New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security fixes and code cleanups #4055

Merged
merged 9 commits into from Jul 24, 2017

Conversation

Projects
None yet
5 participants
@akallabeth
Member

akallabeth commented Jul 24, 2017

  • Fixes various issues found by the CISCO TALOS project
  • Fixes include guard keyword misuses
  • Fixes some issues found by clang scanbuild runs

akallabeth and others added some commits May 29, 2017

Fix TALOS issues
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
Fixed wrong type for AuthenticationLevel.
Replaced type BOOL with INT32 as according to MSDN they are typedefed.
This keeps the ABI compatible and fixes the wrong data type.
clipboard: fix possible invalid memory access
Fix an possible issue found by Sébastien Duquette.
@freerdp-bot

This comment has been minimized.

Show comment
Hide comment
@freerdp-bot

freerdp-bot Jul 24, 2017

Refer to this link for build results (access rights to CI server needed):
https://ci.freerdp.com//job/PullRequestTester/2180/

freerdp-bot commented Jul 24, 2017

Refer to this link for build results (access rights to CI server needed):
https://ci.freerdp.com//job/PullRequestTester/2180/

@nfedera nfedera merged commit 1648deb into FreeRDP:master Jul 24, 2017

1 check passed

jenkins: PullRequestTester Build finished.
Details
@@ -17,8 +17,8 @@
* limitations under the License.
*/
#ifndef __HEARTBEAT_H
#define __HEARTBEAT_H
#ifndef FREERDP_LIB_CORE_HEARTBEET_H

This comment has been minimized.

@hardening

hardening Jul 24, 2017

Contributor

typo here HEARTBEAT not HEARTBEET

@hardening

hardening Jul 24, 2017

Contributor

typo here HEARTBEAT not HEARTBEET

@@ -637,7 +637,7 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len, rdpRdp* rdp)
return result;
}
BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp)
BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp)

This comment has been minimized.

@hardening

hardening Jul 24, 2017

Contributor

IIRC we were not recommending to use size_t ?

@hardening

hardening Jul 24, 2017

Contributor

IIRC we were not recommending to use size_t ?

{
if (!subsystem)
return -1;
x11ShadowSubsystem* subsystem = (x11ShadowSubsystem*)sub;

This comment has been minimized.

@hardening

hardening Jul 24, 2017

Contributor

code indentation is strange here

@hardening

hardening Jul 24, 2017

Contributor

code indentation is strange here

{
if (!subsystem)
return -1;
x11ShadowSubsystem* subsystem = (x11ShadowSubsystem*)sub;

This comment has been minimized.

@hardening

hardening Jul 24, 2017

Contributor

same indentation problem

@hardening

hardening Jul 24, 2017

Contributor

same indentation problem

@akallabeth akallabeth deleted the akallabeth:talos_v3 branch Jul 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment