Esempio n. 1
static rfbBool
HandleH264 (rfbClient* client, int rx, int ry, int rw, int rh)
    rfbH264Header hdr;
    char *framedata;

    DebugLog(("Framebuffer update with H264 (x: %d, y: %d, w: %d, h: %d)\n", rx, ry, rw, rh));

    /* First, read the frame size and allocate buffer to store the data */
    if (!ReadFromRFBServer(client, (char *)&hdr, sz_rfbH264Header))
        return FALSE;

    hdr.slice_type = rfbClientSwap32IfLE(hdr.slice_type);
    hdr.nBytes = rfbClientSwap32IfLE(hdr.nBytes);
    hdr.width = rfbClientSwap32IfLE(hdr.width);
    hdr.height = rfbClientSwap32IfLE(hdr.height);

    framedata = (char*) malloc(hdr.nBytes);

    /* Obtain frame data from the server */
    DebugLog(("Reading %d bytes of frame data (type: %d)\n", hdr.nBytes, hdr.slice_type));
    if (!ReadFromRFBServer(client, framedata, hdr.nBytes))
        return FALSE;

    /* First make sure we have a large enough raw buffer to hold the
     * decompressed data.  In practice, with a fixed BPP, fixed frame
     * buffer size and the first update containing the entire frame
     * buffer, this buffer allocation should only happen once, on the
     * first update.
    if ( client->raw_buffer_size < (( rw * rh ) * ( BPP / 8 ))) {
        if ( client->raw_buffer != NULL ) {
            free( client->raw_buffer );

        client->raw_buffer_size = (( rw * rh ) * ( BPP / 8 ));
        client->raw_buffer = (char*) malloc( client->raw_buffer_size );
        rfbClientLog("Allocated raw buffer of %d bytes (%dx%dx%d BPP)\n", client->raw_buffer_size, rw, rh, BPP);

    /* Decode frame if frame data was sent. Server only sends frame data for the first
     * framebuffer update message for a particular frame buffer contents.
     * If more than 1 rectangle is updated, the messages after the first one (with
     * the H.264 frame) have nBytes == 0.
    if (hdr.nBytes > 0) {
        DebugLog(("  decoding %d bytes of H.264 data\n", hdr.nBytes));
        h264_decode_frame(hdr.width, hdr.height, framedata, hdr.nBytes, hdr.slice_type);

    DebugLog(("  updating rectangle (%d, %d)-(%d, %d)\n", rx, ry, rw, rh));
    put_updated_rectangle(client, rx, ry, rw, rh, hdr.width, hdr.height, hdr.nBytes != 0);


    return TRUE;
Esempio n. 2
static rfbBool handleBackChannelMessage(rfbClient* client,
	rfbServerToClientMsg* message)
	backChannelMsg msg;
	char* text;

	if(message->type != rfbBackChannel)
		return FALSE;

	rfbClientSetClientData(client, sendMessage, sendMessage);

	if(!ReadFromRFBServer(client, ((char*)&msg)+1, sizeof(msg)-1))
		return TRUE;
	msg.size = rfbClientSwap32IfLE(msg.size);
	text = malloc(msg.size);
	if(!ReadFromRFBServer(client, text, msg.size)) {
		return TRUE;

	rfbClientLog("got back channel message: %s\n", text);

	return TRUE;
Esempio n. 3
static void sendMessage(rfbClient* client, char* text)
	backChannelMsg msg;
	uint32_t length = strlen(text)+1;

	msg.type = rfbBackChannel;
	msg.size = rfbClientSwap32IfLE(length);
	if(!WriteToRFBServer(client, (char*)&msg, sizeof(msg)) ||
			!WriteToRFBServer(client, text, length)) {
		rfbClientLog("enableBackChannel: write error (%d: %s)", errno, strerror(errno));
Esempio n. 4
ReadFromRFBServer(rfbClient* client, char *out, unsigned int n)
	char* oout=out;
	int nn=n;
	rfbClientLog("ReadFromRFBServer %d bytes\n",n);
  if (client->serverPort==-1) {
    /* vncrec playing */
    rfbVNCRec* rec = client->vncRec;
    struct timeval tv;

    if (rec->readTimestamp) {
      rec->readTimestamp = FALSE;
      if (!fread(&tv,sizeof(struct timeval),1,rec->file))
        return FALSE;

      tv.tv_sec = rfbClientSwap32IfLE (tv.tv_sec);
      tv.tv_usec = rfbClientSwap32IfLE (tv.tv_usec);

