David Fort hardening

## opaqueSettings.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                hardening
                / opaqueSettings.md
            
            
              Created
              October 24, 2023 08:10
            
          
    Bool settings

Generic ones

ServerMode = 16,
WaitForOutputBufferFlush = 25,
NetworkAutoDetect = 137,
SupportAsymetricKeys = 138,
SupportErrorInfoPdu = 139,


## mario_socks.c
/**
 * FreeRDP: A Remote Desktop Protocol Implementation
 * SOCKS MarIO
 *
 * Copyright 2022 David Fort <contact@hardening-consulting.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *

## gist:9012b387ce5836f7deb5755af35952b3
/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
/* protected: long __cdecl RdpGfxProtocolClientDecoder::DecodeSolidFill(void) __ptr64 */

long __thiscall RdpGfxProtocolClientDecoder::DecodeSolidFill(RdpGfxProtocolClientDecoder *this)

{
  ushort **ppuVar1;
  ushort uVar2;
  ushort *puVar3;
  uint uVar4;

## gist:4e88c1a91ab1eebdc683853200435545
Starting program: C:\msys64\home\Administrateur\git\FreeRDP\output-x64\Testing\TestClient.exe TestClientRdpFile
[New Thread 2800.0x1360]
[New Thread 2800.0x1254]
warning: HEAP[TestClient.exe]:
warning: Invalid address specified to RtlFreeHeap( 0000016887610000, 00000168877A5D20 )

Thread 1 received signal SIGTRAP, Trace/breakpoint trap.
0x00007fff7d00828f in ntdll!RtlpNtMakeTemporaryKey () from C:\Windows\SYSTEM32\ntdll.dll
(gdb) bt
#0  0x00007fff7d00828f in ntdll!RtlpNtMakeTemporaryKey ()

## gist:6a6e0ba18dc9a40531b1b86d19ee788e
/home/david/dev/git/FreeRDP/client/common/client.c: In function ‘client_auto_reconnect_ex’:
/home/david/dev/git/FreeRDP/client/common/client.c:907:34: warning: passing argument 1 of ‘freerdp_get_last_error’ from incompatible pointer type [-Wincompatible-pointer-types]
  907 |   switch (freerdp_get_last_error(instance))
      |                                  ^~~~~~~~
      |                                  |
      |                                  freerdp * {aka struct rdp_freerdp *}
In file included from /home/david/dev/git/FreeRDP/include/freerdp/client.h:25,
                 from /home/david/dev/git/FreeRDP/client/common/client.c:25:
/home/david/dev/git/FreeRDP/include/freerdp/freerdp.h:549:56: note: expected ‘rdpContext *’ {aka ‘struct rdp_context *’} but argument is of type ‘freerdp *’ {aka ‘struct rdp_freerdp *’}
  549 |  FREERDP_API UINT32 freerdp_get_last_error(rdpContext* context);

## gist:54632b0217243008775ea33e378061a5
diff --git a/winpr/libwinpr/pool/pool.h b/winpr/libwinpr/pool/pool.h
index fbf48a823..9ecbb5453 100644
--- a/winpr/libwinpr/pool/pool.h
+++ b/winpr/libwinpr/pool/pool.h
@@ -27,7 +27,7 @@
 #include <winpr/collections.h>

 #if defined(_WIN32)
-#if (_WIN32_WINNT < _WIN32_WINNT_WIN6)
+#if (_WIN32_WINNT < _WIN32_WINNT_WIN6) || defined(__MINGW32__)

## gist:5ca846b4ccb071750af94d0254c931ca
set(CMAKE_SYSTEM_NAME Windows)
set(TOOLCHAIN_PREFIX x86_64-w64-mingw32)
#set(TOOLCHAIN_PREFIX i686-w64-mingw32)

# cross compilers to use for C and C++
#set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc)
#set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-g++)
set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc-posix)
set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-c++-posix)
set(CMAKE_RC_COMPILER ${TOOLCHAIN_PREFIX}-windres)

