ProHoster > Blog > Tsamaiso > Ho hlahloba rdesktop le xrdp ho sebelisa analyzer ea PVS-Studio

Ho hlahloba rdesktop le xrdp ho sebelisa analyzer ea PVS-Studio

Ho hlahloba rdesktop le xrdp ho sebelisa analyzer ea PVS-Studio
Ena ke tlhahlobo ea bobeli letotong la lihlooho tse mabapi le ho hlahloba mananeo a bulehileng bakeng sa ho sebetsa le protocol ea RDP. Ho eona re tla sheba moreki oa rdesktop le seva sa xrdp.

E sebelisoa e le sesebelisoa sa ho khetholla liphoso Studio-PVS. Ke static code analyzer bakeng sa lipuo tsa C, C++, C # le Java, tse fumanehang ho Windows, Linux le macOS platforms.

Sehlooho sena se fana ka liphoso tseo feela tse neng li bonahala li thahasellisa ho ’na. Leha ho le joalo, merero e nyenyane, kahoo ho ne ho e-na le liphoso tse fokolang :).

mantsoe. Sengoloa se fetileng mabapi le netefatso ea projeke ea FreeRDP se ka fumanoa mona.

rskeng

rskeng - ts'ebetsong ea mahala ea moreki oa RDP bakeng sa litsamaiso tse thehiloeng ho UNIX. E ka boela ea sebelisoa tlas'a Windows haeba u haha ​​​​projeke tlas'a Cygwin. E fuoe laesense tlasa GPLv3.

Moreki enoa o tumme haholo - o sebelisoa ke kamehla ho ReactOS, hape o ka fumana liphetho tsa pele tsa mokha oa boraro bakeng sa eona. Leha ho le joalo, o se a tsofetse haholo: ho lokolloa ha hae ka lekhetlo la pele ho ile ha etsahala ka la 4 April, 2001 - ka nako ea ho ngola, o ne a le lilemo li 17.

Joalokaha ke hlokometse pejana, morero ona o monyenyane haholo. E na le mela e ka bang likete tse 30 tsa khoutu, e leng ntho e makatsang ho latela lilemo tsa eona. Ha ho bapisoa, FreeRDP e na le mela e likete tse 320. Mona ke tlhahiso ea lenaneo la Cloc:

Ho hlahloba rdesktop le xrdp ho sebelisa analyzer ea PVS-Studio

Khoutu e sa fihlelleheng

V779 Khoutu e sa fumaneheng e fumanoe. Ho ka etsahala hore ebe phoso e teng. rdesktop.c 1502

int
main(int argc, char *argv[])
{
  ....
  return handle_disconnect_reason(deactivated, ext_disc_reason);

  if (g_redirect_username)
    xfree(g_redirect_username);

  xfree(g_username);
}

Phoso e kopana le rona hang hang ts'ebetsong ka sehloohong: re bona khoutu e tla ka mor'a opareitara khutlele - sekhechana sena se etsa ho hloekisa mohopolo. Leha ho le joalo, phoso ha e hlahise tšokelo: memori eohle e fanoeng e tla hlakoloa ke sistimi e sebetsang kamora hore lenaneo le tsoe.

Ha ho ts'ebetso ea phoso

V557 Array underrun e ka khoneha. Boleng ba index ea 'n' bo ka fihla ho -1. rdesktop.c 1872

RD_BOOL
subprocess(char *const argv[], str_handle_lines_t linehandler, void *data)
{
  int n = 1;
  char output[256];
  ....
  while (n > 0)
  {
    n = read(fd[0], output, 255);
    output[n] = ' '; // <=
    str_handle_lines(output, &rest, linehandler, data);
  }
  ....
}

K'hasete ea khoutu tabeng ena e baleha ho tloha faeleng ho ea ho buffer ho fihlela faele e fela. Leha ho le joalo, ha ho na phoso ea ho sebetsana le mona: haeba ho na le ntho e sa tsamaeeng hantle, joale bala e tla khutla -1, 'me ka nako eo sehlopha se tla feta Tlhahiso.

