ProHoster > Blog > Ulamuliro > Kuyang'ana rdesktop ndi xrdp ndi PVS-Studio analyzer

Kuyang'ana rdesktop ndi xrdp ndi PVS-Studio analyzer

Kuyang'ana rdesktop ndi xrdp pogwiritsa ntchito PVS-Studio analyzer
Uwu ndi ndemanga yachiwiri pamndandanda wazokhudza kuyesa mapulogalamu otseguka ogwirira ntchito ndi protocol ya RDP. Mmenemo tiwona kasitomala wa rdesktop ndi seva ya xrdp.

Amagwiritsidwa ntchito ngati chida chodziwira zolakwika Zithunzi za PVS Studio. Это статический анализатор кода для языков C, C++, C# и Java, доступный на платформах Windows, Linux и macOS.

Nkhaniyi imangofotokoza zolakwika zimene zinkaoneka ngati zosangalatsa kwa ine. Komabe, ntchitozo ndi zazing'ono, kotero panali zolakwika zochepa :).

ndemanga. Nkhani yapitayi yotsimikizira projekiti ya FreeRDP ikupezeka apa.

rdesktop

rdesktop — свободная реализация клиента RDP для UNIX-based систем. Его также можно использовать и под Windows, если собирать проект под Cygwin. Лицензирован под GPLv3.

Makasitomala uyu ndiwodziwika kwambiri - amagwiritsidwa ntchito mwachisawawa mu ReactOS, ndipo mutha kupezanso malekezero akutsogolo kwa gulu lachitatu. Komabe, iye ndi wokalamba: kumasulidwa koyamba kunachitika pa April 4, 2001 - pa nthawi yolemba, ali ndi zaka 17.

Monga ndanenera poyamba, ntchitoyi ndi yaing'ono. Lili ndi mizere pafupifupi 30 ya code, zomwe ndizodabwitsa poganizira zaka zake. Poyerekeza, FreeRDP ili ndi mizere 320. Nazi zotsatira za pulogalamu ya Cloc:

Kuyang'ana rdesktop ndi xrdp pogwiritsa ntchito PVS-Studio analyzer

Khodi yosafikika

V779 Khodi yosapezeka yapezeka. Ndizotheka kuti cholakwika chilipo. rdesktop.c 1502

int
main(int argc, char *argv[])
{
  ....
  return handle_disconnect_reason(deactivated, ext_disc_reason);

  if (g_redirect_username)
    xfree(g_redirect_username);

  xfree(g_username);
}

Vutoli likukumana nafe nthawi yomweyo mu ntchitoyi waukulu: tikuwona code ikubwera pambuyo pa wogwiritsa ntchito obwereza - Chidutswa ichi chimayeretsa kukumbukira. Komabe, cholakwikacho sichimayika chiwopsezo: kukumbukira zonse zomwe zaperekedwa zidzachotsedwa pulogalamuyo ikatha.

Palibe kukonza zolakwika

V557 Array underrun imapezeka. Mtengo wa 'n' index ukhoza kufika -1. rdesktop.c 1872

RD_BOOL
subprocess(char *const argv[], str_handle_lines_t linehandler, void *data)
{
  int n = 1;
  char output[256];
  ....
  while (n > 0)
  {
    n = read(fd[0], output, 255);
    output[n] = ' '; // <=
    str_handle_lines(output, &rest, linehandler, data);
  }
  ....
}

Ma code snippet pankhaniyi amawerengedwa kuchokera pafayilo kupita ku buffer mpaka fayiloyo ithe. Komabe, palibe cholakwika chokhudza apa: ngati china chake chalakwika, ndiye werengani adzabwerera -1, ndiyeno gululo lidzadutsa Zotsatira.

