[FreeRDP-devel] RemoteApp not working, version 2.0.0+0~20181110024832.587~1.gbpc5c1ba

Tue, 13 Nov 2018 01:44:13 -0800 

Hi,
It looks like RemoteApp is broken in freerdp2 after latest Microsoft updates. I tried connecting to Windows 7 Enterprise machine with Linux freerdp client (freerdp-nightly version 2.0.0+0~20181113024836.588~1.gbp097ac0). After passing authenticating phase window appears for a second and dissepears and I get following messages: 

=================================================================

==25672==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x603000047a56 at pc 0x7f17c6505733 bp 0x7f17a3458050 sp 0x7f17a34577f8

READ of size 40 at 0x603000047a56 thread T11
    #0 0x7f17c6505732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)

    #1 0x7f17c4df2398 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe7398)
    #2 0x7f17c4df5d54 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xead54)
    #3 0x7f17c4def96a 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe496a)

    #4 0x562885c0336d  (/opt/freerdp-nightly/bin/xfreerdp+0x1e36d)

    #5 0x7f17c4df3cbc 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe8cbc)
    #6 0x7f17c4def531 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe4531)
    #7 0x7f17c3ecb599 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x117599)
    #8 0x7f17c35a76da in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)

    #9 0x7f17c3ae488e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)


0x603000047a56 is located 0 bytes to the right of 22-byte region 
[0x603000047a40,0x603000047a56)

allocated by thread T11 here:

    #0 0x7f17c656ad38 in __interceptor_calloc 
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
    #1 0x7f17c3ef267b in ConvertToUnicode 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x13e67b)
    #2 0x7f17c4df72a1 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xec2a1)
    #3 0x7f17c4def802 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe4802)

    #4 0x562885c0336d  (/opt/freerdp-nightly/bin/xfreerdp+0x1e36d)

    #5 0x7f17c4df3cbc 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe8cbc)
    #6 0x7f17c4def531 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe4531)
    #7 0x7f17c3ecb599 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x117599)
    #8 0x7f17c35a76da in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)


Thread T11 created by T1 here:

    #0 0x7f17c64c3d2f in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7f17c3ecb0d4 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1170d4)
    #2 0x7f17c3ecb8df in CreateThread 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1178df)
    #3 0x7f17c4df00a8 
(/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe50a8)
    #4 0x7f17c48f5967 
(/opt/freerdp-nightly/bin/../lib/libfreerdp2.so.2+0x15e967)
    #5 0x7f17c48efd38 in freerdp_connect 
(/opt/freerdp-nightly/bin/../lib/libfreerdp2.so.2+0x158d38)

    #6 0x562885c39beb  (/opt/freerdp-nightly/bin/xfreerdp+0x54beb)

    #7 0x7f17c3ecb599 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x117599)
    #8 0x7f17c35a76da in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)


Thread T1 created by T0 here:

    #0 0x7f17c64c3d2f in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x7f17c3ecb0d4 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1170d4)
    #2 0x7f17c3ecb8df in CreateThread 
(/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1178df)

    #3 0x562885c33b5f  (/opt/freerdp-nightly/bin/xfreerdp+0x4eb5f)
    #4 0x562885bf4cca  (/opt/freerdp-nightly/bin/xfreerdp+0xfcca)

    #5 0x7f17c39e4b96 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21b96)



SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)

Shadow bytes around the buggy address:
  0x0c0680000ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680000f00: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
  0x0c0680000f10: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
  0x0c0680000f20: fd fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c0680000f30: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
=>0x0c0680000f40: fa fa fd fd fd fd fa fa 00 00[06]fa fa fa fa fa
  0x0c0680000f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680000f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680000f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680000f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0680000f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==25672==ABORTING



Accessing full desktop works OK. I read issue #4972 but I cannot relate 
c5c1bac (version that was supposed to fix the issue) with the version 
from freerdp-nightly.


--
*Hrvatski zavod za telemedicinu*
Služba za informacijske tehnologije i integraciju
Odjel za administraciju informacijskih sustava i tehničku podršku
Željko Puškarić, načelnik odjela
zpuska...@ztm.hr
tel: +385 1 5496 092
fax: +385 1 5496 099
http://www.ztm.hr

_______________________________________________
FreeRDP-devel mailing list
FreeRDP-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel






















					Reply via email to