## gist:a470c1870e42c679f5d9e83a9ed62162
diff --git a/channels/smartcard/client/smartcard_operations.c b/channels/smartcard/client/smartcard_operations.c
index f13b6ca53..df20c9b5a 100644
--- a/channels/smartcard/client/smartcard_operations.c
+++ b/channels/smartcard/client/smartcard_operations.c
@@ -718,6 +718,7 @@ static LONG smartcard_ListReadersW_Call(SMARTCARD_DEVICE* smartcard, SMARTCARD_O

 	string.bp = call->mszGroups;
 	cchReaders = SCARD_AUTOALLOCATE;
+	ZeroMemory(&mszReaders, sizeof(mszReaders));
 	status = ret.ReturnCode =

## gist:7767accb05999a751ae0b2b1416e745e
==390426== Thread 2:
==390426== Invalid write of size 2
==390426==    at 0x4840243: memcpy@GLIBC_2.2.5 (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==390426==    by 0x4D08F45: kerberos_EncryptMessage (kerberos.c:675)
==390426==    by 0x4D0A001: negotiate_EncryptMessage (negotiate.c:510)
==390426==    by 0x4D103AA: winpr_EncryptMessage (sspi_winpr.c:1551)
==390426==    by 0x544BD82: nla_encrypt (nla.c:438)
==390426==    by 0x544EAC9: nla_encrypt_public_key_hash (nla.c:1474)
==390426==    by 0x544CEDD: nla_client_recv_nego_token (nla.c:870)
==390426==    by 0x544D2DF: nla_client_recv (nla.c:953)

## gist:ddc232499b18f5360d83dc33de249ce6
[ 98%] Building C object client/X11/CMakeFiles/xfreerdp-client.dir/xf_client.c.o
/Users/freerdp/ci.freerdp.com/workspace/osx/CMAKE_GENERATOR/Unix Makefiles/label/macosx/source/client/X11/xf_client.c:1639:15: warning: result of comparison of constant 258 with expression of type 'BOOL' (aka 'signed char') is always true [-Wtautological-constant-out-of-range-compare]
                if ((status != WAIT_TIMEOUT) && (waitStatus == WAIT_OBJECT_0))
                     ~~~~~~ ^  ~~~~~~~~~~~~
1 warning generated.
	/**
	* FreeRDP: A Remote Desktop Protocol Implementation
	* SOCKS MarIO
	*
	* Copyright 2022 David Fort <contact@hardening-consulting.com>
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	/* WARNING: Function: _guard_dispatch_icall replaced with injection: guard_dispatch_icall */
	/* protected: long __cdecl RdpGfxProtocolClientDecoder::DecodeSolidFill(void) __ptr64 */

	long __thiscall RdpGfxProtocolClientDecoder::DecodeSolidFill(RdpGfxProtocolClientDecoder *this)

	{
	ushort **ppuVar1;
	ushort uVar2;
	ushort *puVar3;
	uint uVar4;
	Starting program: C:\msys64\home\Administrateur\git\FreeRDP\output-x64\Testing\TestClient.exe TestClientRdpFile
	[New Thread 2800.0x1360]
	[New Thread 2800.0x1254]
	warning: HEAP[TestClient.exe]:
	warning: Invalid address specified to RtlFreeHeap( 0000016887610000, 00000168877A5D20 )