Kugwiritsa ntchito EOF mu mtundu wa char

V739 EOF siyenera kufananizidwa ndi mtengo wamtundu wa 'char'. The '(c = fgetc(fp))' iyenera kukhala ya mtundu wa 'int'. ctrl.c 500


int
ctrl_send_command(const char *cmd, const char *arg)
{
  char result[CTRL_RESULT_SIZE], c, *escaped;
  ....
  while ((c = fgetc(fp)) != EOF && index < CTRL_RESULT_SIZE && c != 'n')
  {
    result[index] = c;
    index++;
  }
  ....
}

Apa tikuwona kusamalidwa kolakwika kofikira kumapeto kwa fayilo: ngati fgetc imabweretsanso munthu yemwe code yake ndi 0xFF, imatanthauzidwa ngati mapeto a fayilo (EOF).

EOF ndizokhazikika, zomwe nthawi zambiri zimatanthauzidwa kuti -1. Mwachitsanzo, mu encoding ya CP1251, chilembo chomaliza cha zilembo za Chirasha chili ndi code 0xFF, yomwe imagwirizana ndi nambala -1 ngati tikukamba za kusintha kofanana. gale-. Zikuoneka kuti chizindikiro 0xFF, ngati EOF (-1) amatanthauzidwa ngati mapeto a fayilo. Pofuna kupewa zolakwika zotere, zotsatira za ntchitoyi ndi fgetc ziyenera kusungidwa mu variable monga Int.

Mitundu

Chigawo 1

V547 Mawu akuti 'write_time' nthawi zonse amakhala zabodza. disk.c 805

RD_NTSTATUS
disk_set_information(....)
{
  time_t write_time, change_time, access_time, mod_time;
  ....
  if (write_time || change_time)
    mod_time = MIN(write_time, change_time);
  else
    mod_time = write_time ? write_time : change_time; // <=
  ....
}

Mwina wolemba malamulowa analakwitsa || и && mu chikhalidwe. Tiyeni tilingalire zosankha zomwe zingatheke pamakhalidwe kulemba_nthawi и kusintha_nthawi:

  • Mitundu yonseyi ndi yofanana ndi 0: pamenepa tikhala munthambi china: kusintha mod_time nthawi zonse idzakhala 0 mosasamala kanthu za chikhalidwe chotsatira.
  • Chimodzi mwazosintha ndi 0: mod_time adzakhala wofanana ndi 0 (malinga ngati kusintha kwina kuli ndi mtengo wosakhala woipa), chifukwa MIN adzasankha chaching'ono mwa njira ziwirizo.
  • Zosintha zonse ziwiri sizofanana ndi 0: sankhani mtengo wocheperako.

Pamene m'malo chikhalidwe ndi write_time && change_time khalidwe lidzawoneka bwino:

  • Mtundu umodzi kapena zonse sizili zofanana ndi 0: sankhani mtengo wosakhala ziro.
  • Zosintha zonse ziwiri sizofanana ndi 0: sankhani mtengo wocheperako.

Chigawo 2

V547 Kufotokozera kumakhala koona nthawi zonse. Mwina wogwiritsa ntchito '&&' akuyenera kugwiritsidwa ntchito pano. disk.c 1419

static RD_NTSTATUS
disk_device_control(RD_NTHANDLE handle, uint32 request, STREAM in,
      STREAM out)
{
  ....
  if (((request >> 16) != 20) || ((request >> 16) != 9))
    return RD_STATUS_INVALID_PARAMETER;
  ....
}

Zikuoneka kuti ogwira ntchito asakanizidwanso pano || и &&, kapena == и !=: Kusintha sikungakhale ndi mtengo wa 20 ndi 9 nthawi imodzi.

Kukopera mzere wopanda malire

V512 Kuitana kwa ntchito ya 'sprintf' kudzatsogolera kusefukira kwa buffer 'fullpath'. disk.c 1257

RD_NTSTATUS
disk_query_directory(....)
{
  ....
  char *dirname, fullpath[PATH_MAX];
  ....
  /* Get information for directory entry */
  sprintf(fullpath, "%s/%s", dirname, pdirent->d_name);
  ....
}

Mukayang'ana ntchitoyo mokwanira, zidzaonekeratu kuti code iyi siyambitsa mavuto. Komabe, zitha kubwera mtsogolomo: kusintha kumodzi kosasamala ndipo tidzapeza kusefukira kwa buffer - kuthamanga sikuli malire ndi chirichonse, kotero pamene concatenating njira tikhoza kudutsa malire a gulu. Ndikofunikira kuzindikira kuyimba uku snprintf(fullpath, PATH_MAX, ....).

Mkhalidwe wosafunikira

V560 Chigawo cha mawu okhazikika nthawi zonse chimakhala chowona: onjezani > 0. scard.c 507

static void
inRepos(STREAM in, unsigned int read)
{
  SERVER_DWORD add = 4 - read % 4;
  if (add < 4 && add > 0)
  {
    ....
  }
}

kuyendera kuwonjezera 0 palibe chifukwa apa: kusinthika kudzakhala kwakukulu kuposa zero, chifukwa kuwerenga% 4 adzabwezera gawo lotsalira, koma silidzakhala lofanana ndi 4.

xrdp

xrdp - kukhazikitsa seva ya RDP yokhala ndi code yotsegula. Pulojekitiyi yagawidwa m'magawo awiri:

  • xrdp - kukhazikitsa protocol. Kugawidwa pansi pa chilolezo cha Apache 2.0.
  • xorgxrdp - Gulu la madalaivala a Xorg omwe amagwiritsidwa ntchito ndi xrdp. License - X11 (monga MIT, koma imaletsa kugwiritsa ntchito malonda)

Kukula kwa polojekitiyi kumatengera zotsatira za rdesktop ndi FreeRDP. Poyambirira, kuti mugwire ntchito ndi zithunzi, mumayenera kugwiritsa ntchito seva yosiyana ya VNC, kapena seva yapadera ya X11 yokhala ndi chithandizo cha RDP - X11rdp, koma pakubwera kwa xorgxrdp, kufunikira kwawo kunatha.

M'nkhaniyi sitifotokoza xorgxrdp.

Ntchito ya xrdp, monga yapitayi, ndi yaying'ono kwambiri ndipo ili ndi mizere pafupifupi 80 zikwi.

Kuyang'ana rdesktop ndi xrdp pogwiritsa ntchito PVS-Studio analyzer

Zolemba zambiri

V525 Khodiyo ili ndi midadada yofanana. Chongani zinthu 'r', 'g', 'r' pamizere 87, 88, 89. rfxencode_rgb_to_yuv.c 87

static int
rfx_encode_format_rgb(const char *rgb_data, int width, int height,
                      int stride_bytes, int pixel_format,
                      uint8 *r_buf, uint8 *g_buf, uint8 *b_buf)
{
  ....
  switch (pixel_format)
  {
    case RFX_FORMAT_BGRA:
      ....
      while (x < 64)
      {
          *lr_buf++ = r;
          *lg_buf++ = g;
          *lb_buf++ = r; // <=
          x++;
      }
      ....
  }
  ....
}

Khodi iyi idatengedwa ku laibulale ya librfxcodec, yomwe imagwiritsa ntchito jpeg2000 codec ya RemoteFX. Apa, mwachiwonekere, mayendedwe azithunzi amasakanikirana - m'malo mwa "buluu" mtundu, "wofiira" amalembedwa. Vutoli mwina lidawoneka chifukwa cha copy-paste.

