xfreerdp 2.11.5 still broken with: "Fastpath update Bitmap [1] failed, status 0"
frispete opened this issue · comments
$ xfreerdp2 /bpp:24 /size:1920x1200 /v:x.y.z.0 /u:user '/p:pass' +fonts +aero +clipboard
[12:51:17:122] [2597:2598] [WARN][com.freerdp.crypto] - Certificate verification failure 'self-signed certificate (18)' at stack position 0
[12:51:17:122] [2597:2598] [WARN][com.freerdp.crypto] - CN = WIN2K16-01.domain.local
[12:51:18:425] [2597:2598] [INFO][com.freerdp.gdi] - Local framebuffer format PIXEL_FORMAT_BGRX32
[12:51:18:425] [2597:2598] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_RGB16
[12:51:18:468] [2597:2598] [INFO][com.freerdp.channels.rdpsnd.client] - [static] Loaded fake backend for rdpsnd
[12:51:19:087] [2597:2598] [ERROR][com.freerdp.core.fastpath] - Fastpath update Bitmap [1] failed, status 0
[12:51:19:087] [2597:2598] [ERROR][com.freerdp.core.fastpath] - fastpath_recv_update_data: fastpath_recv_update() - -1
[12:51:19:087] [2597:2598] [ERROR][com.freerdp.core.fastpath] - fastpath_recv_update_data() fail
[12:51:19:087] [2597:2598] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -3
[12:51:19:087] [2597:2598] [ERROR][com.freerdp.core] - freerdp_abort_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_CANCELLED [0x0002000B]
[12:51:19:087] [2597:2598] [INFO][com.freerdp.client.common] - Network disconnect!
This issue is reported to be fixed by: aeac304
which is included in the 2.11.5 release. Probably, it's not the full fix, because:
- adding
/gfx
does fix the issue - using
-fast-path
does not, it connects and shows a black window only xfreerdp 3.4.0
doesn't show this behaviour, it works straight away
These tests are all done with openSUSE Tumbleweed 20240407
, specifically in my home repo, where I attempt to build FreeRDP
2 and 3 in a friendly co-existing fashion, and make krdc 23.08.5
work with freerdp2
. krdc 24.02.1
uses the freerdp3
library directly. That approach cannot supply additional options to the xfreerdp
process, that might be required at certain setups...
- please add a
debug
ortrace
log output, this might be something else. -fast-path
will be dropped (it is useless if you use anything newer than XP)/gfx
does only work if the remote has it enabled, so not sure this tells us anything
@akallabeth with pleasure!
xfreerdp2.log
@frispete ok, the commit you reference is for 32bit color depth, you´re running 16bit (forced by server, your command line specifies 24).
that is using interleaved_decompress
@akallabeth FYI, here are logs for requesting 16 and 32 bits color depth attached.
xfreerdp2-16.log
xfreerdp2-32.log
@frispete they are all 16bpp
;)
your server is forcing this.
anyway, don´t currently have time for this but I´ve added it to the list of backports to do.
don´t currently have time for this but I´ve added it to the list of backports to do
Sure, no problem, the/gfx
work around is doing fine so far.
After being related to this project since more than a decade, I can only express my heartfelt thanks for your tireless efforts! This project is so outstanding because of you!
Thanks a bunch for addressing these issues @akallabeth
While updating our freerdp2 package from 2.11.5 to 2.11.6, I noticed, that we still carry a CVE-2023-40574-to-2023-40576.patch, that derived from you. It doesn't apply anymore, but interestingly, some parts do:
$ quilt pu
Applying patch freerdp-CVE-2023-40574-to-2023-40576.patch
patching file libfreerdp/primitives/prim_YUV.c
patching file libfreerdp/codec/include/bitmap.c
Hunk #1 FAILED at 46.
Hunk #2 FAILED at 76.
Hunk #3 FAILED at 134.
Hunk #4 FAILED at 144.
Hunk #5 FAILED at 166.
Hunk #6 FAILED at 176.
Hunk #7 FAILED at 197.
Hunk #8 FAILED at 212.
Hunk #9 FAILED at 232.
Hunk #10 FAILED at 257.
Hunk #11 FAILED at 278.
Hunk #12 FAILED at 343.
Hunk #13 FAILED at 351.
Hunk #14 FAILED at 405.
Hunk #15 FAILED at 416.
15 out of 15 hunks FAILED -- rejects in file libfreerdp/codec/include/bitmap.c
patching file libfreerdp/codec/interleaved.c
Hunk #1 succeeded at 26 (offset 1 line).
Hunk #2 succeeded at 334 with fuzz 2 (offset 198 lines).
Hunk #3 FAILED at 244.
Hunk #4 FAILED at 268.
Hunk #5 FAILED at 292.
3 out of 5 hunks FAILED -- rejects in file libfreerdp/codec/interleaved.c
Patch freerdp-CVE-2023-40574-to-2023-40576.patch does not apply (enforce with -f)
In general, I fully trust you and this project, that those issues are addressed in the best possible way, but what puzzles me is that those CVE numbers are not mentioned in the stable-2.0 git log. Can you briefly share your thoughts on this, or should I open another issue regarding this?
Distributions tend to be relatively touchy about CVE numbers these days... 😉
@frispete in 2.11.6
we backported the whole interleaved.c
and include/bitmap.c
from 3.5.0 with all patches included. (we did quite a rewrite as there were multiple issues with that decoder)
it solves two things, 1 your bug you reported here, 2. out of bound access just like for 3.5.0
Yep, I see.
Just saying, that you may want to mention somewhere, that these changes fixes CVE-2023-40574, CVE-2023-40575 and CVE-2023-40576 as well to make those silly vulnerability crap*scanners happy.