Ho sebelisa EOF ka mofuta oa char

V739 EOF ha ea lokela ho bapisoa le boleng ba mofuta oa 'char'. '(c = fgetc(fp))' e lokela ho ba ea mofuta oa 'int'. ctrl.c 500


int
ctrl_send_command(const char *cmd, const char *arg)
{
  char result[CTRL_RESULT_SIZE], c, *escaped;
  ....
  while ((c = fgetc(fp)) != EOF && index < CTRL_RESULT_SIZE && c != 'n')
  {
    result[index] = c;
    index++;
  }
  ....
}

Mona re bona ts'ebetso e fosahetseng ea ho fihla qetellong ea faele: haeba fgetc e khutlisetsa motho eo khoutu ea hae e leng 0xFF, e tla hlalosoa e le pheletso ea faele (EOF).

EOF ke ntho e sa fetoheng, hangata e hlalosoang e le -1. Mohlala, ho encoding ea CP1251, lengolo la ho qetela la alfabeta ea Serussia le na le khoutu 0xFF, e tsamaellanang le nomoro -1 haeba re bua ka mofuta o fapaneng. koloi. Hoa etsahala hore letšoao la 0xFF, joalo ka EOF (-1) e hlalosoa e le pheletso ea faele. Ho qoba liphoso tse joalo, phello ea mosebetsi ke fgetc e lokela ho bolokoa ka ho feto-fetoha joaloka eth.

Mefuta

Karolo ea 1

V547 Polelo ea 'write_time' e lula e le leshano. disk.c 805

RD_NTSTATUS
disk_set_information(....)
{
  time_t write_time, change_time, access_time, mod_time;
  ....
  if (write_time || change_time)
    mod_time = MIN(write_time, change_time);
  else
    mod_time = write_time ? write_time : change_time; // <=
  ....
}

Mohlomong mongoli oa khoutu ena o e fositse || и && boemong. A re nahaneng ka mekhoa e ka khonehang bakeng sa litekanyetso ngola_nako и fetola_nako:

  • Bobeli ba mefuta-futa ba lekana le 0: tabeng ena re tla qetella re le lekala hape: feto-fetoha mod_time e tla dula e le 0 ho sa natswe maemo a latelang.
  • E 'ngoe ea likhetho ke 0: mod_time e tla lekana le 0 (ha feela phapano e 'ngoe e na le boleng bo seng mpe), hobane mets e tla khetha e nyane ho tse peli.
  • Liphetoho ka bobeli ha li lekane le 0: khetha bonyane ba boleng.

Ha o nkela boemo sebaka ka write_time && change_time boitšoaro bo tla shebahala bo nepahetse:

  • Phapang e le 'ngoe kapa ka bobeli ha e lekane le 0: khetha boleng boo e seng lefela.
  • Liphetoho ka bobeli ha li lekane le 0: khetha bonyane ba boleng.

Karolo ea 2

V547 Polelo e lula e le 'nete. Mohlomong '&&' opareitara e lokela ho sebelisoa mona. disk.c 1419

static RD_NTSTATUS
disk_device_control(RD_NTHANDLE handle, uint32 request, STREAM in,
      STREAM out)
{
  ....
  if (((request >> 16) != 20) || ((request >> 16) != 9))
    return RD_STATUS_INVALID_PARAMETER;
  ....
}

Kamoo ho bonahalang kateng, li-operators li kopane le mona || и &&, kapa == и !=: Phapang e ke ke ea ba le boleng ba 20 le 9 ka nako e le 'ngoe.