Vuto lomwelo lidachitikanso muntchito yofananira rfx_encode_format_argb, zomwe analyzer adatiuzanso kuti:

V525 Khodiyo ili ndi midadada yofanana. Chongani zinthu 'a', 'r', 'g', 'r' m'mizere 260, 261, 262, 263. rfxencode_rgb_to_yuv.c 260

while (x < 64)
{
    *la_buf++ = a;
    *lr_buf++ = r;
    *lg_buf++ = g;
    *lb_buf++ = r;
    x++;
}

Array Declaration

V557 Kuthamangitsidwa kwa array ndikotheka. Mtengo wa 'i - 8' index ukhoza kufika 129. genkeymap.c 142

// evdev-map.c
int xfree86_to_evdev[137-8+1] = {
  ....
};

// genkeymap.c
extern int xfree86_to_evdev[137-8];

int main(int argc, char **argv)
{
  ....
  for (i = 8; i <= 137; i++) /* Keycodes */
  {
    if (is_evdev)
        e.keycode = xfree86_to_evdev[i-8];
    ....
  }
  ....
}

Kulengeza ndi kutanthauzira kwa mndandanda mu mafayilo awiriwa sagwirizana - kukula kwake kumasiyana ndi 1. Komabe, palibe zolakwika zomwe zimachitika - kukula koyenera kumatchulidwa mu fayilo ya evdev-map.c, kotero palibe malire. Kotero ichi ndi cholakwika chabe chomwe chingathe kukonzedwa mosavuta.

Kuyerekeza kolakwika

V560 Gawo la mawu okhazikika nthawi zonse ndi zabodza: ​​(cap_len <0). xrdp_caps.c 616

// common/parse.h
#if defined(B_ENDIAN) || defined(NEED_ALIGN)
#define in_uint16_le(s, v) do 
....
#else
#define in_uint16_le(s, v) do 
{ 
    (v) = *((unsigned short*)((s)->p)); 
    (s)->p += 2; 
} while (0)
#endif

int
xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
{
  int cap_len;
  ....
  in_uint16_le(s, cap_len);
  ....
  if ((cap_len < 0) || (cap_len > 1024 * 1024))
  {
    ....
  }
  ....
}

Ntchitoyi imawerengera mtundu wosinthika osainidwa mwachidule mu variable monga Int. Kuyang'ana sikofunikira pano chifukwa tikuwerenga zosintha zosasainidwa ndikuyika zotsatira kumitundu yayikulu, kotero kusinthika sikungatenge mtengo woyipa.

Macheke osafunika

V560 Chigawo cha mawu okhazikika nthawi zonse chimakhala chowona: (bpp != 16). libxrdp.c 704

int EXPORT_CC
libxrdp_send_pointer(struct xrdp_session *session, int cache_idx,
                     char *data, char *mask, int x, int y, int bpp)
{
  ....
  if ((bpp == 15) && (bpp != 16) && (bpp != 24) && (bpp != 32))
  {
      g_writeln("libxrdp_send_pointer: error");
      return 1;
  }
  ....
}

Kusalinganika cheke sikumveka pano chifukwa tili ndi kufananitsa kale poyamba. Zikuoneka kuti iyi ndi typo ndipo wopanga adafuna kugwiritsa ntchito wogwiritsa ntchitoyo || kusefa mikangano yolakwika.

Pomaliza

Pa kafukufukuyu, palibe zolakwa zazikulu zomwe zidadziwika, koma zolephera zambiri zidapezeka. Komabe, mapangidwewa amagwiritsidwa ntchito m'machitidwe ambiri, ngakhale ang'onoang'ono. Pulojekiti yaying'ono sikhala ndi zolakwika zambiri, kotero simuyenera kuweruza ntchito ya analyzer pamapulojekiti ang'onoang'ono. Mutha kuwerenga zambiri za izi m'nkhani yakuti "Zomverera zomwe zidatsimikiziridwa ndi manambala".

Mutha kutsitsa mtundu woyeserera wa PVS-Studio kuchokera kwa ife malo.

Kuyang'ana rdesktop ndi xrdp pogwiritsa ntchito PVS-Studio analyzer

Ngati mukufuna kugawana nkhaniyi ndi omvera olankhula Chingerezi, chonde gwiritsani ntchito ulalo womasulira: Sergey Larin. Kuyang'ana rdesktop ndi xrdp ndi PVS-Studio

Source: www.habr.com

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster