SHOULD be dropped
* - If the optional routingToken field exists it MUST be ignored.
* - If the optional cookie field is present it MUST be ignored.
* - If both the routingToken and cookie fields are present, the server
* SHOULD continue with the connection.
*****************************************************************************/
/* returns error */ /* returns error */
int int
xrdp_iso_incoming(struct xrdp_iso *self) xrdp_iso_incoming(struct xrdp_iso *self)
{ {
int rv = 0; int rv = 0;
int code; int code;
int len; int len;
int cookie_index;
int cc_type; int cc_type;
char text[256];
char *pend;
struct stream *s; struct stream *s;
int expected_pdu_len;
LLOGLN(10, (" in xrdp_iso_incoming")); LLOGLN(10, (" in xrdp_iso_incoming"));
s = libxrdp_force_read(self->trans); s = libxrdp_force_read(self->trans);
if (s == 0) if (s == NULL)
{ {
return 1; return 1;
} }
if (xrdp_iso_recv_msg(self, s, &code, &len) != 0) if (xrdp_iso_recv_msg(self, s, &code, &len) != 0)
{ {
LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_recv_msg returned non zero")); LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_recv_msg returned non zero"));
return 1; return 1;
} }
if ((code != ISO_PDU_CR) || (len < 6)) if (code != ISO_PDU_CR)
{
return 1;
}
/*
* Make sure the length indicator field extracted from the X.224
* connection request TPDU corresponds to the length in the TPKT header.
*
* We do this by seeing how the indicator field minus the counted
* octets in the TPDU header (6) compares with the space left in
* the stream.
*/
expected_pdu_len = (s->end - s->p) + 6;
if (len != expected_pdu_len)
{ {
LLOGLN(0, ("xrdp_iso_incoming: X.224 CR-TPDU length exp %d got %d",
expected_pdu_len, len));
return 1; return 1;
} }
/* process connection request */ /* process connection request */
pend = s->p + (len - 6); while (s_check_rem(s, 1))
cookie_index = 0;
while (s->p < pend)
{ {
in_uint8(s, cc_type); in_uint8(s, cc_type);
switch (cc_type) switch (cc_type)
{ {
default: default:
break; break;
case RDP_NEG_REQ: /* rdpNegReq 1 */ case RDP_NEG_REQ: /* rdpNegReq 1 */
self->rdpNegData = 1; self->rdpNegData = 1;
if (xrdp_iso_process_rdp_neg_req(self, s) != 0) if (xrdp_iso_process_rdp_neg_req(self, s) != 0)
{ {
LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_process_rdpNegReq re turned non zero")); LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_process_rdpNegReq re turned non zero"));
return 1; return 1;
} }
break; break;
case RDP_CORRELATION_INFO: /* rdpCorrelationInfo 6 */ case RDP_CORRELATION_INFO: /* rdpCorrelationInfo 6 */
// TODO // TODO
if (!s_check_rem(s, 1 + 2 + 16 + 16))
{
LLOGLN(0, ("xrdp_iso_incoming: short correlation info"));
return 1;
}
in_uint8s(s, 1 + 2 + 16 + 16); in_uint8s(s, 1 + 2 + 16 + 16);
break; break;
case 'C': /* Cookie routingToken */ case 'C': /* Cookie */
while (s->p < pend) /* The routingToken and cookie fields are both ASCII
* strings starting with the word 'Cookie: ' and
* ending with CR+LF. We ignore both, so we do
* not need to distinguish them */
while (s_check_rem(s, 1))
{ {
text[cookie_index] = cc_type; in_uint8(s, cc_type);
cookie_index++; if (cc_type == 0x0D && s_check_rem(s, 1))
if (cookie_index > 255)
{
cookie_index = 255;
}
if ((s->p[0] == 0x0D) && (s->p[1] == 0x0A))
{ {
in_uint8s(s, 2); in_uint8(s, cc_type);
text[cookie_index] = 0; if (cc_type == 0x0A)
cookie_index = 0;
if (g_strlen(text) > 0)
{ {
break;
} }
break;
} }
in_uint8(s, cc_type);
} }
break; break;
} }
} }
/* negotiate client-server security layer */ /* negotiate client-server security layer */
rv = xrdp_iso_negotiate_security(self); rv = xrdp_iso_negotiate_security(self);
/* send connection confirm back to client */ /* send connection confirm back to client */
if (xrdp_iso_send_cc(self) != 0) if (xrdp_iso_send_cc(self) != 0)
 End of changes. 28 change blocks. 
39 lines changed or deleted 84 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)