File FreeBSD fixes #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
akallabeth
pushed a commit
that referenced
this pull request
Jan 13, 2017
SSL functions like OpenSSL_add_all_digests should be invoked at very beginning as they are not MT safe. If not we might meet double free exception as following: #0 0x00007f23ddd71c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f23ddd75028 in abort () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f23dddae2a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00007f23dddba55e in ?? () from /lib/x86_64-linux-gnu/libc.so.6 FreeRDP#4 0x00007f23dc6ecfcd in CRYPTO_free () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 FreeRDP#5 0x00007f23dc6ef8d1 in OBJ_NAME_add () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 FreeRDP#6 0x00007f23dc77dcd8 in EVP_add_digest () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 FreeRDP#7 0x00007f23dc782321 in OpenSSL_add_all_digests () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 FreeRDP#8 0x00007f23c781da28 in winpr_openssl_get_evp_md (md=4) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:52 FreeRDP#9 0x00007f23c781dccb in winpr_Digest_Init (ctx=0x7f22d064d470, md=<optimized out>) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:344 FreeRDP#10 0x00007f23d486139b in security_salted_mac_signature (rdp=0x7f23859f5a20, data=0x7f238542d4fb "\004\204\022\004", length=4743, encryption=<optimized out>, output=0x7 at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/security.c:378 FreeRDP#11 0x00007f23d488d73f in fastpath_send_update_pdu (fastpath=<optimized out>, updateCode=4 '\004', s=0x7f23859f5f40, skipCompression=true) at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/fastpath.c:1076 FreeRDP#12 0x00007f23d4891c4f in update_send_surface_frame_bits (context=0x7f23859f5540, cmd=0x7f22b2ffcc80, first=true, last=true, frameId=6) at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/update.c:1041 Related reports: https://rt.openssl.org/Ticket/Display.html?id=2216&user=guest&pass=guest
akallabeth
pushed a commit
that referenced
this pull request
Jun 8, 2023
Uninitialized bytes in __interceptor_strlen at offset 0 inside [0x701000000040, 1)
==220==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x535c13 in freerdp_assistance_hex_string_to_bin /src/FreeRDP/libfreerdp/common/assistance.c:711:11
#1 0x533deb in LLVMFuzzerTestOneInput /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceHexStringToBin.c:5:15
#2 0x43f5f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#3 0x4409a4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:804:3
FreeRDP#4 0x440e79 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
FreeRDP#5 0x4304df in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
FreeRDP#6 0x459b32 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
FreeRDP#7 0x7effc08bb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
FreeRDP#8 0x420f1d in _start (/tmp/not-out/tmpu5o6go0a/TestFuzzCommonAssistanceHexStringToBin+0x420f1d)
akallabeth
pushed a commit
that referenced
this pull request
Jun 8, 2023
…e_file_buffer
```
READ of size 2 at 0x602000000091 thread T0
SCARINESS: 14 (2-byte-read-heap-buffer-overflow)
#0 0x4c6fb9 in StrstrCheck(void*, char*, char const*, char const*) /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:580:5
#1 0x4c6df1 in strstr /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:597:5
#2 0x56c9ba in freerdp_assistance_parse_file_buffer /src/FreeRDP/libfreerdp/common/assistance.c:743:6
#3 0x56b58e in parse_file_buffer /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceParseFileBuffer.c:11:11
FreeRDP#4 0x56b58e in LLVMFuzzerTestOneInput /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceParseFileBuffer.c:20:2
FreeRDP#5 0x43f5e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
FreeRDP#6 0x440994 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:804:3
```
akallabeth
pushed a commit
that referenced
this pull request
Apr 10, 2024
found by coverity
705 if (transferDir == USBD_TRANSFER_DIRECTION_OUT)
706 {
18. Condition !Stream_CheckAndLogRequiredLengthEx("com.freerdp.channels.urbdrc.client" /* "com.freerdp.channels.urbdrc.client" */, 3, s, OutputBufferSize, 1, "%s(%s:%zu)" /* "%s(%s:%zu)" */, <anonymous>, "/home/runner/work/FreeRDP/FreeRDP/channels/urbdrc/client/data_transfer.c", 707UL /* (size_t)707 */), taking true branch.
707 if (!Stream_CheckAndLogRequiredLength(TAG, s, OutputBufferSize))
CID 424733: (#1 of 1): Resource leak (RESOURCE_LEAK)
19. leaked_storage: Variable out going out of scope leaks the storage it points to.
708 return ERROR_INVALID_DATA;
709 Stream_Copy(s, out, OutputBufferSize);
710 }
akallabeth
pushed a commit
that referenced
this pull request
Apr 10, 2024
found by coverity 655 if (Stream_Write_UTF16_String_From_UTF8(s, tmpDirCharLen - 1, tempDirectory->szTempDir, 656 ARRAYSIZE(tempDirectory->szTempDir), TRUE) < 0) CID 424748: (#1 of 1): Resource leak (RESOURCE_LEAK) 9. leaked_storage: Variable s going out of scope leaks the storage it points to. 657 return ERROR_INTERNAL_ERROR; 658 /* Path must be 260 UTF16 characters with '\0' termination. 659 * ensure this here */
akallabeth
pushed a commit
that referenced
this pull request
Apr 10, 2024
found by coverity 128 if (winpr_asprintf(&headers, &size, post_header_fmt, path, hostname, blen) < 0) CID 424888: (#1 of 1): Resource leak (RESOURCE_LEAK) 15. leaked_storage: Variable hostname going out of scope leaks the storage it points to. 129 return FALSE; 130 }
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I fixed two small error that should close FreeRDP#3189
Now it compiles But I cannot test yet it works as excpected
@giox069 do you have an RDP server you can test with FreeRDP?