Uwu ndi ndemanga yachiwiri pamndandanda wazokhudza kuyesa mapulogalamu otseguka ogwirira ntchito ndi protocol ya RDP. Mmenemo tiwona kasitomala wa rdesktop ndi seva ya xrdp.
Amagwiritsidwa ntchito ngati chida chodziwira zolakwika . Ndi static code analyzer ya C, C++, C# ndi Java zilankhulo, zopezeka pa Windows, Linux ndi macOS nsanja.
Nkhaniyi imangofotokoza zolakwika zimene zinkaoneka ngati zosangalatsa kwa ine. Komabe, ntchitozo ndi zazing'ono, kotero panali zolakwika zochepa :).
ndemanga. Nkhani yapitayi yotsimikizira projekiti ya FreeRDP ikupezeka .
rdesktop
- kukhazikitsa kwaulere kwa kasitomala wa RDP pamakina a UNIX. Itha kugwiritsidwanso ntchito pansi pa Windows ngati mumanga polojekitiyi pansi pa Cygwin. Wololedwa pansi pa GPLv3.
Makasitomala uyu ndiwodziwika kwambiri - amagwiritsidwa ntchito mwachisawawa mu ReactOS, ndipo mutha kupezanso malekezero akutsogolo kwa gulu lachitatu. Komabe, iye ndi wokalamba: kumasulidwa koyamba kunachitika pa April 4, 2001 - pa nthawi yolemba, ali ndi zaka 17.
Monga ndanenera poyamba, ntchitoyi ndi yaing'ono. Lili ndi mizere pafupifupi 30 ya code, zomwe ndizodabwitsa poganizira zaka zake. Poyerekeza, FreeRDP ili ndi mizere 320. Nazi zotsatira za pulogalamu ya Cloc:
Khodi yosafikika
Khodi yosapezeka yapezeka. Ndizotheka kuti cholakwika chilipo. rdesktop.c 1502
int
main(int argc, char *argv[])
{
....
return handle_disconnect_reason(deactivated, ext_disc_reason);
if (g_redirect_username)
xfree(g_redirect_username);
xfree(g_username);
}Vutoli likukumana nafe nthawi yomweyo mu ntchitoyi waukulu: tikuwona code ikubwera pambuyo pa wogwiritsa ntchito obwereza - Chidutswa ichi chimayeretsa kukumbukira. Komabe, cholakwikacho sichimayika chiwopsezo: kukumbukira zonse zomwe zaperekedwa zidzachotsedwa pulogalamuyo ikatha.
Palibe kukonza zolakwika
Array underrun imapezeka. Mtengo wa 'n' index ukhoza kufika -1. rdesktop.c 1872
RD_BOOL
subprocess(char *const argv[], str_handle_lines_t linehandler, void *data)
{
int n = 1;
char output[256];
....
while (n > 0)
{
n = read(fd[0], output, 255);
output[n] = ' '; // <=
str_handle_lines(output, &rest, linehandler, data);
}
....
}Ma code snippet pankhaniyi amawerengedwa kuchokera pafayilo kupita ku buffer mpaka fayiloyo ithe. Komabe, palibe cholakwika chokhudza apa: ngati china chake chalakwika, ndiye werengani adzabwerera -1, ndiyeno gululo lidzadutsa Zotsatira.
Kugwiritsa ntchito EOF mu mtundu wa char
EOF siyenera kufananizidwa ndi mtengo wamtundu wa 'char'. The '(c = fgetc(fp))' iyenera kukhala ya mtundu wa 'int'. ctrl.c 500
int
ctrl_send_command(const char *cmd, const char *arg)
{
char result[CTRL_RESULT_SIZE], c, *escaped;
....
while ((c = fgetc(fp)) != EOF && index < CTRL_RESULT_SIZE && c != 'n')
{
result[index] = c;
index++;
}
....
}Apa tikuwona kusamalidwa kolakwika kofikira kumapeto kwa fayilo: ngati fgetc imabweretsanso munthu yemwe code yake ndi 0xFF, imatanthauzidwa ngati mapeto a fayilo (EOF).
EOF ndizokhazikika, zomwe nthawi zambiri zimatanthauzidwa kuti -1. Mwachitsanzo, mu encoding ya CP1251, chilembo chomaliza cha zilembo za Chirasha chili ndi code 0xFF, yomwe imagwirizana ndi nambala -1 ngati tikukamba za kusintha kofanana. gale-. Zikuoneka kuti chizindikiro 0xFF, ngati EOF (-1) amatanthauzidwa ngati mapeto a fayilo. Pofuna kupewa zolakwika zotere, zotsatira za ntchitoyi ndi fgetc ziyenera kusungidwa mu variable monga Int.
Mitundu
Chigawo 1
Mawu akuti 'write_time' nthawi zonse amakhala zabodza. disk.c 805
RD_NTSTATUS
disk_set_information(....)
