Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unexpected stream overrun #328

Closed
dirk-zimoch opened this issue May 9, 2019 · 8 comments

Comments

@dirk-zimoch
Copy link

commented May 9, 2019

Using rdesktop 1.8.5 I get this error when trying to connect to Windows 10:

ERROR: licence.c:292: licence_process_new_license(), unexpected stream overrun0000 03 00 08 6f 02 f0 80 68 00 01 03 eb 70 88 60 80 ...o...h....p.`.
0010 00 00 00 03 03 5c 08 09 00 44 08 00 00 0a 00 0e .....\...D......
0020 00 00 00 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d ...microsoft.com
0030 00 2c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 .,...M.i.c.r.o.s
0040 00 6f 00 66 00 74 00 20 00 43 00 6f 00 72 00 70 .o.f.t. .C.o.r.p
0050 00 6f 00 72 00 61 00 74 00 69 00 6f 00 6e 00 00 .o.r.a.t.i.o.n..
[...]
0850 8c 62 3a 27 2d 22 06 4e 26 60 e9 3e 4f 31 00 8c .b:'-".N&`.>O1..
0860 23 f3 6c b7 0f e7 94 52 9c de b8 35 53 d3 c7    #.l....R...5S..

Also notice that there is a \n missing after the error message before the dump starts.

I have configured the build with the options --disable-credssp --disable-smartcard (because that was what ./configure suggested)

@CendioOssman

This comment has been minimized.

Copy link
Member

commented May 9, 2019

Hmm... I'm having problems reproducing this. And I don't really see any issue with that code...

Could you apply the following patch and see what the output says?

diff --git a/licence.c b/licence.c
index 9e075d8..96a4bfc 100644
--- a/licence.c
+++ b/licence.c
@@ -284,11 +284,17 @@ licence_process_new_license(STREAM s)
        if (!s_check_rem(s, length))
                return;
 
+       fprintf(stderr, "Before: %ld\n", s_tell(s));
+
        inout_uint8p(s, data, length);
 
+       fprintf(stderr, "After: %ld\n", s_tell(s));
+
        rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
        rdssl_rc4_crypt(&crypt_key, data, data, length);
 
+       fprintf(stderr, "Trying: %ld => %ld - %d = %ld\n", s_tell(s), s_tell(s), length, s_tell(s) - length);
+
        s_seek(s, s_tell(s) - length);
 
        /* Parse NEW_LICENSE_INFO block */
@dirk-zimoch

This comment has been minimized.

Copy link
Author

commented May 9, 2019

Before: 27
After: 2143
Trying: 2143 => 2143 - 2116 = 27
ERROR: licence.c:298: licence_process_new_license(), unexpected stream overrun0000 03 00 08 6f 02 f0 80 68 00 01 03 eb 70 88 60 80 ...o...h....p.`.

@CendioOssman

This comment has been minimized.

Copy link
Member

commented May 9, 2019

Ah, I think I see the issue. Could you try this patch instead:

diff --git a/licence.c b/licence.c
index 9e075d8..4d1b9eb 100644
--- a/licence.c
+++ b/licence.c
@@ -275,6 +275,7 @@ static void
 licence_process_new_license(STREAM s)
 {
        unsigned char *data;
+       size_t before;
        RDSSL_RC4 crypt_key;
        uint32 length;
        int i;
@@ -284,12 +285,13 @@ licence_process_new_license(STREAM s)
        if (!s_check_rem(s, length))
                return;
 
+       before = s_tell(s);
        inout_uint8p(s, data, length);
 
        rdssl_rc4_set_key(&crypt_key, g_licence_key, 16);
        rdssl_rc4_crypt(&crypt_key, data, data, length);
 
-       s_seek(s, s_tell(s) - length);
+       s_seek(s, before);
 
        /* Parse NEW_LICENSE_INFO block */
        in_uint8s(s, 4);        // skip dwVersion
@dirk-zimoch

This comment has been minimized.

Copy link
Author

commented May 9, 2019

Works! Thanks for the quick solution.
Please also consider this change:
rdp.c line 1871:
error("%s:%d: %s(), %s\n", file, line, func, message);

@CendioOssman

This comment has been minimized.

