Olu luphononongo lwesibini kuthotho lwamanqaku malunga nokuvavanya iinkqubo zomthombo ovulekileyo wokusebenza kunye neprotocol yeRDP. Kuyo siza kujonga umxhasi we-rdesktop kunye nomncedisi we-xrdp.
Isetyenziswa njengesixhobo sokuchonga iimpazamo . Yi-static code analyzer ye-C, C++, C # kunye neelwimi zeJava, ezifumaneka kwiWindows, Linux kunye ne-macOS platforms.
Eli nqaku libonisa kuphela ezo mpazamo zazibonakala zibangelβ umdla kum. Nangona kunjalo, iiprojekthi zincinci, ngoko bekukho iimpazamo ezimbalwa :).
Qaphela:. Inqaku langaphambili malunga nokuqinisekiswa kweprojekthi yeFreeRDP inokufunyanwa .
yifumdesktop
- ukuphunyezwa simahla komxhasi weRDP kwiinkqubo ezisekelwe kwi-UNIX. Inokusetyenziswa phantsi kweWindows ukuba uyakha iprojekthi phantsi kweCygwin. Inikwe ilayisenisi phantsi kwe-GPLv3.
Lo mxhasi uthandwa kakhulu-usetyenziswa ngokungagqibekanga kwi-ReactOS, kwaye unokufumana umzobo womntu wesithathu iziphelo zangaphambili zayo. Nangona kunjalo, umdala kakhulu: ukukhululwa kwakhe kokuqala kwenzeka ngo-Aprili 4, 2001 - ngexesha lokubhala, uneminyaka eyi-17 ubudala.
Njengoko benditshilo ngaphambili, le projekthi incinci kakhulu. Iqulethe malunga nama-30 amawaka emigca yekhowudi, engaqhelekanga kancinane xa kuqwalaselwa ubudala bayo. Ukuthelekisa, iFreeRDP iqulethe imigca engamawaka angama-320. Nantsi imveliso yenkqubo yeCloc:
Ikhowudi engafikelelekiyo
Ikhowudi engafumanekiyo ichongiwe. Kungenzeka ukuba kukho impazamo. rdesktop.c 1502
int
main(int argc, char *argv[])
{
....
return handle_disconnect_reason(deactivated, ext_disc_reason);
if (g_redirect_username)
xfree(g_redirect_username);
xfree(g_username);
}Impazamo idibana nathi ngoko nangoko kumsebenzi eyona: sibona ikhowudi ezayo emva komsebenzisi buya - esi siqwenga senza ukucoca imemori. Nangona kunjalo, impazamo ayifaki isoyikiso: yonke imemori eyabiweyo iya kucinywa yinkqubo yokusebenza emva kokuba inkqubo iphumile.
Akukho mpazamo yokuphatha
I-Array underrun inokwenzeka. Ixabiso lesalathisi sika 'n' linokufikelela ku -1. rdesktop.c 1872
RD_BOOL
subprocess(char *const argv[], str_handle_lines_t linehandler, void *data)
{
int n = 1;
char output[256];
....
while (n > 0)
{
n = read(fd[0], output, 255);
output[n] = ' '; // <=
str_handle_lines(output, &rest, linehandler, data);
}
....
}Ikhowudi yesiqwengana kulo mzekelo ifundeka kwifayile kwi-buffer de ifayile iphele. Nangona kunjalo, akukho mpazamo yokuphatha apha: ukuba kukho into engahambi kakuhle, ngoko ukufunda iya kubuya -1, kwaye ke uluhlu luya kugqithwa Mveliso.
Ukusebenzisa i-EOF kuhlobo lwe-char
I-EOF akufunekanga ithelekiswe nexabiso lodidi lwe-'char'. I-'(c = fgetc(fp))' kufuneka ibeyeyohlobo lwe 'int'. ctrl.c 500
int
ctrl_send_command(const char *cmd, const char *arg)
{
char result[CTRL_RESULT_SIZE], c, *escaped;
....
while ((c = fgetc(fp)) != EOF && index < CTRL_RESULT_SIZE && c != 'n')
{
result[index] = c;
index++;
}
....
}Apha sibona ukuphathwa okungalunganga kokufikelela ekupheleni kwefayile: ukuba fgetc ibuyisela umsebenzi onekhowudi engu-0xFF, izakutolikwa njengesiphelo sefayile (EOF).
EOF iyinto engatshintshiyo, edla ngokuchazwa njenge -1. Ngokomzekelo, kwi-encoding ye-CP1251, unobumba wokugqibela wealfabhethi yesiRashiya unekhowudi 0xFF, ehambelana nenombolo -1 ukuba sithetha ngokuguquguqukayo. Ashley. Kuyavela ukuba isimboli 0xFF, njenge EOF (-1) itolikwa njengesiphelo sefayile. Ukuze ugweme iimpazamo ezinjalo, umphumo womsebenzi fgetc kufuneka igcinwe kuguquko olufana int.
Iintlobo
Iqhekeza 1
Intetho ethi 'bhala_ixesha' isoloko ibubuxoki. idiski.c 805
RD_NTSTATUS
disk_set_information(....)
{
time_t write_time, change_time, access_time, mod_time;
....
if (write_time || change_time)
mod_time = MIN(write_time, change_time);
else
mod_time = write_time ? write_time : change_time; // <=
....
}Mhlawumbi umbhali wale khowudi uyifumene kakubi || ΠΈ && kwimeko. Makhe siqwalasele iinketho ezinokubakho kumaxabiso bhala_ixesha ΠΈ utshintsho_ixesha:
- Zombini iinguqu zilingana no-0: kulo mzekelo sizakuphelela kwisebe enye: iyaguquguquka mod_time iyakuhlala ingu-0 nokuba ithini na imeko elandelayo.
- Enye yezinto eziguquguqukayo ngu-0: mod_time izakulingana no 0 (ngaphandle kokuba omnye uguqulo unexabiso elingelolambi), ngokuba MIN izakukhetha encinci kwezimbini iinketho.
- Zombini iinguqu azilingani no-0: khetha elona xabiso liphantsi.
Xa ubuyisela imeko nge ukubhala_ixesha && utshintsho_ixesha ukuziphatha kuya kubonakala kulungile:
- Enye okanye zombini iinguqu azilingani no-0: khetha ixabiso elingengo-zero.
- Zombini iinguqu azilingani no-0: khetha elona xabiso liphantsi.
Iqhekeza 2
Intetho isoloko iyinyani. Mhlawumbi umsebenzisi we '&&' kufuneka asetyenziswe apha. idiski.c 1419
static RD_NTSTATUS
disk_device_control(RD_NTHANDLE handle, uint32 request, STREAM in,
STREAM out)
{
....
if (((request >> 16) != 20) || ((request >> 16) != 9))
return RD_STATUS_INVALID_PARAMETER;
....
}Kuyabonakala ukuba abaqhubi baxubene apha || ΠΈ &&, okanye == ΠΈ !=: I-variable ayinakuba nexabiso le-20 kunye ne-9 ngexesha elinye.
Ukukopa umgca ongenamkhawulo
Umnxeba womsebenzi we-'sprintf' uya kukhokelela ekuphuphumeni kwe-buffer 'indlela epheleleyo'. disk.c 1257
RD_NTSTATUS
disk_query_directory(....)
{
....
char *dirname, fullpath[PATH_MAX];
....
/* Get information for directory entry */
sprintf(fullpath, "%s/%s", dirname, pdirent->d_name);
....
}Xa ujonga umsebenzi ngokupheleleyo, kuya kucaca ukuba le khowudi ayibangeli iingxaki. Nangona kunjalo, banokuvela kwixesha elizayo: utshintsho olunye olungakhathali kwaye siya kufumana ukuphuphuma kwe-buffer - baleka ayikhawulelwanga yiyo nantoni na, ngoko ke xa sidibanisa iindlela singahamba ngaphaya kwemida yoluhlu. Kuyacetyiswa ukuba uqaphele le fowuni snprintf(indlela epheleleyo, PATH_MAX, ....).
Imeko engafunekiyo
Inxalenye yovakaliso olunemiqathango isoloko iyinyani: dibanisa > 0. scard.c 507
static void
inRepos(STREAM in, unsigned int read)
{
SERVER_DWORD add = 4 - read % 4;
if (add < 4 && add > 0)
{
....
}
}ukuhlola yongeza > 0 akukho mfuneko apha: umahluko uyakuhlala umkhulu kunoziro, kuba funda % 4 iyakubuyisela intsalela yolwahlulo, kodwa ayisoze ilingane no-4.
yoba
β ukuphunyezwa kweseva yeRDP enekhowudi yomthombo ovulekileyo. Iprojekthi yahlulwe yangamacandelo ama-2:
- xrdp - ukuphunyezwa kweprotocol. Isasazwe phantsi kwelayisensi ye-Apache 2.0.
- xorgxrdp - Iseti yabaqhubi be-Xorg abaza kusetyenziswa nge-xrdp. Ilayisensi - X11 (njengeMIT, kodwa iyakwalela ukusetyenziswa kwintengiso)
Uphuhliso lweprojekthi lusekwe kwiziphumo ze-rdesktop kunye neFreeRDP. Ekuqaleni, ukusebenza kunye nemizobo, kwafuneka usebenzise iseva yeVNC eyahlukileyo, okanye iseva ekhethekileyo ye-X11 enenkxaso ye-RDP - X11rdp, kodwa ngokufika kwe-xorgxrdp, isidingo sabo sanyamalala.
Kweli nqaku asiyi kugubungela i-xorgxrdp.
Iprojekthi ye-xrdp, njengaleyo yangaphambili, incinci kakhulu kwaye iqulethe malunga nemigca engamawaka angama-80.