{
time_t write_time, change_time, access_time, mod_time;
....
if (write_time || change_time)
mod_time = MIN(write_time, change_time);
else
mod_time = write_time ? write_time : change_time; // <=
....
}Mwina wolemba malamulowa analakwitsa || ΠΈ && mu chikhalidwe. Tiyeni tilingalire zosankha zomwe zingatheke pamakhalidwe kulemba_nthawi ΠΈ kusintha_nthawi:
- Mitundu yonseyi ndi yofanana ndi 0: pamenepa tikhala munthambi china: kusintha mod_time nthawi zonse idzakhala 0 mosasamala kanthu za chikhalidwe chotsatira.
- Chimodzi mwazosintha ndi 0: mod_time adzakhala wofanana ndi 0 (malinga ngati kusintha kwina kuli ndi mtengo wosakhala woipa), chifukwa MIN adzasankha chaching'ono mwa njira ziwirizo.
- Zosintha zonse ziwiri sizofanana ndi 0: sankhani mtengo wocheperako.
Pamene m'malo chikhalidwe ndi write_time && change_time khalidwe lidzawoneka bwino:
- Mtundu umodzi kapena zonse sizili zofanana ndi 0: sankhani mtengo wosakhala ziro.
- Zosintha zonse ziwiri sizofanana ndi 0: sankhani mtengo wocheperako.
Chigawo 2
Kufotokozera kumakhala koona nthawi zonse. Mwina wogwiritsa ntchito '&&' akuyenera kugwiritsidwa ntchito pano. disk.c 1419
static RD_NTSTATUS
disk_device_control(RD_NTHANDLE handle, uint32 request, STREAM in,
STREAM out)
{
....
if (((request >> 16) != 20) || ((request >> 16) != 9))
return RD_STATUS_INVALID_PARAMETER;
....
}Zikuoneka kuti ogwira ntchito asakanizidwanso pano || ΠΈ &&, kapena == ΠΈ !=: Kusintha sikungakhale ndi mtengo wa 20 ndi 9 nthawi imodzi.
Kukopera mzere wopanda malire
Kuitana kwa ntchito ya 'sprintf' kudzatsogolera kusefukira kwa buffer 'fullpath'. disk.c 1257
RD_NTSTATUS
disk_query_directory(....)
{
....
char *dirname, fullpath[PATH_MAX];
....
/* Get information for directory entry */
sprintf(fullpath, "%s/%s", dirname, pdirent->d_name);
....
}Mukayang'ana ntchitoyo mokwanira, zidzaonekeratu kuti code iyi siyambitsa mavuto. Komabe, zitha kubwera mtsogolomo: kusintha kumodzi kosasamala ndipo tidzapeza kusefukira kwa buffer - kuthamanga sikuli malire ndi chirichonse, kotero pamene concatenating njira tikhoza kudutsa malire a gulu. Ndikofunikira kuzindikira kuyimba uku snprintf(fullpath, PATH_MAX, ....).
Mkhalidwe wosafunikira
Chigawo cha mawu okhazikika nthawi zonse chimakhala chowona: onjezani > 0. scard.c 507
static void
inRepos(STREAM in, unsigned int read)
{
SERVER_DWORD add = 4 - read % 4;
if (add < 4 && add > 0)
{
....
}
}kuyendera kuwonjezera 0 palibe chifukwa apa: kusinthika kudzakhala kwakukulu kuposa zero, chifukwa kuwerenga% 4 adzabwezera gawo lotsalira, koma silidzakhala lofanana ndi 4.
xrdp
- kukhazikitsa seva ya RDP yokhala ndi code yotsegula. Pulojekitiyi yagawidwa m'magawo awiri:
- xrdp - kukhazikitsa protocol. Kugawidwa pansi pa chilolezo cha Apache 2.0.
- xorgxrdp - Gulu la madalaivala a Xorg omwe amagwiritsidwa ntchito ndi xrdp. License - X11 (monga MIT, koma imaletsa kugwiritsa ntchito malonda)
Kukula kwa polojekitiyi kumatengera zotsatira za rdesktop ndi FreeRDP. Poyambirira, kuti mugwire ntchito ndi zithunzi, mumayenera kugwiritsa ntchito seva yosiyana ya VNC, kapena seva yapadera ya X11 yokhala ndi chithandizo cha RDP - X11rdp, koma pakubwera kwa xorgxrdp, kufunikira kwawo kunatha.
M'nkhaniyi sitifotokoza xorgxrdp.
Ntchito ya xrdp, monga yapitayi, ndi yaying'ono kwambiri ndipo ili ndi mizere pafupifupi 80 zikwi.