Copy link
Member

commented May 9, 2019

Thanks for testing.

We'll give it a day or so and see if more issues pop up, and then I'll guess we'll have to make a quick 1.8.6. :)

@CendioOssman CendioOssman added the bug label May 9, 2019
@3yan

This comment has been minimized.

Copy link

commented Jun 19, 2019

1.8.6 seems still buggy, at least for me. Needed to rollback to 1.8.4 to make it working (tested both 1.8.5 and 1.8.6), I'm connecting to virtualboxed w7. Seems that I am not alone: https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1683972.html. However, I am not sure if this is the same issue as stated in initial commit or something unrelated.

Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
NOT IMPLEMENTED: PDU 3
ERROR: rdp.c:128: rdp_recv(), unexpected stream overrun0000 03 00 01 41 02 f0 80 68 00 01 03 eb 70 81 32 08 ...A...h....p.2.
0010 00 00 00 9a 35 cb 58 06 dd 1d 0b 4b d9 63 7c 1a ....5.X....K.c|.
0020 39 61 56 0f e3 0c 43 92 c8 62 c6 e8 fa 41 80 0e 9aV...C..b...A..
0030 7a a3 6d 51 7f ac ea ec 99 95 0d e4 a1 df 0a 19 z.mQ............
0040 2c eb 5e 2c 49 d7 59 51 0f 5f c6 e3 e3 e3 b4 3b ,.^,I.YQ._.....;
0050 d9 2a dc d9 39 7d 76 96 34 f2 a2 5a 07 6a 5b 0d .*..9}v.4..Z.j[.
0060 fc 2d cb 11 3b b0 a9 89 c7 2a 5b de fa 6f a4 16 .-..;....*[..o..
0070 52 30 7e a9 b3 99 15 ac 6f 5a 0e a5 ed 14 e0 69 R0~.....oZ.....i
0080 25 5d e7 f6 8d c2 fe 32 9c 35 73 2b 5a 5e 70 78 %].....2.5s+Z^px
0090 56 3e 08 58 63 4b b6 fb 46 1d 00 6d 31 d4 69 2d V>.XcK..F..m1.i-
00a0 fd 60 df 17 02 2e b2 e1 e1 01 6d f1 66 11 66 a1 .``........m.f.f.
00b0 a1 d5 49 54 2b 46 0c c8 9c 73 33 f3 fa ec 2a 70 ..IT+F...s3...*p
00c0 04 03 e6 d2 40 77 b4 5a 0c 13 f3 29 5b 8d c3 bc ....@w.Z...)[...
00d0 72 f2 51 3c af de 1f 7b 9d 94 0f 2c 2c 69 26 29 r.Q<...{...,,i&)
00e0 ad d4 a0 09 ec 84 90 1e fc c0 92 01 f6 fb d8 18 ................
00f0 0c 50 56 60 3f 20 a8 87 5b ee ee 0c 9c 9b 3a 5a .PV``? ..[.....:Z
0100 78 22 72 79 dd d9 1f b4 ce 09 c2 f0 0c ca 83 3d x"ry...........=
0110 9c 30 41 f4 30 b3 65 45 65 2c 64 60 72 4c 7e 59 .0A.0.eEe,d``rL~Y
0120 ea 80 03 c1 67 03 97 06 aa 68 ab d1 cb d0 eb e4 ....g....h......
0130 eb 13 34 8d 94 d3 75 47 23 d6 c8 fb 8c b6 2a d2 ..4...uG#.....*.
0140 3d                                              =
@emrecio

This comment has been minimized.

Copy link

commented Jul 1, 2019

Same problem here... 1.8.4 works, but the newly compiled/downloaded 1.8.6 does not with certain servers. I can connect to some but not others (Windows 7).

WARNING: CredSSP: Failed to establish TLS connection.
Connection established using plain RDP.
NOT IMPLEMENTED: PDU 5
ERROR: rdp.c:128: rdp_recv(), unexpected stream overrun

@CendioOssman

This comment has been minimized.

Copy link
Member

commented Jul 3, 2019

The original issue here is fixed, so I'm closing this issue.

#339 seems to be about the same thing you are seeing. Let's continue the discussion there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.