Ii-typos ezingakumbi
Ikhowudi iqulethe ingqokelela yeebhloko ezifanayo. Jonga izinto 'r', 'g', 'r' kumgca wama-87, 88, 89. rfxencode_rgb_to_yuv.c 87
static int
rfx_encode_format_rgb(const char *rgb_data, int width, int height,
int stride_bytes, int pixel_format,
uint8 *r_buf, uint8 *g_buf, uint8 *b_buf)
{
....
switch (pixel_format)
{
case RFX_FORMAT_BGRA:
....
while (x < 64)
{
*lr_buf++ = r;
*lg_buf++ = g;
*lb_buf++ = r; // <=
x++;
}
....
}
....
}Le khowudi ithathwe kwilayibrari ye-librfxcodec, esebenzisa i-jpeg2000 codec ye-RemoteFX. Apha, ngokucacileyo, iziteshi zedatha yegraphic zixutywe - endaweni yombala "oluhlaza okwesibhakabhaka", "obomvu" urekhodwa. Le mpazamo inokwenzeka ukuba ivele ngenxa yokukhuphela-coca.
Ingxaki efanayo yenzeka kumsebenzi ofanayo rfx_encode_format_argb, athe umhlalutyi wasixelela ukuba:
Ikhowudi iqulethe ingqokelela yeebhloko ezifanayo. Jonga izinto 'a', 'r', 'g', 'r' kumgca wama-260, 261, 262, 263. rfxencode_rgb_to_yuv.c 260
while (x < 64)
{
*la_buf++ = a;
*lr_buf++ = r;
*lg_buf++ = g;
*lb_buf++ = r;
x++;
}I-Array Declaration
Ukugqithisa koluhlu kunokwenzeka. Ixabiso lika 'i β 8' index linokufikelela kwi 129. genkeymap.c 142
// evdev-map.c
int xfree86_to_evdev[137-8+1] = {
....
};
// genkeymap.c
extern int xfree86_to_evdev[137-8];
int main(int argc, char **argv)
{
....
for (i = 8; i <= 137; i++) /* Keycodes */
{
if (is_evdev)
e.keycode = xfree86_to_evdev[i-8];
....
}
....
}Isibhengezo kunye nenkcazo yoluhlu kwezi fayile zimbini azihambelani - ubungakanani buhluke ngo-1. Nangona kunjalo, akukho mpazamo eyenzekayo - ubungakanani obuchanekileyo buchazwe kwifayile ye-evdev-map.c, ngoko akukho ngaphandle kwemida. Ke le yibug enokulungiswa lula.
Uthelekiso olungachanekanga
Inxalenye yenkcazo enemiqathango ihlala ibubuxoki: (cap_len <0). xrdp_caps.c 616
// common/parse.h
#if defined(B_ENDIAN) || defined(NEED_ALIGN)
#define in_uint16_le(s, v) do
....
#else
#define in_uint16_le(s, v) do
{
(v) = *((unsigned short*)((s)->p));
(s)->p += 2;
} while (0)
#endif
int
xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
{
int cap_len;
....
in_uint16_le(s, cap_len);
....
if ((cap_len < 0) || (cap_len > 1024 * 1024))
{
....
}
....
}Umsebenzi ufunda uhlobo oluguquguqukayo mfutshane ayityikitywanga ibe yinguqu efana int. Ukujonga akufuneki apha kuba sifunda inguqu engasayinwanga kwaye sabela isiphumo kuguquko olukhulu, ngoko ke uguquko alunakuthatha ixabiso elingalunganga.
Iitshekhi ezingeyomfuneko
Inxalenye yenkcazo enemiqathango isoloko iyinyani: (bpp != 16). libxrdp.c 704
int EXPORT_CC
libxrdp_send_pointer(struct xrdp_session *session, int cache_idx,
char *data, char *mask, int x, int y, int bpp)
{
....
if ((bpp == 15) && (bpp != 16) && (bpp != 24) && (bpp != 32))
{
g_writeln("libxrdp_send_pointer: error");
return 1;
}
....
}Ukuhlolwa kokungalingani akwenzi ngqiqo apha ekubeni sele sinothelekiso ekuqaleni. Kusenokwenzeka ukuba le yitypo kwaye umphuhlisi wayefuna ukusebenzisa umsebenzisi || ukuhluza iimpikiswano ezingasebenziyo.
isiphelo
Ngethuba lophicotho-zincwadi, akukho ziphoso zinzima zichongiweyo, kodwa zininzi iziphene ezifunyenweyo. Nangona kunjalo, olu yilo lusetyenziswa kwiinkqubo ezininzi, nangona zincinci kumda. Iprojekthi encinci ayinayo iimpazamo ezininzi, ngoko akufanele ugwebe ukusebenza komhlaziyi kuphela kwiiprojekthi ezincinci. Unokufunda ngakumbi malunga noku kwinqaku elithi "Β«.
Unokukhuphela uguqulelo lwesilingo sePVS-Studio kuthi .
Ukuba ufuna ukwabelana ngeli nqaku kunye nabaphulaphuli abathetha isiNgesi, nceda usebenzise ikhonkco lokuguqulela: Sergey Larin.
umthombo: www.habr.com