Ho kopitsa mela e sa lekanyetsoang

V512 Mohala oa ts'ebetso ea 'sprintf' o tla lebisa ho khaphatseha ha "fullpath" ea buffer. disk.c 1257

RD_NTSTATUS
disk_query_directory(....)
{
  ....
  char *dirname, fullpath[PATH_MAX];
  ....
  /* Get information for directory entry */
  sprintf(fullpath, "%s/%s", dirname, pdirent->d_name);
  ....
}

Ha u sheba mosebetsi ka botlalo, ho tla hlaka hore khoutu ena ha e bake mathata. Leha ho le joalo, li ka 'na tsa hlaha nakong e tlang: phetoho e le' ngoe e sa tsotelleng 'me re tla fumana sekhahla se seholo - lebelo la lebelo ha e felle ka letho, kahoo ha re kopanya litsela re ka fetela ka nģ'ane ho meeli ea sehlopha. E kgothaletswa ho hlokomela pitso ena ka snprintf(fulpath, PATH_MAX, ....).

Boemo bo sa hlokahaleng

V560 Karolo ea polelo ea maemo e lula e le 'nete: eketsa > 0. scard.c 507

static void
inRepos(STREAM in, unsigned int read)
{
  SERVER_DWORD add = 4 - read % 4;
  if (add < 4 && add > 0)
  {
    ....
  }
}

hlahlobeloang eketsa > 0 ha ho hlokahale mona: phapang e tla lula e le kholo ho feta zero, hobane bala % 4 e tla khutlisa karolo e setseng, empa e ke ke ea hlola e lekana le 4.

lreng

lreng - ho kenya tšebetsong seva ea RDP e nang le khoutu e bulehileng ea mohloli. Morero o arotsoe ka likarolo tse 2:

  • xrdp - ts'ebetsong ea protocol. E ajoa tlas'a laesense ea Apache 2.0.
  • xorgxrdp - Sehlopha sa bakhanni ba Xorg bakeng sa tšebeliso le xrdp. License - X11 (joaloka MIT, empa e thibela tšebeliso ea papatso)

Ntlafatso ea morero e ipapisitse le liphetho tsa rdesktop le FreeRDP. Qalong, ho sebetsa ka litšoantšo, o ne o tlameha ho sebelisa seva se arohaneng sa VNC, kapa seva se khethehileng sa X11 se nang le tšehetso ea RDP - X11rdp, empa ka ho fihla ha xorgxrdp, tlhokahalo ea bona e ile ea nyamela.

Sehloohong sena re ke ke ra koahela xorgxrdp.

Morero oa xrdp, joalo ka o fetileng, o nyane haholo mme o na le mela e ka bang likete tse 80.

Ho hlahloba rdesktop le xrdp ho sebelisa analyzer ea PVS-Studio

Litlhahiso tse ling

V525 Khoutu e na le pokello ea li-block tse tšoanang. Sheba lintho 'r', 'g', 'r' meleng ea 87, 88, 89. rfxencode_rgb_to_yuv.c 87

static int
rfx_encode_format_rgb(const char *rgb_data, int width, int height,
                      int stride_bytes, int pixel_format,
                      uint8 *r_buf, uint8 *g_buf, uint8 *b_buf)
{
  ....
  switch (pixel_format)
  {
    case RFX_FORMAT_BGRA:
      ....
      while (x < 64)
      {
          *lr_buf++ = r;
          *lg_buf++ = g;
          *lb_buf++ = r; // <=
          x++;
      }
      ....
  }
  ....
}

Khoutu ena e nkiloe laebraring ea librfxcodec, e sebelisang jpeg2000 codec bakeng sa RemoteFX. Mona, kamoo ho bonahalang kateng, liteishene tsa data tse hlakileng li kopantsoe - ho e-na le 'mala o "putsoa", "red" e ngotsoe. Phoso ena e kanna ea hlaha ka lebaka la kopi-paste.

Bothata bo ts'oanang bo etsahetse ts'ebetsong e ts'oanang rfx_encode_format_argb, eo mohlahlobi a ileng a re bolella hape:

V525 Khoutu e na le pokello ea li-block tse tšoanang. Sheba lintho 'a', 'r', 'g', 'r' meleng ea 260, 261, 262, 263. rfxencode_rgb_to_yuv.c 260

while (x < 64)
{
    *la_buf++ = a;
    *lr_buf++ = r;
    *lg_buf++ = g;
    *lb_buf++ = r;
    x++;
}

Phatlalatso ea Array

V557 Array overrun e ka etsahala. Boleng ba index ea 'i — 8' e ka fihla ho 129. genkeymap.c 142

// evdev-map.c
int xfree86_to_evdev[137-8+1] = {
  ....
};

// genkeymap.c
extern int xfree86_to_evdev[137-8];

int main(int argc, char **argv)
{
  ....
  for (i = 8; i <= 137; i++) /* Keycodes */
  {
    if (is_evdev)
        e.keycode = xfree86_to_evdev[i-8];
    ....
  }
  ....
}

Phatlalatso le tlhaloso ea sehlopha sa lifaele tsena tse peli ha li lumellane - boholo bo fapana ka 1. Leha ho le joalo, ha ho na liphoso tse hlahang - boholo bo nepahetseng bo hlalositsoe faeleng ea evdev-map.c, kahoo ha ho na meeli. Kahoo sena ke bothata feela bo ka lokisoang habonolo.

Papiso e fosahetseng

V560 Karolo ea polelo ea maemo e lula e le leshano: (cap_len <0). xrdp_caps.c 616

// common/parse.h
#if defined(B_ENDIAN) || defined(NEED_ALIGN)
#define in_uint16_le(s, v) do 
....
#else
#define in_uint16_le(s, v) do 
{ 
    (v) = *((unsigned short*)((s)->p)); 
    (s)->p += 2; 
} while (0)
#endif

int
xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
{
  int cap_len;
  ....
  in_uint16_le(s, cap_len);
  ....
  if ((cap_len < 0) || (cap_len > 1024 * 1024))
  {
    ....
  }
  ....
}

Tshebetso e bala mofuta o fapaneng e sa ngolisoang ka bokhutšoanyane ho fetoha joalo ka eth. Ho hlahloba ha ho hlokahale mona hobane re bala phetoho e sa ngolisoang mme re abela sephetho ho phapang e kholoanyane, kahoo phapang e ke ke ea nka boleng bo fosahetseng.

Licheke tse sa hlokahaleng

V560 Karolo ea polelo ea maemo e lula e le 'nete: (bpp != 16). libxrdp.c 704

int EXPORT_CC
libxrdp_send_pointer(struct xrdp_session *session, int cache_idx,
                     char *data, char *mask, int x, int y, int bpp)
{
  ....
  if ((bpp == 15) && (bpp != 16) && (bpp != 24) && (bpp != 32))
  {
      g_writeln("libxrdp_send_pointer: error");
      return 1;
  }
  ....
}

Licheke tsa ho se lekane ha li utloahale mona kaha re se re ntse re e-na le papiso qalong. Ho ka etsahala hore sena ke typo mme moqapi o ne a batla ho sebelisa opareitara || ho sefa likhang tse fosahetseng.

fihlela qeto e

Nakong ea tlhahlobo, ha ho liphoso tse tebileng tse ileng tsa fumanoa, empa mefokolo e mengata e ile ea fumanoa. Leha ho le joalo, meralo ena e sebelisoa litsamaisong tse ngata, leha e le tse nyane ka boholo. Morero o monyane ha o hlile o na le liphoso tse ngata, ka hona ha oa lokela ho ahlola ts'ebetso ea mohlahlobi feela mererong e nyane. U ka bala haholoanyane ka sena sehloohong "Maikutlo a ileng a tiisoa ke linomoro".

U ka khoasolla mofuta oa liteko oa PVS-Studio ho rona sebaka.

Ho hlahloba rdesktop le xrdp ho sebelisa analyzer ea PVS-Studio

Haeba u batla ho arolelana sengoloa sena le bamameli ba buang Senyesemane, ka kopo sebelisa sehokelo sa phetolelo: Sergey Larin. Ho hlahloba rdesktop le xrdp ka PVS-Studio

Source: www.habr.com

Eketsa ka tlhaloso