      if (rec->tv.tv_sec!=0 && !rec->doNotSleep) {
        struct timeval diff;
        diff.tv_sec = tv.tv_sec - rec->tv.tv_sec;
        diff.tv_usec = tv.tv_usec - rec->tv.tv_usec;
        if(diff.tv_usec<0) {
#ifndef __MINGW32__
        sleep (diff.tv_sec);
        usleep (diff.tv_usec);
	Sleep (diff.tv_sec * 1000 + diff.tv_usec/1000);

    return (fread(out,1,n,rec->file) != n ? FALSE : TRUE);
  if (n <= client->buffered) {
    memcpy(out, client->bufoutptr, n);
    client->bufoutptr += n;
    client->buffered -= n;
    goto hexdump;
    return TRUE;

  memcpy(out, client->bufoutptr, client->buffered);

  out += client->buffered;
  n -= client->buffered;

  client->bufoutptr = client->buf;
  client->buffered = 0;

  if (n <= RFB_BUF_SIZE) {

    while (client->buffered < n) {
      int i;
      if (client->tlsSession) {
        i = ReadFromTLS(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
      } else {
        i = read(client->sock, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
      if (i <= 0) {
	if (i < 0) {
#ifdef WIN32
	  if (errno == EWOULDBLOCK || errno == EAGAIN) {
	    /* TODO:
	    WaitForMessage(client, 100000);
	    i = 0;
	  } else {
	    rfbClientErr("read (%d: %s)\n",errno,strerror(errno));
	    return FALSE;
	} else {
	  if (errorMessageOnReadFailure) {
	    rfbClientLog("VNC server closed connection\n");
	  return FALSE;
      client->buffered += i;

    memcpy(out, client->bufoutptr, n);
    client->bufoutptr += n;
    client->buffered -= n;

  } else {

    while (n > 0) {
      int i;
      if (client->tlsSession) {
        i = ReadFromTLS(client, out, n);
      } else {
        i = read(client->sock, out, n);

      if (i <= 0) {
	if (i < 0) {
#ifdef WIN32
	  if (errno == EWOULDBLOCK || errno == EAGAIN) {
	    /* TODO:
	    WaitForMessage(client, 100000);
	    i = 0;
	  } else {
	    rfbClientErr("read (%s)\n",strerror(errno));
	    return FALSE;
	} else {
	  if (errorMessageOnReadFailure) {
	    rfbClientLog("VNC server closed connection\n");
	  return FALSE;
      out += i;
      n -= i;

  { int ii;
      fprintf(stderr,"%02x ",(unsigned char)oout[ii]);

  return TRUE;
Esempio n. 5
static rfbBool handleEncodingLZORLE( rfbClient *client,
										rfbFramebufferUpdateRectHeader *r )
	if( r->encoding != rfbEncodingLZORLE )
		return false;

	uint16_t rx = r->r.x;
	uint16_t ry = r->r.y;
	const uint16_t rw = r->r.w;
	const uint16_t rh = r->r.h;

	RfbLZORLE::Header hdr;
	if( !ReadFromRFBServer( client, (char *) &hdr, sizeof( hdr ) ) )
		qWarning( "failed reading RfbLZORLE::Header from server" );
		return false;

	if( !hdr.compressed )
		return handleRaw( client, rx, ry, rw, rh );

	hdr.bytesLZO = rfbClientSwap32IfLE( hdr.bytesLZO );
	hdr.bytesRLE = rfbClientSwap32IfLE( hdr.bytesRLE );

	auto lzo_data = new uint8_t[hdr.bytesLZO];

	if( !ReadFromRFBServer( client, (char *) lzo_data, hdr.bytesLZO ) )
		qWarning( "failed reading LZO data from server" );
		delete[] lzo_data;
		return false;

	auto rle_data = new uint8_t[hdr.bytesRLE];

	lzo_uint decomp_bytes = hdr.bytesRLE;
	lzo1x_decompress_safe( (const unsigned char *) lzo_data,
				(lzo_uint) hdr.bytesLZO,
				(unsigned char *) rle_data,
				(lzo_uint *) &decomp_bytes, nullptr );
	if( decomp_bytes != hdr.bytesRLE )
		delete[] rle_data;
		delete[] lzo_data;
		qCritical( "handleEncodingLZORLE(...): expected and real "
					"size of decompressed data do not match!" );
		return false;

