Major restructuring of how streams work. Neither input nor output
streams are now blocking. This avoids stalling the rest of the client or
server when a peer is slow or unresponsive.

Note that this puts an extra burden on users of streams to make sure
they are allowed to do their work once the underlying transports are
ready (e.g. monitoring fds).

These are not universal in the protocol so having functions for them
only obfuscates things.

The specification only states a single result byte and not any reason
after a TLS authentication failure.

Now measures over an entire update, which should hopefully give us more
stable values. They are still small values for fast networks though so
increase precision in the values we keep.

Provide some safety checks when directly accessing the underlying
pointer of streams.

Some systems (like TLS) need to send some final data before closing
a connection. Make sure this is properly handled by cleaning up the
security object before closing the underlying network socket.

Otherwise we might send duplicate result codes and other weird things.

External callers don't need to know the exact details, only if there is
data that needs to be flushed or not.

This allows us to handle peaks in input and output streams gracefully
without having to block processing.

The principle can be used in a more general fashion than just TCP
streams.

We can do what we want with the standard methods.

Just have a simply number of bytes argument to avoid a lot of
complexity.

Most streams are backed by a memory buffer. Create common base classes
for this functionality to avoid code duplication.

Makes it more readable to write code that needs to know how much
data/space is available in a stream.

It might leak data depending on what's in the buffer. Use pad() instead
where blank space is needed.

They were accidentally left unused in fbad8a9 so they haven't been used
in some time.

We need to be able to tell this exception came from a decoder.

For readability.

There might be some final handshake data that is still stuck in the
buffers, so make a best effort attempt at getting it to the client.

The socket is closed at this point so we have to rely on a cached
value for the logging.

It's a generic feature that is better handled as part of SConnection's
state machine.

We can't safely use the normal timers in base classes as we cannot
guarantee that subclasses will call the base class' handleTimeout()
properly if the subclass overrides it.

Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.

The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.

It is present on all UNIX systems anyway, so let's simplify things.
We will need it for more proper session startup anyway.

There are multiple "okay" return values, not just Z_OK. Make sure we
don't bail out needlessly.

Modern MinGW seems to provide this, so simplify things a bit. This also
side steps some of the issue of the windows.h/winsock2.h include
ordering.

Otherwise such clients cannot use Scroll Lock at all, and that is
probably worse than any effects we might get from getting out of sync.

new throws an exception on allocation errors rather than return NULL.

This check is completely backwards and it is currently unknown how
this ever worked.

There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.

The copied rects have already been merged in to the changed rects
at this point if the client doesn't support the CopyRect encoding.

Our fast paths assume that each channel fits in to a separate byte.
That means the shift needs to be a multiple of 8. Start actually
checking this so that a client cannot trip us up and possibly cause
incorrect code exection.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

Provides safety against them accidentally becoming negative because
of bugs in the calculations.

Also does the same to CharArray and friends as they were strongly
connection to the stream objects.

Otherwise we might be tricked in to reading and writing things at
incorrect offsets for pixels which ultimately could result in an
attacker writing things to the stack or heap and executing things
they shouldn't.

This only affects the server as the client never uses the pixel
format suggested by th server.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

No one should every try to write to this buffer. Enforce that by
throwing an exception if any one tries to get a writeable pointer
to the data.

We do a lot of calculations based on pixel coordinates and we need
to make sure they do not overflow. Restrict the maximum dimensions
we support rather than try to switch over all calculations to use
64 bit integers.

This prevents attackers from from injecting code by specifying a
huge framebuffer size and relying on the values overflowing to
access invalid areas of the heap.

This primarily affects the client which gets both the screen
dimensions and the pixel contents from the remote side. But the
server might also be affected as a client can adjust the screen
dimensions, as can applications inside the session.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

Don't allow subclasses to just override dimensions or buffer details
directly and instead force them to go via methods. This allows us
to do sanity checks on the new values and catch bugs and attacks.

Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab