pass struct stream around, don't use just one

21 years ago · 77943e08f9
parent 2ed9412912
commit 77943e08f9
11 changed files with 733 additions and 525 deletions
--- a/xrdp/parse.h
+++ b/xrdp/parse.h
@ -35,6 +35,7 @@ struct stream
  char* sec_hdr;
  char* rdp_hdr;
  char* channel_hdr;
+  char* next_packet;
 };

 #define s_check(s) (s->p <= s->end)
@ -43,6 +44,11 @@ struct stream

 #define s_check_end(s) (s->p == s->end)

+#define make_stream(s) \
+{ \
+  s = (struct stream*)g_malloc(sizeof(struct stream), 1); \
+} \
+
 #define init_stream(s, v) \
 { \
  if (v > s->size) \
@ -53,8 +59,16 @@ struct stream
  s->p = s->data; \
  s->end = s->data; \
  s->size = v; \
+  s->next_packet = 0; \
 }

+#define free_stream(s) \
+{ \
+  if (s != 0) \
+    g_free(s->data); \
+  g_free(s); \
+} \
+
 #define s_push_layer(s, h, n) \
 { \
  s->h = s->p; \
--- a/xrdp/xrdp.h
+++ b/xrdp/xrdp.h
@ -89,48 +89,49 @@ int g_file_lock(int fd, int start, int len);
 /* xrdp_tcp.c */
 struct xrdp_tcp* xrdp_tcp_create(struct xrdp_iso* owner);
 void xrdp_tcp_delete(struct xrdp_tcp* self);
-int xrdp_tcp_init(struct xrdp_tcp* self, int len);
-int xrdp_tcp_recv(struct xrdp_tcp* self, int len);
-int xrdp_tcp_send(struct xrdp_tcp* self);
+int xrdp_tcp_init(struct xrdp_tcp* self, struct stream* s);
+int xrdp_tcp_recv(struct xrdp_tcp* self, struct stream* s, int len);
+int xrdp_tcp_send(struct xrdp_tcp* self, struct stream* s);

 /* xrdp_iso.c */
 struct xrdp_iso* xrdp_iso_create(struct xrdp_mcs* owner);
 void xrdp_iso_delete(struct xrdp_iso* self);
-int xrdp_iso_init(struct xrdp_iso* self, int len);
-int xrdp_iso_recv(struct xrdp_iso* self);
-int xrdp_iso_send(struct xrdp_iso* self);
+int xrdp_iso_init(struct xrdp_iso* self, struct stream* s);
+int xrdp_iso_recv(struct xrdp_iso* self, struct stream* s);
+int xrdp_iso_send(struct xrdp_iso* self, struct stream* s);
 int xrdp_iso_incoming(struct xrdp_iso* self);

 /* xrdp_mcs.c */
 struct xrdp_mcs* xrdp_mcs_create(struct xrdp_sec* owner);
 void xrdp_mcs_delete(struct xrdp_mcs* self);
-int xrdp_mcs_init(struct xrdp_mcs* self, int len);
-int xrdp_mcs_recv(struct xrdp_mcs* self, int* chan);
-int xrdp_mcs_send(struct xrdp_mcs* self);
+int xrdp_mcs_init(struct xrdp_mcs* self, struct stream* s);
+int xrdp_mcs_recv(struct xrdp_mcs* self, struct stream* s, int* chan);
+int xrdp_mcs_send(struct xrdp_mcs* self, struct stream* s);
 int xrdp_mcs_incoming(struct xrdp_mcs* self);
 int xrdp_mcs_disconnect(struct xrdp_mcs* self);

 /* xrdp_sec.c */
 struct xrdp_sec* xrdp_sec_create(struct xrdp_rdp* owner);
 void xrdp_sec_delete(struct xrdp_sec* self);
-int xrdp_sec_init(struct xrdp_sec* self, int len);
-int xrdp_sec_recv(struct xrdp_sec* self, int* chan);
-int xrdp_sec_send(struct xrdp_sec* self, int flags);
-int xrdp_rdp_send_data(struct xrdp_rdp* self, int data_pdu_type);
+int xrdp_sec_init(struct xrdp_sec* self, struct stream* s);
+int xrdp_sec_recv(struct xrdp_sec* self, struct stream* s, int* chan);
+int xrdp_sec_send(struct xrdp_sec* self, struct stream* s, int flags);
 int xrdp_sec_incoming(struct xrdp_sec* self);
 int xrdp_sec_disconnect(struct xrdp_sec* self);