	QRgb *dst = ( (QRgb *) client->frameBuffer ) + client->width*ry + rx;
	int dx = 0;
	bool done = FALSE;
	const int sh = client->height;
	for( uint32_t i = 0; i < hdr.bytesRLE && done == false; i+=4 )
		const QRgb val = rfbClientSwap24IfLE( *( (QRgb*)( rle_data + i ) ) );
		const uint8_t rleCount = rle_data[i+3];
		for( uint16_t j = 0; j <= rleCount; ++j )
			*dst = val;
			if( ++dx >= rw )
				dx = 0;
				if( ry+1 < sh )
					dst = ( (QRgb *) client->frameBuffer ) + client->width*ry + rx;
					done = true;

	if( dx != 0 )
		qWarning( "handleEncodingLZORLE(...): dx(%d) != 0", dx );

	delete[] lzo_data;
	delete[] rle_data;

	return true;
Esempio n. 6
/* VeNCrypt sub auth. 1 byte auth count, followed by count * 4 byte integers */
static rfbBool
ReadVeNCryptSecurityType(rfbClient* client, uint32_t *result)
    uint8_t count=0;
    uint8_t loop=0;
    uint8_t flag=0;
    uint32_t tAuth[256], t;
    char buf1[500],buf2[10];
    uint32_t authScheme;

    if (!ReadFromRFBServer(client, (char *)&count, 1)) return FALSE;

    if (count==0)
        rfbClientLog("List of security types is ZERO. Giving up.\n");
        return FALSE;

    if (count>sizeof(tAuth))
        rfbClientLog("%d security types are too many; maximum is %d\n", count, sizeof(tAuth));
        return FALSE;

    rfbClientLog("We have %d security types to read\n", count);
    /* now, we have a list of available security types to read ( uint8_t[] ) */
    for (loop=0;loop<count;loop++)
        if (!ReadFromRFBServer(client, (char *)&tAuth[loop], 4)) return FALSE;
        rfbClientLog("%d) Received security type %d\n", loop, t);
        if (flag) continue;
        if (t==rfbVeNCryptTLSNone ||
            t==rfbVeNCryptTLSVNC ||
            t==rfbVeNCryptTLSPlain ||
            t==rfbVeNCryptX509None ||
            t==rfbVeNCryptX509VNC ||
            rfbClientLog("Selecting security type %d (%d/%d in the list)\n", authScheme, loop, count);
            /* send back 4 bytes (in original byte order!) indicating which security type to use */
            if (!WriteToRFBServer(client, (char *)&tAuth[loop], 4)) return FALSE;
    if (authScheme==0)
        memset(buf1, 0, sizeof(buf1));
        for (loop=0;loop<count;loop++)
            if (strlen(buf1)>=sizeof(buf1)-1) break;
            snprintf(buf2, sizeof(buf2), (loop>0 ? ", %d" : "%d"), (int)tAuth[loop]);
            strncat(buf1, buf2, sizeof(buf1)-strlen(buf1)-1);
        rfbClientLog("Unknown VeNCrypt authentication scheme from VNC server: %s\n",
        return FALSE;
    *result = authScheme;
    return TRUE;
Esempio n. 7
static rfbBool
HandleZRLE (rfbClient* client, int rx, int ry, int rw, int rh)
	rfbZRLEHeader header;
	int remaining;
	int inflateResult;
	int toRead;
	int min_buffer_size = rw * rh * (REALBPP / 8) * 2;

	/* First make sure we have a large enough raw buffer to hold the
	 * decompressed data.  In practice, with a fixed REALBPP, fixed frame
	 * buffer size and the first update containing the entire frame
	 * buffer, this buffer allocation should only happen once, on the
	 * first update.
	if ( client->raw_buffer_size < min_buffer_size) {

		if ( client->raw_buffer != NULL ) {

			free( client->raw_buffer );


		client->raw_buffer_size = min_buffer_size;
		client->raw_buffer = (char*) malloc( client->raw_buffer_size );


	if (!ReadFromRFBServer(client, (char *)&header, sz_rfbZRLEHeader))
		return FALSE;

	remaining = rfbClientSwap32IfLE(header.length);

	/* Need to initialize the decompressor state. */
	client->decompStream.next_in   = ( Bytef * )client->buffer;
	client->decompStream.avail_in  = 0;
	client->decompStream.next_out  = ( Bytef * )client->raw_buffer;
	client->decompStream.avail_out = client->raw_buffer_size;
	client->decompStream.data_type = Z_BINARY;

	/* Initialize the decompression stream structures on the first invocation. */
	if ( client->decompStreamInited == FALSE ) {

		inflateResult = inflateInit( &client->decompStream );

		if ( inflateResult != Z_OK ) {
					"inflateInit returned error: %d, msg: %s\n",
			return FALSE;

		client->decompStreamInited = TRUE;


	inflateResult = Z_OK;

	/* Process buffer full of data until no more to process, or
	 * some type of inflater error, or Z_STREAM_END.
	while (( remaining > 0 ) &&
			( inflateResult == Z_OK )) {

		if ( remaining > RFB_BUFFER_SIZE ) {
			toRead = RFB_BUFFER_SIZE;
		else {
			toRead = remaining;