	Thread 1 received signal SIGTRAP, Trace/breakpoint trap.
	0x00007fff7d00828f in ntdll!RtlpNtMakeTemporaryKey () from C:\Windows\SYSTEM32\ntdll.dll
	(gdb) bt
	#0 0x00007fff7d00828f in ntdll!RtlpNtMakeTemporaryKey ()
	/home/david/dev/git/FreeRDP/client/common/client.c: In function ‘client_auto_reconnect_ex’:
	/home/david/dev/git/FreeRDP/client/common/client.c:907:34: warning: passing argument 1 of ‘freerdp_get_last_error’ from incompatible pointer type [-Wincompatible-pointer-types]
	907 \| switch (freerdp_get_last_error(instance))
	\| ^~~~~~~~
	\| \|
	\| freerdp * {aka struct rdp_freerdp *}
	In file included from /home/david/dev/git/FreeRDP/include/freerdp/client.h:25,
	from /home/david/dev/git/FreeRDP/client/common/client.c:25:
	/home/david/dev/git/FreeRDP/include/freerdp/freerdp.h:549:56: note: expected ‘rdpContext ’ {aka ‘struct rdp_context ’} but argument is of type ‘freerdp ’ {aka ‘struct rdp_freerdp ’}
	549 \| FREERDP_API UINT32 freerdp_get_last_error(rdpContext* context);
	diff --git a/winpr/libwinpr/pool/pool.h b/winpr/libwinpr/pool/pool.h
	index fbf48a823..9ecbb5453 100644
	--- a/winpr/libwinpr/pool/pool.h
	+++ b/winpr/libwinpr/pool/pool.h
	@@ -27,7 +27,7 @@
	#include <winpr/collections.h>

	#if defined(_WIN32)
	-#if (_WIN32_WINNT < _WIN32_WINNT_WIN6)
	+#if (_WIN32_WINNT < _WIN32_WINNT_WIN6) \|\| defined(__MINGW32__)
	set(CMAKE_SYSTEM_NAME Windows)
	set(TOOLCHAIN_PREFIX x86_64-w64-mingw32)
	#set(TOOLCHAIN_PREFIX i686-w64-mingw32)

	# cross compilers to use for C and C++
	#set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc)
	#set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-g++)
	set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc-posix)
	set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-c++-posix)
	set(CMAKE_RC_COMPILER ${TOOLCHAIN_PREFIX}-windres)
	diff --git a/channels/smartcard/client/smartcard_operations.c b/channels/smartcard/client/smartcard_operations.c
	index f13b6ca53..df20c9b5a 100644
	--- a/channels/smartcard/client/smartcard_operations.c
	+++ b/channels/smartcard/client/smartcard_operations.c
	@@ -718,6 +718,7 @@ static LONG smartcard_ListReadersW_Call(SMARTCARD_DEVICE* smartcard, SMARTCARD_O

	string.bp = call->mszGroups;
	cchReaders = SCARD_AUTOALLOCATE;
	+ ZeroMemory(&mszReaders, sizeof(mszReaders));
	status = ret.ReturnCode =
	==390426== Thread 2:
	==390426== Invalid write of size 2
	==390426== at 0x4840243: memcpy@GLIBC_2.2.5 (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
	==390426== by 0x4D08F45: kerberos_EncryptMessage (kerberos.c:675)
	==390426== by 0x4D0A001: negotiate_EncryptMessage (negotiate.c:510)
	==390426== by 0x4D103AA: winpr_EncryptMessage (sspi_winpr.c:1551)
	==390426== by 0x544BD82: nla_encrypt (nla.c:438)
	==390426== by 0x544EAC9: nla_encrypt_public_key_hash (nla.c:1474)
	==390426== by 0x544CEDD: nla_client_recv_nego_token (nla.c:870)
	==390426== by 0x544D2DF: nla_client_recv (nla.c:953)
	[ 98%] Building C object client/X11/CMakeFiles/xfreerdp-client.dir/xf_client.c.o
	/Users/freerdp/ci.freerdp.com/workspace/osx/CMAKE_GENERATOR/Unix Makefiles/label/macosx/source/client/X11/xf_client.c:1639:15: warning: result of comparison of constant 258 with expression of type 'BOOL' (aka 'signed char') is always true [-Wtautological-constant-out-of-range-compare]
	if ((status != WAIT_TIMEOUT) && (waitStatus == WAIT_OBJECT_0))
	~~~~~~ ^ ~~~~~~~~~~~~
	1 warning generated.