From 81e037e964629cba96e4d3c96f7ced969f032a51 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Fri, 29 May 2020 13:28:04 +0100 Subject: [PATCH] Prevent chansrv input channels being scanned during a server reset --- libxrdp/libxrdp.c | 11 ++++++++++- libxrdp/libxrdpinc.h | 1 + libxrdp/xrdp_fastpath.c | 5 ++++- libxrdp/xrdp_mcs.c | 7 +++++-- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c index 0160bcc8..96d32752 100644 --- a/libxrdp/libxrdp.c +++ b/libxrdp/libxrdp.c @@ -47,6 +47,7 @@ libxrdp_init(tbus id, struct trans *trans) session->rdp = xrdp_rdp_create(session, trans); session->orders = xrdp_orders_create(session, (struct xrdp_rdp *)session->rdp); session->client_info = &(((struct xrdp_rdp *)session->rdp)->client_info); + session->check_for_app_input = 1; return session; } @@ -1078,7 +1079,12 @@ libxrdp_reset(struct xrdp_session *session, return 1; } - /* shut down the rdp client */ + /* shut down the rdp client + * + * When resetting the lib, disable application input checks, as + * otherwise we can send a channel message to the other end while + * the channels are inactive ([MS-RDPBCGR] 3.2.5.5.1 */ + session->check_for_app_input = 0; if (xrdp_rdp_send_deactivate((struct xrdp_rdp *)session->rdp) != 0) { return 1; @@ -1090,6 +1096,9 @@ libxrdp_reset(struct xrdp_session *session, return 1; } + /* Re-enable application input checks */ + session->check_for_app_input = 1; + return 0; } diff --git a/libxrdp/libxrdpinc.h b/libxrdp/libxrdpinc.h index c236bec9..e235e6e6 100644 --- a/libxrdp/libxrdpinc.h +++ b/libxrdp/libxrdpinc.h @@ -66,6 +66,7 @@ struct xrdp_session struct trans *trans; int (*callback)(intptr_t id, int msg, intptr_t param1, intptr_t param2, intptr_t param3, intptr_t param4); + int check_for_app_input; void *rdp; void *orders; struct xrdp_client_info *client_info; diff --git a/libxrdp/xrdp_fastpath.c b/libxrdp/xrdp_fastpath.c index 711f2b85..fc0ac8a5 100644 --- a/libxrdp/xrdp_fastpath.c +++ b/libxrdp/xrdp_fastpath.c @@ -146,7 +146,10 @@ xrdp_fastpath_send(struct xrdp_fastpath *self, struct stream *s) { return 1; } - xrdp_fastpath_session_callback(self, 0x5556, 0, 0, 0, 0); + if (self->session->check_for_app_input) + { + xrdp_fastpath_session_callback(self, 0x5556, 0, 0, 0, 0); + } return 0; } diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c index 832cc408..a0502ef1 100644 --- a/libxrdp/xrdp_mcs.c +++ b/libxrdp/xrdp_mcs.c @@ -997,8 +997,11 @@ xrdp_mcs_call_callback(struct xrdp_mcs *self) { if (session->callback != 0) { - /* in xrdp_wm.c */ - rv = session->callback(session->id, 0x5556, 0, 0, 0, 0); + if (session->check_for_app_input) + { + /* in xrdp_wm.c */ + rv = session->callback(session->id, 0x5556, 0, 0, 0, 0); + } } else {