		/* Fill the buffer, obtaining data from the server. */
		if (!ReadFromRFBServer(client, client->buffer,toRead))
			return FALSE;

		client->decompStream.next_in  = ( Bytef * )client->buffer;
		client->decompStream.avail_in = toRead;

		/* Need to uncompress buffer full. */
		inflateResult = inflate( &client->decompStream, Z_SYNC_FLUSH );

		/* We never supply a dictionary for compression. */
		if ( inflateResult == Z_NEED_DICT ) {
			rfbClientLog("zlib inflate needs a dictionary!\n");
			return FALSE;
		if ( inflateResult < 0 ) {
					"zlib inflate returned error: %d, msg: %s\n",
			return FALSE;

		/* Result buffer allocated to be at least large enough.  We should
		 * never run out of space!
		if (( client->decompStream.avail_in > 0 ) &&
				( client->decompStream.avail_out <= 0 )) {
			rfbClientLog("zlib inflate ran out of space!\n");
			return FALSE;

		remaining -= toRead;

	} /* while ( remaining > 0 ) */

	if ( inflateResult == Z_OK ) {
		char* buf=client->raw_buffer;
		int i,j;

		remaining = client->raw_buffer_size-client->decompStream.avail_out;

		for(j=0; j<rh; j+=rfbZRLETileHeight)
			for(i=0; i<rw; i+=rfbZRLETileWidth) {
				int subWidth=(i+rfbZRLETileWidth>rw)?rw-i:rfbZRLETileWidth;
				int subHeight=(j+rfbZRLETileHeight>rh)?rh-j:rfbZRLETileHeight;
				int result=HandleZRLETile(client,(uint8_t *)buf,remaining,rx+i,ry+j,subWidth,subHeight);

				if(result<0) {
					rfbClientLog("ZRLE decoding failed (%d)\n",result);
return TRUE;
					return FALSE;

	else {

				"zlib inflate returned error: %d, msg: %s\n",
		return FALSE;


	return TRUE;
Esempio n. 8
static rfbBool
HandleZlibBPP (rfbClient* client, int rx, int ry, int rw, int rh)
  rfbZlibHeader hdr;
  int remaining;
  int inflateResult;
  int toRead;

  /* First make sure we have a large enough raw buffer to hold the
   * decompressed data.  In practice, with a fixed BPP, fixed frame
   * buffer size and the first update containing the entire frame
   * buffer, this buffer allocation should only happen once, on the
   * first update.
  if ( client->raw_buffer_size < (( rw * rh ) * ( BPP / 8 ))) {

    if ( client->raw_buffer != NULL ) {

      free( client->raw_buffer );


    client->raw_buffer_size = (( rw * rh ) * ( BPP / 8 ));
    client->raw_buffer = (char*) malloc( client->raw_buffer_size );


  if (!ReadFromRFBServer(client, (char *)&hdr, sz_rfbZlibHeader))
    return FALSE;

  remaining = rfbClientSwap32IfLE(hdr.nBytes);

  /* Need to initialize the decompressor state. */
  client->decompStream.next_in   = ( Bytef * )client->buffer;
  client->decompStream.avail_in  = 0;
  client->decompStream.next_out  = ( Bytef * )client->raw_buffer;
  client->decompStream.avail_out = client->raw_buffer_size;
  client->decompStream.data_type = Z_BINARY;

  /* Initialize the decompression stream structures on the first invocation. */
  if ( client->decompStreamInited == FALSE ) {

    inflateResult = inflateInit( &client->decompStream );

    if ( inflateResult != Z_OK ) {
              "inflateInit returned error: %d, msg: %s\n",
      return FALSE;

    client->decompStreamInited = TRUE;


  inflateResult = Z_OK;

  /* Process buffer full of data until no more to process, or
   * some type of inflater error, or Z_STREAM_END.
  while (( remaining > 0 ) &&
         ( inflateResult == Z_OK )) {
    if ( remaining > RFB_BUFFER_SIZE ) {
      toRead = RFB_BUFFER_SIZE;
    else {
      toRead = remaining;

    /* Fill the buffer, obtaining data from the server. */
    if (!ReadFromRFBServer(client, client->buffer,toRead))
      return FALSE;

    client->decompStream.next_in  = ( Bytef * )client->buffer;
    client->decompStream.avail_in = toRead;

    /* Need to uncompress buffer full. */
    inflateResult = inflate( &client->decompStream, Z_SYNC_FLUSH );