 /* xrdp_rdp.c */
 struct xrdp_rdp* xrdp_rdp_create(struct xrdp_process* owner);
 void xrdp_rdp_delete(struct xrdp_rdp* self);
-int xrdp_rdp_init(struct xrdp_rdp* self, int len);
-int xrdp_rdp_init_data(struct xrdp_rdp* self, int len);
-int xrdp_rdp_recv(struct xrdp_rdp* self, int* code);
-int xrdp_rdp_send(struct xrdp_rdp* self, int pdu_type);
+int xrdp_rdp_init(struct xrdp_rdp* self, struct stream* s);
+int xrdp_rdp_init_data(struct xrdp_rdp* self, struct stream* s);
+int xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code);
+int xrdp_rdp_send(struct xrdp_rdp* self, struct stream* s, int pdu_type);
+int xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s,
+                       int data_pdu_type);
 int xrdp_rdp_incoming(struct xrdp_rdp* self);
 int xrdp_rdp_send_demand_active(struct xrdp_rdp* self);
-int xrdp_rdp_process_confirm_active(struct xrdp_rdp* self);
-int xrdp_rdp_process_data(struct xrdp_rdp* self);
+int xrdp_rdp_process_confirm_active(struct xrdp_rdp* self, struct stream* s);
+int xrdp_rdp_process_data(struct xrdp_rdp* self, struct stream* s);
 int xrdp_rdp_disconnect(struct xrdp_rdp* self);

 /* xrdp_orders.c */
--- a/xrdp/xrdp_iso.c
+++ b/xrdp/xrdp_iso.c
@ -28,8 +28,6 @@ struct xrdp_iso* xrdp_iso_create(struct xrdp_mcs* owner)

  self = (struct xrdp_iso*)g_malloc(sizeof(struct xrdp_iso), 1);
  self->mcs_layer = owner;
-  self->in_s = owner->in_s;
-  self->out_s = owner->out_s;
  self->tcp_layer = xrdp_tcp_create(self);
  return self;
 }
@ -45,42 +43,38 @@ void xrdp_iso_delete(struct xrdp_iso* self)

 /*****************************************************************************/
 /* returns error */
-int xrdp_iso_recv_msg(struct xrdp_iso* self, int* code)
+int xrdp_iso_recv_msg(struct xrdp_iso* self, struct stream* s, int* code)
 {
  int ver;
  int len;

  *code = 0;
-  if (xrdp_tcp_recv(self->tcp_layer, 4) != 0)
+  if (xrdp_tcp_recv(self->tcp_layer, s, 4) != 0)
    return 1;
-  in_uint8(self->in_s, ver);
+  in_uint8(s, ver);
  if (ver != 3)
    return 1;
-  in_uint8s(self->in_s, 1);
-  in_uint16_be(self->in_s, len);
-  if (xrdp_tcp_recv(self->tcp_layer, len - 4) != 0)
+  in_uint8s(s, 1);
+  in_uint16_be(s, len);
+  if (xrdp_tcp_recv(self->tcp_layer, s, len - 4) != 0)
    return 1;
-  in_uint8s(self->in_s, 1);
-  in_uint8(self->in_s, *code);
+  in_uint8s(s, 1);
+  in_uint8(s, *code);
  if (*code == ISO_PDU_DT)
-  {
-    in_uint8s(self->in_s, 1);
-  }
+    in_uint8s(s, 1)
  else
-  {
-    in_uint8s(self->in_s, 5);
-  }
+    in_uint8s(s, 5);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_iso_recv(struct xrdp_iso* self)
+int xrdp_iso_recv(struct xrdp_iso* self, struct stream* s)
 {
  int code;

  DEBUG(("   in xrdp_iso_recv\n\r"));
-  if (xrdp_iso_recv_msg(self, &code) != 0)
+  if (xrdp_iso_recv_msg(self, s, &code) != 0)
    return 1;
  if (code != ISO_PDU_DT)
    return 1;
@ -89,20 +83,20 @@ int xrdp_iso_recv(struct xrdp_iso* self)
 }

 /*****************************************************************************/
-int xrdp_iso_send_msg(struct xrdp_iso* self, int code)
+int xrdp_iso_send_msg(struct xrdp_iso* self, struct stream* s, int code)
 {
-  if (xrdp_tcp_init(self->tcp_layer, 11) != 0)
+  if (xrdp_tcp_init(self->tcp_layer, s) != 0)
    return 1;
-  out_uint8(self->out_s, 3);
-  out_uint8(self->out_s, 0);
-  out_uint16_be(self->out_s, 11); /* length */
-  out_uint8(self->out_s, 8);
-  out_uint8(self->out_s, code);
-  out_uint16_le(self->out_s, 0);
-  out_uint16_le(self->out_s, 0);
-  out_uint8(self->out_s, 0);
-  s_mark_end(self->out_s);
-  if (xrdp_tcp_send(self->tcp_layer) != 0)
+  out_uint8(s, 3);
+  out_uint8(s, 0);
+  out_uint16_be(s, 11); /* length */
+  out_uint8(s, 8);
+  out_uint8(s, code);
+  out_uint16_le(s, 0);
+  out_uint16_le(s, 0);
+  out_uint8(s, 0);
+  s_mark_end(s);
+  if (xrdp_tcp_send(self->tcp_layer, s) != 0)
    return 1;
  return 0;
 }
@ -112,43 +106,56 @@ int xrdp_iso_send_msg(struct xrdp_iso* self, int code)
 int xrdp_iso_incoming(struct xrdp_iso* self)
 {
  int code;
+  struct stream* s;