Zolemba zambiri
Khodiyo ili ndi midadada yofanana. Chongani zinthu 'r', 'g', 'r' pamizere 87, 88, 89. rfxencode_rgb_to_yuv.c 87
static int
rfx_encode_format_rgb(const char *rgb_data, int width, int height,
int stride_bytes, int pixel_format,
uint8 *r_buf, uint8 *g_buf, uint8 *b_buf)
{
....
switch (pixel_format)
{
case RFX_FORMAT_BGRA:
....
while (x < 64)
{
*lr_buf++ = r;
*lg_buf++ = g;
*lb_buf++ = r; // <=
x++;
}
....
}
....
}Khodi iyi idatengedwa ku laibulale ya librfxcodec, yomwe imagwiritsa ntchito jpeg2000 codec ya RemoteFX. Apa, mwachiwonekere, mayendedwe azithunzi amasakanikirana - m'malo mwa "buluu" mtundu, "wofiira" amalembedwa. Vutoli mwina lidawoneka chifukwa cha copy-paste.
Vuto lomwelo lidachitikanso muntchito yofananira rfx_encode_format_argb, zomwe analyzer adatiuzanso kuti:
Khodiyo ili ndi midadada yofanana. Chongani zinthu 'a', 'r', 'g', 'r' m'mizere 260, 261, 262, 263. rfxencode_rgb_to_yuv.c 260
while (x < 64)
{
*la_buf++ = a;
*lr_buf++ = r;
*lg_buf++ = g;
*lb_buf++ = r;
x++;
}Array Declaration
Kuthamangitsidwa kwa array ndikotheka. Mtengo wa 'i - 8' index ukhoza kufika 129. genkeymap.c 142
// evdev-map.c
int xfree86_to_evdev[137-8+1] = {
....
};
// genkeymap.c
extern int xfree86_to_evdev[137-8];
int main(int argc, char **argv)
{
....
for (i = 8; i <= 137; i++) /* Keycodes */
{
if (is_evdev)
e.keycode = xfree86_to_evdev[i-8];
....
}
....
}Kulengeza ndi kutanthauzira kwa mndandanda mu mafayilo awiriwa sagwirizana - kukula kwake kumasiyana ndi 1. Komabe, palibe zolakwika zomwe zimachitika - kukula koyenera kumatchulidwa mu fayilo ya evdev-map.c, kotero palibe malire. Kotero ichi ndi cholakwika chabe chomwe chingathe kukonzedwa mosavuta.
Kuyerekeza kolakwika
Gawo la mawu okhazikika nthawi zonse ndi zabodza: ββ(cap_len <0). xrdp_caps.c 616
// common/parse.h
#if defined(B_ENDIAN) || defined(NEED_ALIGN)
#define in_uint16_le(s, v) do
....
#else
#define in_uint16_le(s, v) do
{
(v) = *((unsigned short*)((s)->p));
(s)->p += 2;
} while (0)
#endif
int
xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
{
int cap_len;
....
in_uint16_le(s, cap_len);
....
if ((cap_len < 0) || (cap_len > 1024 * 1024))
{
....
}
....
}Ntchitoyi imawerengera mtundu wosinthika osainidwa mwachidule mu variable monga Int. Kuyang'ana sikofunikira pano chifukwa tikuwerenga zosintha zosasainidwa ndikuyika zotsatira kumitundu yayikulu, kotero kusinthika sikungatenge mtengo woyipa.
Macheke osafunika
Chigawo cha mawu okhazikika nthawi zonse chimakhala chowona: (bpp != 16). libxrdp.c 704
int EXPORT_CC
libxrdp_send_pointer(struct xrdp_session *session, int cache_idx,
char *data, char *mask, int x, int y, int bpp)
{
....
if ((bpp == 15) && (bpp != 16) && (bpp != 24) && (bpp != 32))
{
g_writeln("libxrdp_send_pointer: error");
return 1;
}
....
}Kusalinganika cheke sikumveka pano chifukwa tili ndi kufananitsa kale poyamba. Zikuoneka kuti iyi ndi typo ndipo wopanga adafuna kugwiritsa ntchito wogwiritsa ntchitoyo || kusefa mikangano yolakwika.
Pomaliza
Pa kafukufukuyu, palibe zolakwa zazikulu zomwe zidadziwika, koma zolephera zambiri zidapezeka. Komabe, mapangidwewa amagwiritsidwa ntchito m'machitidwe ambiri, ngakhale ang'onoang'ono. Pulojekiti yaying'ono sikhala ndi zolakwika zambiri, kotero simuyenera kuweruza ntchito ya analyzer pamapulojekiti ang'onoang'ono. Mutha kuwerenga zambiri za izi m'nkhani yakuti "".
Mutha kutsitsa mtundu woyeserera wa PVS-Studio kuchokera kwa ife .
Ngati mukufuna kugawana nkhaniyi ndi omvera olankhula Chingerezi, chonde gwiritsani ntchito ulalo womasulira: Sergey Larin.
Source: www.habr.com