    /* We never supply a dictionary for compression. */
    if ( inflateResult == Z_NEED_DICT ) {
      rfbClientLog("zlib inflate needs a dictionary!\n");
      return FALSE;
    if ( inflateResult < 0 ) {
              "zlib inflate returned error: %d, msg: %s\n",
      return FALSE;

    /* Result buffer allocated to be at least large enough.  We should
     * never run out of space!
    if (( client->decompStream.avail_in > 0 ) &&
        ( client->decompStream.avail_out <= 0 )) {
      rfbClientLog("zlib inflate ran out of space!\n");
      return FALSE;

    remaining -= toRead;

  } /* while ( remaining > 0 ) */

  if ( inflateResult == Z_OK ) {

    /* Put the uncompressed contents of the update on the screen. */
    CopyRectangle(client, (uint8_t *)client->raw_buffer, rx, ry, rw, rh);
  else {

            "zlib inflate returned error: %d, msg: %s\n",
    return FALSE;


  return TRUE;
Esempio n. 9
ReadFromRFBServer(rfbClient* client, char *out, unsigned int n)
	char* oout=out;
	int nn=n;
	rfbClientLog("ReadFromRFBServer %d bytes\n",n);

  /* Handle attempts to write to NULL out buffer that might occur
     when an outside malloc() fails. For instance, memcpy() to NULL
     results in undefined behaviour and probably memory corruption.*/
    return FALSE;

  if (client->serverPort==-1) {
    /* vncrec playing */
    rfbVNCRec* rec = client->vncRec;
    struct timeval tv;

    if (rec->readTimestamp) {
      rec->readTimestamp = FALSE;
      if (!fread(&tv,sizeof(struct timeval),1,rec->file))
        return FALSE;

      tv.tv_sec = rfbClientSwap32IfLE (tv.tv_sec);
      tv.tv_usec = rfbClientSwap32IfLE (tv.tv_usec);

      if (rec->tv.tv_sec!=0 && !rec->doNotSleep) {
        struct timeval diff;
        diff.tv_sec = tv.tv_sec - rec->tv.tv_sec;
        diff.tv_usec = tv.tv_usec - rec->tv.tv_usec;
        if(diff.tv_usec<0) {
#ifndef WIN32
        sleep (diff.tv_sec);
        usleep (diff.tv_usec);
	Sleep (diff.tv_sec * 1000 + diff.tv_usec/1000);

    return (fread(out,1,n,rec->file) != n ? FALSE : TRUE);
  if (n <= client->buffered) {
    memcpy(out, client->bufoutptr, n);
    client->bufoutptr += n;
    client->buffered -= n;
    goto hexdump;
    return TRUE;

  memcpy(out, client->bufoutptr, client->buffered);

  out += client->buffered;
  n -= client->buffered;

  client->bufoutptr = client->buf;
  client->buffered = 0;

  if (n <= RFB_BUF_SIZE) {

    while (client->buffered < n) {
      int i;
      if (client->tlsSession)
        i = ReadFromTLS(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
      if (client->saslconn)
        i = ReadFromSASL(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
      else {
        i = read(client->sock, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
#ifdef WIN32
	if (i < 0) errno=WSAGetLastError();
      if (i <= 0) {
	if (i < 0) {
	  if (errno == EWOULDBLOCK || errno == EAGAIN) {
	    /* TODO:
	    WaitForMessage(client, 100000);
	    i = 0;
	  } else {
	    rfbClientErr("read (%d: %s)\n",errno,strerror(errno));
	    return FALSE;
	} else {
	  if (errorMessageOnReadFailure) {
	    rfbClientLog("VNC server closed connection\n");
	  return FALSE;
      client->buffered += i;

    memcpy(out, client->bufoutptr, n);
    client->bufoutptr += n;
    client->buffered -= n;

  } else {

    while (n > 0) {
      int i;
      if (client->tlsSession)
        i = ReadFromTLS(client, out, n);
      if (client->saslconn)
        i = ReadFromSASL(client, out, n);
        i = read(client->sock, out, n);

      if (i <= 0) {
	if (i < 0) {
#ifdef WIN32
	  if (errno == EWOULDBLOCK || errno == EAGAIN) {
	    /* TODO:
	    WaitForMessage(client, 100000);
	    i = 0;
	  } else {
	    rfbClientErr("read (%s)\n",strerror(errno));
	    return FALSE;
	} else {
	  if (errorMessageOnReadFailure) {
	    rfbClientLog("VNC server closed connection\n");
	  return FALSE;
      out += i;
      n -= i;

  { int ii;
      fprintf(stderr,"%02x ",(unsigned char)oout[ii]);

  return TRUE;