Commit Graph

76 Commits

Author SHA1 Message Date
Dmitry Maksyoma
9084409a20 Merge branch 'users' into packages_and_multiuser_passwd 2021-02-25 22:10:40 +13:00
Lauri Kasanen
a4e70ff56b Remove less-than-256-colors indexed limit for small rects 2021-01-15 13:08:20 +02:00
Lauri Kasanen
481b063eb7 Fix missing init for DLP timestamps 2020-12-03 12:29:38 +02:00
Lauri Kasanen
531705c05c Remove set-desktop-size perms from read-only clients 2020-10-14 15:50:28 +03:00
Lauri Kasanen
1f69d1584a Prevent read-only clients from changing kasm settings 2020-10-14 15:44:48 +03:00
Lauri Kasanen
36deba3a75 Correct non-basicauth and command-line user:pass being read-only 2020-10-14 14:27:08 +03:00
Lauri Kasanen
0c83a86bc8 Dynamically apply permissions 2020-10-13 13:38:18 +03:00
Lauri Kasanen
263d05a296 Apply read-only perms upon connecting 2020-10-12 15:11:49 +03:00
Lauri Kasanen
80513c8616 Change "recent" to be 10s from 60s, and in its own variable 2020-10-02 14:44:33 +03:00
Lauri Kasanen
279c41fc32 Add option to pass the password in an encrypted file, kasmvncpasswd utility 2020-10-01 14:37:51 +03:00
Lauri Kasanen
ae07707e66 Don't log BasicAuth 2020-10-01 13:07:32 +03:00
Lauri Kasanen
bb71cd4ec4 Have stats react faster to big cpu lag spikes 2020-10-01 13:00:34 +03:00
Lauri Kasanen
99fe70bbd6 Add a debug-level print on the last ~second's maximum encoding time 2020-09-28 14:37:19 +03:00
Lauri Kasanen
b30318a68f Change stats format to JSON array style 2020-09-28 14:26:38 +03:00
Lauri Kasanen
d5bdef121a Add support for bottleneck stats 2020-09-21 15:51:56 +03:00
Pierre Ossman
47bba8a1e6 Fix JpegCompressor::overrun() type change
The method it overloads got tweaked some time ago, so we need to make
sure this method follows suit.
2020-09-21 13:42:29 +03:00
Lauri Kasanen
49f9ce8e5b Remove remnants of the old HTTP server 2020-09-21 13:17:11 +03:00
Pierre Ossman
06fd7ac061 Use sys/time.h on Windows as well
Modern MinGW seems to provide this, so simplify things a bit. This also
side steps some of the issue of the windows.h/winsock2.h include
ordering.
2020-09-21 13:05:50 +03:00
Pierre Ossman
ed73ac2aa7 Handle pixel formats with odd shift values
Our fast paths assume that each channel fits in to a separate byte.
That means the shift needs to be a multiple of 8. Start actually
checking this so that a client cannot trip us up and possibly cause
incorrect code exection.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:56:53 +03:00
Pierre Ossman
259f1055cb Use size_t for lengths in stream objects
Provides safety against them accidentally becoming negative because
of bugs in the calculations.

Also does the same to CharArray and friends as they were strongly
connection to the stream objects.
2020-09-21 12:55:59 +03:00
Pierre Ossman
1d5aaf54f8 Add sanity checks for PixelFormat shift values
Otherwise we might be tricked in to reading and writing things at
incorrect offsets for pixels which ultimately could result in an
attacker writing things to the stack or heap and executing things
they shouldn't.

This only affects the server as the client never uses the pixel
format suggested by th server.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:47:56 +03:00
Pierre Ossman
9f7abaea3a Fix depth sanity test in PixelFormat 2020-09-21 12:47:22 +03:00
Pierre Ossman
1224cbdc21 Handle empty Tight gradient rects
We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:46:27 +03:00
Pierre Ossman
6a3f711878 Add write protection to OffsetPixelBuffer
No one should every try to write to this buffer. Enforce that by
throwing an exception if any one tries to get a writeable pointer
to the data.
2020-09-21 12:45:51 +03:00
Pierre Ossman
3282836baf Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab
2020-09-21 12:40:12 +03:00
matt
408c005d3e Initial commit 2020-09-20 12:16:44 +00:00