diff options
| author | speidy <speidy@gmail.com> | 2014-12-15 22:12:16 +0200 |
|---|---|---|
| committer | speidy <speidy@gmail.com> | 2014-12-15 22:12:16 +0200 |
| commit | 5e89424129c99fb7a052d9840c2e735532291ce6 (patch) | |
| tree | a1cf6ccff31b4d55a19ce95509060f77a0b6c081 | |
| parent | bf622c46a6a6ce22e8bb8e4feec983966613fd43 (diff) | |
| download | xrdp-proprietary-5e89424129c99fb7a052d9840c2e735532291ce6.tar.gz xrdp-proprietary-5e89424129c99fb7a052d9840c2e735532291ce6.zip | |
libxrdp: fix for 'low' RDP security level (issue #202)
| -rw-r--r-- | libxrdp/xrdp_sec.c | 77 |
1 files changed, 42 insertions, 35 deletions
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index b0291ef9..26158f5e 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -480,17 +480,21 @@ xrdp_sec_init(struct xrdp_sec *self, struct stream *s) return 1; } - if (self->crypt_level == CRYPT_LEVEL_FIPS) - { - s_push_layer(s, sec_hdr, 4 + 4 + 8); - } - else if (self->crypt_level > CRYPT_LEVEL_LOW) - { - s_push_layer(s, sec_hdr, 4 + 8); - } - else - { - } + if (self->crypt_level > CRYPT_LEVEL_NONE) /* RDP encryption */ + { + if (self->crypt_level == CRYPT_LEVEL_FIPS) + { + s_push_layer(s, sec_hdr, 4 + 4 + 8); + } + else if (self->crypt_level > CRYPT_LEVEL_LOW) + { + s_push_layer(s, sec_hdr, 4 + 8); + } + else if (self->crypt_level) + { + s_push_layer(s, sec_hdr, 4); + } + } return 0; } @@ -1408,30 +1412,33 @@ xrdp_sec_send(struct xrdp_sec *self, struct stream *s, int chan) DEBUG((" in xrdp_sec_send")); s_pop_layer(s, sec_hdr); - if (self->crypt_level == CRYPT_LEVEL_FIPS) - { - LLOGLN(10, ("xrdp_sec_send: fips")); - out_uint32_le(s, SEC_ENCRYPT); - datalen = (int)((s->end - s->p) - 12); - out_uint16_le(s, 16); /* crypto header size */ - out_uint8(s, 1); /* fips version */ - pad = (8 - (datalen % 8)) & 7; - g_memset(s->end, 0, pad); - s->end += pad; - out_uint8(s, pad); /* fips pad */ - xrdp_sec_fips_sign(self, s->p, 8, s->p + 8, datalen); - xrdp_sec_fips_encrypt(self, s->p + 8, datalen + pad); - } - else if (self->crypt_level > CRYPT_LEVEL_LOW) - { - out_uint32_le(s, SEC_ENCRYPT); - datalen = (int)((s->end - s->p) - 8); - xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen); - xrdp_sec_encrypt(self, s->p + 8, datalen); - } - else - { -// out_uint32_le(s, 0); + if (self->crypt_level > CRYPT_LEVEL_NONE) + { + if (self->crypt_level == CRYPT_LEVEL_FIPS) + { + LLOGLN(10, ("xrdp_sec_send: fips")); + out_uint32_le(s, SEC_ENCRYPT); + datalen = (int)((s->end - s->p) - 12); + out_uint16_le(s, 16); /* crypto header size */ + out_uint8(s, 1); /* fips version */ + pad = (8 - (datalen % 8)) & 7; + g_memset(s->end, 0, pad); + s->end += pad; + out_uint8(s, pad); /* fips pad */ + xrdp_sec_fips_sign(self, s->p, 8, s->p + 8, datalen); + xrdp_sec_fips_encrypt(self, s->p + 8, datalen + pad); + } + else if (self->crypt_level > CRYPT_LEVEL_LOW) + { + out_uint32_le(s, SEC_ENCRYPT); + datalen = (int)((s->end - s->p) - 8); + xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen); + xrdp_sec_encrypt(self, s->p + 8, datalen); + } + else + { + out_uint32_le(s, 0); + } } if (xrdp_mcs_send(self->mcs_layer, s, chan) != 0) |