From 5e89424129c99fb7a052d9840c2e735532291ce6 Mon Sep 17 00:00:00 2001
From: speidy <speidy@gmail.com>
Date: Mon, 15 Dec 2014 22:12:16 +0200
Subject: [PATCH] libxrdp: fix for 'low' RDP security level (issue #202)

---
 libxrdp/xrdp_sec.c | 77 +++++++++++++++++++++++++---------------------
 1 file changed, 42 insertions(+), 35 deletions(-)

diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
index b0291ef9..26158f5e 100644
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -480,17 +480,21 @@ xrdp_sec_init(struct xrdp_sec *self, struct stream *s)
         return 1;
     }
 
-    if (self->crypt_level == CRYPT_LEVEL_FIPS)
-    {
-        s_push_layer(s, sec_hdr, 4 + 4 + 8);
-    }
-    else if (self->crypt_level > CRYPT_LEVEL_LOW)
-    {
-        s_push_layer(s, sec_hdr, 4 + 8);
-    }
-    else
-    {
-    }
+	if (self->crypt_level > CRYPT_LEVEL_NONE) /* RDP encryption */
+	{
+		if (self->crypt_level == CRYPT_LEVEL_FIPS)
+		{
+			s_push_layer(s, sec_hdr, 4 + 4 + 8);
+		}
+		else if (self->crypt_level > CRYPT_LEVEL_LOW)
+		{
+			s_push_layer(s, sec_hdr, 4 + 8);
+		}
+		else if (self->crypt_level)
+		{
+			s_push_layer(s, sec_hdr, 4);
+		}
+	}
 
     return 0;
 }
@@ -1408,30 +1412,33 @@ xrdp_sec_send(struct xrdp_sec *self, struct stream *s, int chan)
     DEBUG((" in xrdp_sec_send"));
     s_pop_layer(s, sec_hdr);
 
-    if (self->crypt_level == CRYPT_LEVEL_FIPS)
-    {
-        LLOGLN(10, ("xrdp_sec_send: fips"));
-        out_uint32_le(s, SEC_ENCRYPT);
-        datalen = (int)((s->end - s->p) - 12);
-        out_uint16_le(s, 16); /* crypto header size */
-        out_uint8(s, 1); /* fips version */
-        pad = (8 - (datalen % 8)) & 7;
-        g_memset(s->end, 0, pad);
-        s->end += pad;
-        out_uint8(s, pad); /* fips pad */
-        xrdp_sec_fips_sign(self, s->p, 8, s->p + 8, datalen);
-        xrdp_sec_fips_encrypt(self, s->p + 8, datalen + pad);
-    }
-    else if (self->crypt_level > CRYPT_LEVEL_LOW)
-    {
-        out_uint32_le(s, SEC_ENCRYPT);
-        datalen = (int)((s->end - s->p) - 8);
-        xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen);
-        xrdp_sec_encrypt(self, s->p + 8, datalen);
-    }
-    else
-    {
-//        out_uint32_le(s, 0);
+    if (self->crypt_level > CRYPT_LEVEL_NONE)
+    {
+		if (self->crypt_level == CRYPT_LEVEL_FIPS)
+		{
+			LLOGLN(10, ("xrdp_sec_send: fips"));
+			out_uint32_le(s, SEC_ENCRYPT);
+			datalen = (int)((s->end - s->p) - 12);
+			out_uint16_le(s, 16); /* crypto header size */
+			out_uint8(s, 1); /* fips version */
+			pad = (8 - (datalen % 8)) & 7;
+			g_memset(s->end, 0, pad);
+			s->end += pad;
+			out_uint8(s, pad); /* fips pad */
+			xrdp_sec_fips_sign(self, s->p, 8, s->p + 8, datalen);
+			xrdp_sec_fips_encrypt(self, s->p + 8, datalen + pad);
+		}
+		else if (self->crypt_level > CRYPT_LEVEL_LOW)
+		{
+			out_uint32_le(s, SEC_ENCRYPT);
+			datalen = (int)((s->end - s->p) - 8);
+			xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen);
+			xrdp_sec_encrypt(self, s->p + 8, datalen);
+		}
+		else
+		{
+			out_uint32_le(s, 0);
+		}
     }
 
     if (xrdp_mcs_send(self->mcs_layer, s, chan) != 0)