Commit Graph

846 Commits

Author SHA1 Message Date
Pierre Ossman
45e44a66e5 Tolerate specifying -BoolParam 0 and similar
This is needed by vncserver which doesn't know which parameters are
boolean, and it cannot use the -Param=Value form as that isn't tolerated
by the Xorg code.
2020-09-21 13:54:41 +03:00
Pierre Ossman
3528e358cc Free memory from getaddrinfo()
We handled this in the failure scenario, but not in the vastly more
common successful case.
2020-09-21 13:52:01 +03:00
Mark Mielke
f814a93214 vncserver: Remove legacy HP-UX support
The check for existence of `/usr/spool/sockets/X11/<n>` has been
removed. This file is only relevant on HP-UX, and TigerVNC dropped
support for HP-UX in commit 31e5aa3.
2020-09-21 13:51:13 +03:00
Pierre Ossman
285bcfb141 Run maketarball through bash
It uses bash-isms so a POSIX shell will not work correctly.
2020-09-21 13:48:54 +03:00
Andrew Yoder
c312417d81 Correction to socket error connection message 2020-09-21 13:47:04 +03:00
Mark Mielke
80a637c793 Fix division by zero exception in SSecurityPlain.
If using SSecurityPlain and the user specifies an empty username
and password, it will invoke InStream::checkNoWait(0) which will
cause a division by zero when calculating the number of available
items.

Enhance InStream::check() to behave properly when asked for
zero items, or zero sized items.

Add comments to InStream::check(), InStream::checkNoWait(),
and InStream::readBytes() to document expected behaviour
when requested to check or read zero items, or an item with
zero size.
2020-09-21 13:46:38 +03:00
Pierre Ossman
27d6677a31 Don't clear complex objects using memset()
This is fine for simple structs but not class based objects.
2020-09-21 13:43:40 +03:00
Pierre Ossman
e2cea31e87 Silence clang deprecated warnings on macOS
We still target a very old version of macOS, which tends to make clang
very upset, so we need to turn off depercation warnings.
2020-09-21 13:43:22 +03:00
Pierre Ossman
47bba8a1e6 Fix JpegCompressor::overrun() type change
The method it overloads got tweaked some time ago, so we need to make
sure this method follows suit.
2020-09-21 13:42:29 +03:00
Pierre Ossman
e5b02f996e Catch errors resizing framebuffer 2020-09-21 13:37:53 +03:00
Pierre Ossman
9eca28a084 Add final line break to FatalError() calls
It expects the callers to include this, so make sure we're consistently
providing one.
2020-09-21 13:37:31 +03:00
Samuel Mannehed
77cc62ecc0 Bump up Windows version from Vista to Windows 7 2020-09-21 13:36:48 +03:00
Pierre Ossman
04037ef779 Also link in math library in static build
It's included by default in dynamic builds so we need to make sure it
isn't lost when switching to static.
2020-09-21 13:33:48 +03:00
Pierre Ossman
a2099e5e40 Avoid using RegionInit() because of empty rects
It creates an invalid region if given an empty rect. Fortunately
RegionInitBoxes() handles that just fine, so use that instead.
2020-09-21 13:29:49 +03:00
Pierre Ossman
f528483975 Stop using legacy region macros
We no longer support such old X servers so start using the current
functions.
2020-09-21 13:29:24 +03:00
Pierre Ossman
a00e40c340 Handle empty changes for every operation
It seems like many of the X11 operations can end up with no pixels
actually changing. So instead of discovering and adding workarounds for
each individually we'll just check very region added if it's empty.
2020-09-21 13:28:33 +03:00
Pierre Ossman
a4e0dbf7db Remove 8-bit support from documentation
We removed support in the code ages ago, but overlooked this part of the
documentation. Also remove some dead code in Xvnc on the same theme.
2020-09-21 13:27:19 +03:00
Pierre Ossman
da406d0cac Include error code in getaddrinfo() exceptions 2020-09-21 13:26:51 +03:00
Pierre Ossman
9240f0b85c Avoid using insecure variable length arrays 2020-09-21 13:26:39 +03:00
Alex Tanskanen
03639406dc Throw GAIException() for getaddrinfo errors
Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.
2020-09-21 13:26:15 +03:00
Alex Tanskanen
209712b18f Fix typo in SocketException message 2020-09-21 13:25:51 +03:00
Alex Tanskanen
57427d5d33 Make system error messeges in Windows 10 use UTF-8
The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.
2020-09-21 13:25:38 +03:00
Pierre Ossman
06f3413446 Remove support for old Xorg versions
No current distribution ship anything this ancient anyway.
2020-09-21 13:25:11 +03:00
Pierre Ossman
fab177579f Fix C linking when doing static builds 2020-09-21 13:21:06 +03:00
Pierre Ossman
f38e474993 Fix error check for zlib calls
There are multiple "okay" return values, not just Z_OK. Make sure we
don't bail out needlessly.
2020-09-21 13:18:11 +03:00
Lauri Kasanen
49f9ce8e5b Remove remnants of the old HTTP server 2020-09-21 13:17:11 +03:00
Linus Heckemann
6e5a837c21 xserver: add no-op input thread init function
This allows Xvnc to build with xorg-server 1.20.7, which requires OS
layers to implement a ddxInputThreadInit function when configured with
--enable-input-thread (the default).

