Michal Srb [Mon, 27 Mar 2017 10:37:11 +0000 (13:37 +0300)]
Fix crash from integer overflow in SMsgReader::readClientCutText
The length sent by client is U32, but is converted into int. If it was bigger than 0x7fffffff the resulting int is negative, it passes the check against maxCutText and later throws std::bad_alloc from CharArray which takes down the whole server.
All the Streaming API deals with lengths in ints, so we can't tell it to skip that big amount of data. And it is not realistic to expect more than 2GB of clipboard data anyway. So lets just throw rdr::Exception that will disconnect this client and keep the server alive.
Pierre Ossman [Fri, 7 Oct 2016 13:59:38 +0000 (15:59 +0200)]
Send updates with a fixed interval
This redesigns the old "deferred updates" mechanism in to a frame
clock that governs how often updates are sent out. The goal is still
the same, to aggregate updates and avoid pointless updates, all in
the name of efficiency. This model should however be more robust
against delays that sometimes causes us to miss the desired rate.
Pierre Ossman [Fri, 24 Feb 2017 11:33:09 +0000 (12:33 +0100)]
Display performance statistics in viewer
Adds an optional graph to the viewer to display current frame rate,
pixel rate and network bandwidth. Makes it easier to debug and test
performance related issues.
Pierre Ossman [Mon, 13 Feb 2017 12:47:37 +0000 (13:47 +0100)]
Fix wrapping/unwrapping of X11 hooks
The functions might change so we need to also make sure we grab
the updated value after each call. Clean up the code to use the
same style as the rest of the Xorg code.
Brian P. Hinz [Fri, 10 Feb 2017 04:41:56 +0000 (23:41 -0500)]
Fix regression that omitted support for client redirect.
Also, delay showing DesktopWindow until first valid rect has been
recieved. This allows for a ClientRedirect to take place before
any data rects have been received.
Pierre Ossman [Mon, 2 Jan 2017 18:49:52 +0000 (19:49 +0100)]
Render on a temporary surface when needed
Some platforms draw directly to the screen, which means that updates
will flicker if we draw multiple layers. Prevent this by first
composing the update on a hidden surface.
Pierre Ossman [Thu, 19 Jan 2017 14:23:05 +0000 (15:23 +0100)]
Harmonise new client handlers
One was missing a call to register the fd with the X server, and
one forgot to set it to non-blocking. One result of this was a crash
when hitting the blacklist.
Pierre Ossman [Wed, 18 Jan 2017 12:34:13 +0000 (13:34 +0100)]
Prevent invalid PixelBuffer accesses
There has been multiple attempts at tricking decoders to exceed
the boundaries of the active pixel buffer. Add extra checks to
prevent such invalid access.
Michal Srb [Fri, 13 Jan 2017 14:32:23 +0000 (16:32 +0200)]
Fix buffer overflow in ModifiablePixelBuffer::fillRect.
It can be triggered by RRE message with subrectangle out of framebuffer
boundaries. It may prevent the same kind of issue caused by evil message
from another encoding too.
Hans de Goede [Mon, 9 Jan 2017 15:03:30 +0000 (16:03 +0100)]
Fix -inetd not working with xserver >= 1.19
xserver 1.19's OsInit will create a pollfd, followed by checking if fd 2 /
stderr is writable and if it is not, replacing fd 2 with /dev/null.
Since we close stderr in inetd mode to avoid xserver messages being send
to the client as vnc data, the pollfd becomes fd 2, only to be replaced
by /dev/null since a pollfd is not writable.
This commit fixes this by opening /dev/null directly after the close(2),
avoiding that the pollfd becomes fd 2.
Alan Coopersmith: Change to use dup2() for atomic switch of fd
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Pierre Ossman [Thu, 29 Dec 2016 15:52:56 +0000 (16:52 +0100)]
More robust event and close handling
There were still some circumstances where we could get stuck reading
data and not respect close events properly. Move that logic to a more
central place in order to make it more reliable.
Pierre Ossman [Mon, 19 Dec 2016 09:27:06 +0000 (10:27 +0100)]
Use dixChangeWindowProperty() instead of ChangeWindowProperty()
ChangeWindowProperty() was removed upstream because it was redundant,
and dixChangeWindowProperty() has been around since 1.5 so we can
safely use that.
MacOS package: Added NSHighResolutionCapable tag to Info.plist
With the flag the application will start enable the high resolution
display. I tested this on a Macbook Pro with a High Resolution Display.
The fonts are better to read.
Pierre Ossman [Mon, 10 Oct 2016 14:05:46 +0000 (16:05 +0200)]
Fix busy loop in FdOutStream::flush()
This bug was introduced in c6df31db. A non-blocking socket that did
not have any more space would busy loop until the write succeeded.
Instead now it returns without any action, just as it did before
the bug was introduced.
Koichiro IWAO [Tue, 4 Oct 2016 08:17:06 +0000 (17:17 +0900)]
Do not depends on mcookie command
for operating systems other than GNU/Linux.
mcookie is a part of util-linux. Usually only GNU/Linux systems have it.
Do not die even if mcookie is not found. Use the previous pure perl code
to generate cookie as fallback.
Brian P. Hinz [Sat, 27 Aug 2016 21:33:04 +0000 (17:33 -0400)]
Make all viewer parameters static. Viewer instances are isolated from each other by spawning a completely new process for each viewer, rather than simply starting a new thread. All dialogs were redesigned to better match the look of the native viewer, and also to be more tolerant of sizing differences between platforms.
Jeff Blaine [Sat, 6 Aug 2016 20:22:18 +0000 (16:22 -0400)]
Support both defaults and mandatory system config files
This commit introduces support for optional basic system-wide
configuration of vncserver.
The format and syntax of /etc/tigervnc/vncserver* match
that of $HOME/.vnc/config exactly.
Allows /etc/tigervnc/vncserver-config-defaults as well as
/etc/tigervnc/vncserver-config-mandatory. The former is optional
and sets user-overrideable vncserver settings. The latter is
optional, but if it exists takes precedence over all user
$HOME/.vnc/config settings of the same setting name. In the
case where /etc/tigervnc/vncserver-config-mandatory overrides
a setting in $HOME/.vnc/config, the user will be warned that
it has happened.
WARNING: Settings in /etc/tigervnc/vncserver-config-mandatory
are easily subverted by passing args to vncserver on the CLI.
The man page indicates this warning.
This commit also introduces (should have been separate) examination
of all config file settings (not just @ARGV!) when determining
whether or not $HOME/.vnc/passwd needs to be created. That is,
if /etc/tigervnc/vncserver* or $HOME/.vnc/config indicate that
we are NOT using VNC-native authentication, then we don't need
a $HOME/.vnc/passwd created.
Code cleanup:
$xstartup was renamed $xstartupFile for consistency with other
"file" variable names.
For VNC-auth checking, to determine if $HOME/.vnc/passwd needed
creation, the 3-string check against lc($arg2) was in 2 places
and was changed to a simple grep against the new @vncAuthStrings