Lesi isibuyekezo sesibili ochungechungeni lwama-athikili mayelana nokuhlola izinhlelo zomthombo ovulekile zokusebenza nephrothokholi ye-RDP. Kuyo sizobheka iklayenti le-rdesktop kanye neseva ye-xrdp.
Isetshenziswa njengethuluzi lokukhomba amaphutha . Kuyi-static code analyzer yezilimi ze-C, C++, C# ne-Java, etholakala kumapulatifomu e-Windows, Linux kanye ne-macOS.
Lesi sihloko sinikeza kuphela lawo maphutha ayebonakala ethakazelisa kimi. Noma kunjalo, amaphrojekthi mancane, ngakho-ke bekunamaphutha ambalwa :).
Ukubhala. Isihloko sangaphambilini mayelana nokuqinisekiswa kwephrojekthi ye-FreeRDP ingatholakala .
sdeskithophu
- ukuqaliswa kwamahhala kweklayenti le-RDP kumasistimu asekelwe ku-UNIX. Ingasetshenziswa futhi ngaphansi kweWindows uma wakha iphrojekthi ngaphansi kweCygwin. Ilayisensi ngaphansi kwe-GPLv3.
Leli klayenti lidume kakhulu - lisetshenziswa ngokuzenzakalelayo ku-ReactOS, futhi ungathola futhi iziphetho zalo zezithombe ezivela eceleni. Nokho, usekhulile impela: ukukhululwa kwakhe kokuqala kwenzeka ngo-April 4, 2001 - ngesikhathi sokubhala, uneminyaka engu-17 ubudala.
Njengoba ngishilo ekuqaleni, iphrojekthi incane kakhulu. Iqukethe cishe imigqa yekhodi eyizinkulungwane ezingama-30, okuyinqaba kancane uma kubhekwa iminyaka yayo. Uma kuqhathaniswa, iFreeRDP iqukethe imigqa eyizinkulungwane ezingama-320. Nakhu okuphumayo kohlelo lwe-Cloc:
Ikhodi engafinyeleleki
Ikhodi engatholakali itholiwe. Kungenzeka ukuthi iphutha likhona. rdesktop.c 1502
int
main(int argc, char *argv[])
{
....
return handle_disconnect_reason(deactivated, ext_disc_reason);
if (g_redirect_username)
xfree(g_redirect_username);
xfree(g_username);
}Iphutha lisithola ngokushesha emsebenzini main: sibona ikhodi iza ngemva komsebenzisi ukubuya - lesi siqeshana senza ukuhlanza inkumbulo. Nokho, iphutha alibangeli usongo: yonke inkumbulo eyabiwe izosulwa uhlelo lokusebenza ngemva kokuphuma kohlelo.
Alikho iphutha ekuphatheni
I-Array underrun ingenzeka. Inani lenkomba ethi ‘n’ lingafinyelela ku- -1. rdesktop.c 1872
RD_BOOL
subprocess(char *const argv[], str_handle_lines_t linehandler, void *data)
{
int n = 1;
char output[256];
....
while (n > 0)
{
n = read(fd[0], output, 255);
output[n] = ' '; // <=
str_handle_lines(output, &rest, linehandler, data);
}
....
}Amazwibela ekhodi kuleli cala afundwa efayelini aye kusigcinalwazi kuze kube yilapho ifayela liyaphela. Kodwa-ke, alikho iphutha lokusingatha lapha: uma kukhona okungahambi kahle, khona-ke funda izobuya -1, bese uhlu luzoqedwa Okukhiphayo.
Ukusebenzisa i-EOF kuhlobo lwe-char
I-EOF akufanele iqhathaniswe nevelu yohlobo lwe-‘char’. I-‘(c = fgetc(fp))’ kufanele ibe yohlobo lwe-‘int’. ctrl.c 500
int
ctrl_send_command(const char *cmd, const char *arg)
{
char result[CTRL_RESULT_SIZE], c, *escaped;
....
while ((c = fgetc(fp)) != EOF && index < CTRL_RESULT_SIZE && c != 'n')
{
result[index] = c;
index++;
}
....
}Lapha sibona ukuphathwa okungalungile kokufinyelela ekugcineni kwefayela: uma fgetc ibuyisela uhlamvu ikhodi yalo engu-0xFF, izohunyushwa ngokuthi isiphetho sefayela (EOF).
EOF kuyinto engaguquki, ngokuvamile echazwa ngokuthi -1. Isibonelo, ekubhalweni kwe-CP1251, uhlamvu lokugcina lwezinhlamvu zesiRashiya lunekhodi engu-0xFF, ehambisana nenombolo -1 uma sikhuluma ngokuguquguqukayo okufana. inqola. Kuvele ukuthi uphawu 0xFF, like EOF (-1) sihunyushwa ngokuthi isiphetho sefayela. Ukuze ugweme amaphutha anjalo, umphumela womsebenzi uwukuthi fgetc kufanele igcinwe ku-variable like Int.
Ukuthayipha
Isiqephu 1
Inkulumo ethi 'bhala_isikhathi' ingamanga njalo. idiski.c 805
RD_NTSTATUS
disk_set_information(....)
{
time_t write_time, change_time, access_time, mod_time;
....
if (write_time || change_time)
mod_time = MIN(write_time, change_time);
else
mod_time = write_time ? write_time : change_time; // <=
....
}Mhlawumbe umbhali wale khodi ulenze iphutha || и && esimweni. Ake sicabangele izinketho ezingaba khona zamanani bhala_isikhathi и shintsha_isikhathi:
- Zombili eziguquguqukayo zilingana no-0: kulokhu sizogcina egatsheni futhi: okuguquguqukayo mod_time izohlala ingu-0 kungakhathaliseki ukuthi yisiphi isimo esilandelayo.
- Okunye okuguquguqukayo ngu-0: mod_time izolingana no-0 (inqobo nje uma okunye okuguquguqukayo kunevelu elingelona inegethivu), ngoba -MIN izokhetha okuncane kokukhethwa kukho okubili.
- Kokubili okuguquguqukayo akulingani no-0: khetha inani elincane.
Lapho ushintsha isimo nge bhala_isikhathi && change_time ukuziphatha kuzobukeka kulungile:
- Okuhlukile okukodwa noma kokubili akulingani no-0: khetha inani elingelona uziro.
- Kokubili okuguquguqukayo akulingani no-0: khetha inani elincane.
Isiqephu 2
Inkulumo ihlale iyiqiniso. Mhlawumbe u-opharetha we-‘&&’ kufanele asetshenziswe lapha. disk.c 1419
static RD_NTSTATUS
disk_device_control(RD_NTHANDLE handle, uint32 request, STREAM in,
STREAM out)
{
....
if (((request >> 16) != 20) || ((request >> 16) != 9))
return RD_STATUS_INVALID_PARAMETER;
....
}Kusobala ukuthi abahlinzeki nabo baxubile lapha || и &&, noma == и !=: Okuhlukile akukwazi ukuba nenani elingu-20 no-9 ngesikhathi esisodwa.
Ukukopisha komugqa okungenamkhawulo
Ucingo lomsebenzi we-'sprintf' luzoholela ekuchichimeni kwe-buffer 'indlela egcwele'. disk.c 1257
RD_NTSTATUS
disk_query_directory(....)
{
....
char *dirname, fullpath[PATH_MAX];
....
/* Get information for directory entry */
sprintf(fullpath, "%s/%s", dirname, pdirent->d_name);
....
}Uma ubheka umsebenzi ngokugcwele, kuzocaca ukuthi le khodi ayidali izinkinga. Kodwa-ke, zingase zivele ngokuzayo: ushintsho olulodwa olunganaki futhi sizothola ukuchichima kwe-buffer - i-sprintf ayinqunyelwe yinoma yini, ngakho-ke lapho sihlanganisa izindlela singadlulela ngale kwemingcele yohlu. Kunconywa ukuthi uqaphele lolu cingo snprintf(indlela egcwele, PATH_MAX, ....).
Isimo esingafuneki
Ingxenye yenkulumo enemibandela ihlale iyiqiniso: engeza > 0. scard.c 507
static void
inRepos(STREAM in, unsigned int read)
{
SERVER_DWORD add = 4 - read % 4;
if (add < 4 && add > 0)
{
....
}
}wokuhlola engeza > 0 asikho isidingo lapha: okuguquguqukayo kuzohlala kukhulu kunoziro, ngoba funda % 4 izobuyisela ingxenye esele yesigaba, kodwa ngeke ilingane no-4.
xrdp
- ukuqaliswa kweseva ye-RDP enekhodi yomthombo ovulekile. Iphrojekthi ihlukaniswe yaba izingxenye ezi-2:
- xrdp - ukuqaliswa kwephrothokholi. Kusatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.
- xorgxrdp - Isethi yabashayeli be-Xorg abazosetshenziswa ne-xrdp. Ilayisensi - X11 (njenge-MIT, kodwa ivimbela ukusetshenziswa ekukhangiseni)
Ukuthuthukiswa kwephrojekthi kusekelwe emiphumeleni ye-rdesktop kanye ne-FreeRDP. Ekuqaleni, ukuze usebenze ngehluzo, bekufanele usebenzise iseva ehlukile ye-VNC, noma iseva ekhethekile ye-X11 enokusekelwa kwe-RDP - X11rdp, kodwa ngokufika kwe-xorgxrdp, isidingo sabo sanyamalala.
Kulesi sihloko ngeke sihlanganise i-xorgxrdp.
Iphrojekthi ye-xrdp, njengeyangaphambili, incane kakhulu futhi iqukethe cishe imigqa eyizinkulungwane ezingama-80.
Ama-typos amaningi
Ikhodi iqukethe iqoqo lamabhulokhi afanayo. Hlola izinto 'r', 'g', 'r' emigqeni 87, 88, 89. rfxencode_rgb_to_yuv.c 87
static int
rfx_encode_format_rgb(const char *rgb_data, int width, int height,
int stride_bytes, int pixel_format,
uint8 *r_buf, uint8 *g_buf, uint8 *b_buf)
{
....
switch (pixel_format)
{
case RFX_FORMAT_BGRA:
....
while (x < 64)
{
*lr_buf++ = r;
*lg_buf++ = g;
*lb_buf++ = r; // <=
x++;
}
....
}
....
}Le khodi ithathwe kulabhulali ye-librfxcodec, esebenzisa i-codec ye-jpeg2000 ye-RemoteFX. Lapha, ngokusobala, iziteshi zedatha yezithombe zixutshwe - esikhundleni sombala "oluhlaza okwesibhakabhaka", "obomvu" kubhalwa. Leli phutha cishe livele ngenxa yokukopisha-namathisela.
Inkinga efanayo yenzeke emsebenzini ofanayo rfx_encode_format_argb, umhlaziyi asitshele futhi:
Ikhodi iqukethe iqoqo lamabhulokhi afanayo. Hlola izinto 'a', 'r', 'g', 'r' emigqeni 260, 261, 262, 263. rfxencode_rgb_to_yuv.c 260
while (x < 64)
{
*la_buf++ = a;
*lr_buf++ = r;
*lg_buf++ = g;
*lb_buf++ = r;
x++;
}I-Array Declaration
Ukweqa kwe-array kungenzeka. Inani lenkomba ethi ‘i — 8’ lingafinyelela ku-129. genkeymap.c 142
// evdev-map.c
int xfree86_to_evdev[137-8+1] = {
....
};
// genkeymap.c
extern int xfree86_to_evdev[137-8];
int main(int argc, char **argv)
{
....
for (i = 8; i <= 137; i++) /* Keycodes */
{
if (is_evdev)
e.keycode = xfree86_to_evdev[i-8];
....
}
....
}Isimemezelo nencazelo yamalungu afanayo kulawa mafayela amabili akuhambisani - usayizi uhluka ngo-1. Nokho, awekho amaphutha okwenzekayo - usayizi olungile ucacisiwe kufayela le-evdev-map.c, ngakho-ke akukho ngaphandle kwemingcele. Ngakho lokhu kuyiphutha nje elingalungiseka kalula.
Ukuqhathanisa okungalungile
Ingxenye yenkulumo enemibandela ihlale ingamanga: (cap_len < 0). xrdp_caps.c 616
// common/parse.h
#if defined(B_ENDIAN) || defined(NEED_ALIGN)
#define in_uint16_le(s, v) do
....
#else
#define in_uint16_le(s, v) do
{
(v) = *((unsigned short*)((s)->p));
(s)->p += 2;
} while (0)
#endif
int
xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
{
int cap_len;
....
in_uint16_le(s, cap_len);
....
if ((cap_len < 0) || (cap_len > 1024 * 1024))
{
....
}
....
}Umsebenzi ufunda uhlobo oluguquguqukayo okungasayiniwe ibe variable like Int. Ukuhlola akudingekile lapha ngoba sifunda okuguquguqukayo okungasayiniwe futhi sabela umphumela kokuguquguquka okukhulu, ngakho okuguquguqukayo akukwazi ukuthatha inani elibi.
Ukuhlola okungadingekile
Ingxenye yenkulumo enemibandela ihlale iyiqiniso: (bpp != 16). libxrdp.c 704
int EXPORT_CC
libxrdp_send_pointer(struct xrdp_session *session, int cache_idx,
char *data, char *mask, int x, int y, int bpp)
{
....
if ((bpp == 15) && (bpp != 16) && (bpp != 24) && (bpp != 32))
{
g_writeln("libxrdp_send_pointer: error");
return 1;
}
....
}Ukuhlola ukungalingani akuwenzi umqondo lapha njengoba sesivele sinesiqhathaniso ekuqaleni. Kungenzeka ukuthi lokhu kuyiphutha futhi unjiniyela wayefuna ukusebenzisa opharetha || ukuhlunga izimpikiswano ezingavumelekile.
isiphetho
Ngesikhathi sokucwaningwa kwamabhuku, awekho amaphutha amakhulu atholakele, kodwa maningi amaphutha atholakele. Kodwa-ke, le miklamo isetshenziswa ezinhlelweni eziningi, nakuba zincane ngobubanzi. Iphrojekthi encane ayinawo amaphutha amaningi, ngakho-ke akufanele wahlulele ukusebenza komhlaziyi kumaphrojekthi amancane kuphela. Ungafunda kabanzi ngalokhu esihlokweni esithi “".
Ungalanda inguqulo yesilingo ye-PVS-Studio kithi .
Uma ufuna ukwabelana ngalesi sihloko nezithameli ezikhuluma isiNgisi, sicela usebenzise isixhumanisi sokuhumusha: Sergey Larin.
Source: www.habr.com