relevant xorg-server commit: e3f26605d85d987da434640f52646d728f1fe919
2020-09-21 13:07:43 +03:00
Pierre Ossman
a11a55aeec Include Carbon when statically linking gettext on macOS
As gettext needs some stuff from Carbon and we don't want to rely on it
being pulled in as a side effect.
2020-09-21 13:07:18 +03:00
Pierre Ossman
06fd7ac061 Use sys/time.h on Windows as well
Modern MinGW seems to provide this, so simplify things a bit. This also
side steps some of the issue of the windows.h/winsock2.h include
ordering.
2020-09-21 13:05:50 +03:00
Pierre Ossman
b7dc4a16fe Handle pending data in TLS buffers
There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.
2020-09-21 13:00:41 +03:00
Pierre Ossman
3ee909ffe6 Don't background the main session command
When used with -fg we expect the startup script to remain running until
the session is over. This will not happen if the session command is put
in the background using &.
2020-09-21 12:59:06 +03:00
Pierre Ossman
c3279914c1 Fix link order of nettle and hogweed
Hogweed needs nettle, not the other way around. So make sure they
are specified in the correct order for the static link to succeed.
2020-09-21 12:58:11 +03:00
Pierre Ossman
ed73ac2aa7 Handle pixel formats with odd shift values
Our fast paths assume that each channel fits in to a separate byte.
That means the shift needs to be a multiple of 8. Start actually
checking this so that a client cannot trip us up and possibly cause
incorrect code exection.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:56:53 +03:00
Pierre Ossman
ae6cbd19e9 Be defensive about overflows in stream objects
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:56:23 +03:00
Pierre Ossman
259f1055cb Use size_t for lengths in stream objects
Provides safety against them accidentally becoming negative because
of bugs in the calculations.

Also does the same to CharArray and friends as they were strongly
connection to the stream objects.
2020-09-21 12:55:59 +03:00
Pierre Ossman
346fccb96c Remove unused FixedMemOutStream 2020-09-21 12:48:20 +03:00
Pierre Ossman
1d5aaf54f8 Add sanity checks for PixelFormat shift values
Otherwise we might be tricked in to reading and writing things at
incorrect offsets for pixels which ultimately could result in an
attacker writing things to the stack or heap and executing things
they shouldn't.

This only affects the server as the client never uses the pixel
format suggested by th server.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:47:56 +03:00
Pierre Ossman
9f7abaea3a Fix depth sanity test in PixelFormat 2020-09-21 12:47:22 +03:00
Pierre Ossman
1224cbdc21 Handle empty Tight gradient rects
We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:46:27 +03:00
Pierre Ossman
6a3f711878 Add write protection to OffsetPixelBuffer
No one should every try to write to this buffer. Enforce that by
throwing an exception if any one tries to get a writeable pointer
to the data.
2020-09-21 12:45:51 +03:00
Pierre Ossman
3282836baf Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab
2020-09-21 12:40:12 +03:00
Lauri Kasanen
ac06594b12 Add .gitignore 2020-09-21 12:33:19 +03:00
Kasm
5da407c11f
Update README.md 2020-09-20 09:11:28 -04:00
Kasm
313961153c
Update install.sh
Modified installer to use release on GitHub
2020-09-20 09:04:35 -04:00
matt
408c005d3e Initial commit 2020-09-20 12:16:44 +00:00
Kasm
09a4460ddb
Initial commit 2020-09-13 12:50:42 -04:00