GUACAMOLE-2263: Harden CLIPRDR channel against FreeRDP 3.x state machine.#678
Open
escra wants to merge 1 commit into
Open
GUACAMOLE-2263: Harden CLIPRDR channel against FreeRDP 3.x state machine.#678escra wants to merge 1 commit into
escra wants to merge 1 commit into
Conversation
FreeRDP 3.x tracks pending CLIPRDR requests internally and disconnects (error 1359) when a Format Data Response arrives without a matching pending request, or when an expected response is never sent. Forward and backward clipboard transfers could desynchronize the channel and tear down otherwise healthy RDP sessions. This adds a request_pending/request_lock state machine on the existing guac_rdp_clipboard structure to prevent overlapping Format Data Requests, clears stale requests when a new Format List arrives, sends a CB_RESPONSE_FAIL Format Data Response for unsupported formats instead of silently dropping the request, evaluates CB_RESPONSE_FAIL on incoming responses, and guards against NULL/empty clipboard data. monitor_ready and the clipboard end handler now advertise capabilities and the format list even if an individual PDU fails. The hardening is layered on top of the current main structure, preserving the heap-allocated clipboard buffers (GUACAMOLE-2002) and clipboard recording (GUACAMOLE-1969) and the guac_rdp_clipboard_alloc(client, buffer_size) signature.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is the main-targeted forward-port of #661 (GUACAMOLE-2263), reworked on top of current
main(HEAD e775052).This could not be cherry-picked from the
staging/1.6.1-based #661:mainhas already restructured the same functions (heap-allocated clipboard buffers from GUACAMOLE-2002, clipboard recording from GUACAMOLE-1969, and the changedguac_rdp_clipboard_alloc(client, buffer_size)signature). Only the additive hardening is applied here; existingmainlogic is preserved, not duplicated.Problem
Under FreeRDP 3.x the CLIPRDR state machine is stricter: overlapping format-data requests can trigger errors (e.g. 1359), and failure/edge cases were not signalled back to the peer.
Fix
request_pending/request_lockmutex guarding outstanding format-data requests (prevents overlap).CB_RESPONSE_FAILfor unsupported formats / failures.guac_recording_report_clipboard().Verification
Built against FreeRDP 3.26.0:
cliprdr.ccompiles warning-free andlibguac-client-rdplinks against libfreerdp3/libwinpr3. Preprocessor-confirmed that the FreeRDP-3 code paths (not the FreeRDP-2#elsebranches) are compiled.