fix: make license parsing and protocol more resilient #436
Conversation
…ake it compatible with xrdp
ibeckermayer
changed the title
BlobType to resilient parsing style
Coverage Report 🤖 ⚙️Past: New: Diff: +0.26% [this comment will be updated automatically] |
|
Substantial changes have been made since approval see the Update section in the description. |
…n PR (Devolutions/IronRDP#436) and thus the IronRDP hash should be frozen until those changes are merged and the hash updated to IronRDP latest master
* Updates commit-hash to IronRDP fix/resilient-blobtype HEAD * Updates commit-hash to IronRDP fix/resilient-blobtype HEAD * Updates to latest IronRDP hash. Note that this hash is of a still-open PR (Devolutions/IronRDP#436) and thus the IronRDP hash should be frozen until those changes are merged and the hash updated to IronRDP latest master
…n PR (Devolutions/IronRDP#436) and thus the IronRDP hash should be frozen until those changes are merged and the hash updated to IronRDP latest master
* Updates commit-hash to IronRDP fix/resilient-blobtype HEAD * Updates commit-hash to IronRDP fix/resilient-blobtype HEAD * Updates to latest IronRDP hash. Note that this hash is of a still-open PR (Devolutions/IronRDP#436) and thus the IronRDP hash should be frozen until those changes are merged and the hash updated to IronRDP latest master
|
@ibeckermayer Benoit is on vacation, I'll take a look at it today👍 |
| @@ -267,12 +268,13 @@ pub enum CapabilitySet { | |||
| BitmapCodecs(BitmapCodecs), | |||
|
|
|||
| // other | |||
| FrameAcknowledge(FrameAcknowledge), | |||
There was a problem hiding this comment.
I believe FrameAcknowledge should be moved above "other" comment as we already support/parse it
| @@ -322,6 +322,18 @@ pub enum ShareDataPdu { | |||
| ShutdownDenied, | |||
| SuppressOutput(SuppressOutputPdu), | |||
| RefreshRectangle(RefreshRectanglePdu), | |||
| Update(Vec<u8>), | |||
There was a problem hiding this comment.
Lets separate "unparsed" variants with the comment (// Not implemented) as in CapabilitySet
Thought: (for follow-up refactoring at some time in future?) I don't like the idea of mixing named variants with parsed and unparsed data. If we implement new variant which was previously "unparsed", then we break the API each time a new feature is added. Maybe we need to refactor ShareDataPduType to be a struct with const's like BlobType, and then we could refactor ShareDataPdu to make is non_exhaustive and add a single Other variant for unparsed data like so:
Other {
kind: ShareDataPduType,
data: Vec<u8>
}The same thing for the Capability set and similar types which can't be implemented in one go or could be extended in RDP standards.
cc @CBenoit
There was a problem hiding this comment.
I mostly agree! Here is an alternative:
struct ShareDataPduRaw<'a> {
kind: ShareDataPduType,
data: Cow<'a, [u8]>,
}
impl ShareDataPdu<'_> {
fn parse(&self) -> Result<ShareDataPdu, …> { … }
}With ShareDataPdu only including supported PDUs, and allowing graceful handling both known and unknown PDU types.
That being said, if the plan is to support all the different types soon enough, it’s probably fine to just add the new variants now instead. I don’t think the protocol will change that much by adding a new Share Data PDU type, and if it does, it will likely be controlled by compatibly flags during the handshake.
There was a problem hiding this comment.
I'm going to punt on this one for now.
CBenoit
changed the title
|
Thank you for this @ibeckermayer |
According to https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/73170ca2-5f82-4a2d-9d1b-b439f3d8dadc wMsgSize is "the size in bytes of the licensing packet (including the size of the preamble)". It must thus exclude BASIC_SECURITY_HEADER_SIZE. Fixes mstsc connection to IronRDP server/acceptor. Fixes 5c42ade ("fix: make license parsing and protocol more resilient (Devolutions#436)") Signed-off-by: Marc-André Lureau <[email protected]>
According to https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/73170ca2-5f82-4a2d-9d1b-b439f3d8dadc wMsgSize is "the size in bytes of the licensing packet (including the size of the preamble)". It must thus exclude BASIC_SECURITY_HEADER_SIZE. Fixes mstsc connection to IronRDP server/acceptor. Fixes 5c42ade ("fix: make license parsing and protocol more resilient (#436)") Signed-off-by: Marc-André Lureau <[email protected]>
A user encountered
This appears to be a bug in the parsing code for
SERVER_PLATFORM_CHALLENGEwhich contains a Licensing Binary BLOB<12> with the following footnote:suggesting that the blob type may not be one of the enumerated expected values.
This PR re-introduces resilient parsing for this field.
Putting this in draft mode pending an in-field test by the user.Update:
After attempting to connect over xrdp, I discovered a larger refactor should be done to improve the resiliency of the licensing protocol. This has also now been tested against the standard windows rdp server.