+  make_stream(s);
+  init_stream(s, 8192);
  DEBUG(("   in xrdp_iso_incoming\n\r"));
-  if (xrdp_iso_recv_msg(self, &code) != 0)
+  if (xrdp_iso_recv_msg(self, s, &code) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
  if (code != ISO_PDU_CR)
+  {
+    free_stream(s);
    return 1;
-  if (xrdp_iso_send_msg(self, ISO_PDU_CC) != 0)
+  }
+  if (xrdp_iso_send_msg(self, s, ISO_PDU_CC) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
  DEBUG(("   out xrdp_iso_incoming\n\r"));
+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_iso_init(struct xrdp_iso* self, int len)
+int xrdp_iso_init(struct xrdp_iso* self, struct stream* s)
 {
-  xrdp_tcp_init(self->tcp_layer, len + 7);
-  s_push_layer(self->out_s, iso_hdr, 7);
+  xrdp_tcp_init(self->tcp_layer, s);
+  s_push_layer(s, iso_hdr, 7);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_iso_send(struct xrdp_iso* self)
+int xrdp_iso_send(struct xrdp_iso* self, struct stream* s)
 {
  int len;

  DEBUG(("   in xrdp_iso_send\n\r"));
-  s_pop_layer(self->out_s, iso_hdr);
-  len = self->out_s->end - self->out_s->p;
-  out_uint8(self->out_s, 3);
-  out_uint8(self->out_s, 0);
-  out_uint16_be(self->out_s, len);
-  out_uint8(self->out_s, 2);
-  out_uint8(self->out_s, ISO_PDU_DT);
-  out_uint8(self->out_s, 0x80);
-  if (xrdp_tcp_send(self->tcp_layer) != 0)
+  s_pop_layer(s, iso_hdr);
+  len = s->end - s->p;
+  out_uint8(s, 3);
+  out_uint8(s, 0);
+  out_uint16_be(s, len);
+  out_uint8(s, 2);
+  out_uint8(s, ISO_PDU_DT);
+  out_uint8(s, 0x80);
+  if (xrdp_tcp_send(self->tcp_layer, s) != 0)
    return 1;
  DEBUG(("   out xrdp_iso_send\n\r"));
  return 0;
--- a/xrdp/xrdp_mcs.c
+++ b/xrdp/xrdp_mcs.c
@ -28,8 +28,6 @@ struct xrdp_mcs* xrdp_mcs_create(struct xrdp_sec* owner)

  self = (struct xrdp_mcs*)g_malloc(sizeof(struct xrdp_mcs), 1);
  self->sec_layer = owner;
-  self->in_s = owner->in_s;
-  self->out_s = owner->out_s;
  self->userid = 1;
  self->chanid = 1001;
  self->client_mcs_data = &owner->client_mcs_data;
@ -51,22 +49,33 @@ void xrdp_mcs_delete(struct xrdp_mcs* self)
 /* returns error */
 int xrdp_mcs_send_cjcf(struct xrdp_mcs* self, int chanid)
 {
-  if (xrdp_iso_init(self->iso_layer, 8) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_iso_init(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint8(self->out_s, (MCS_CJCF << 2) | 2);
-  out_uint8(self->out_s, 0);
-  out_uint16_be(self->out_s, self->userid);
-  out_uint16_be(self->out_s, chanid);
-  out_uint16_be(self->out_s, chanid);
-  s_mark_end(self->out_s);
-  if (xrdp_iso_send(self->iso_layer) != 0)
+  }
+  out_uint8(s, (MCS_CJCF << 2) | 2);
+  out_uint8(s, 0);
+  out_uint16_be(s, self->userid);
+  out_uint16_be(s, chanid);
+  out_uint16_be(s, chanid);
+  s_mark_end(s);
+  if (xrdp_iso_send(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_recv(struct xrdp_mcs* self, int* chan)
+int xrdp_mcs_recv(struct xrdp_mcs* self, struct stream* s, int* chan)
 {
  int appid;
  int opcode;
@ -75,9 +84,9 @@ int xrdp_mcs_recv(struct xrdp_mcs* self, int* chan)
  DEBUG(("  in xrdp_mcs_recv\n\r"));
  while (1)
  {
-    if (xrdp_iso_recv(self->iso_layer) != 0)
+    if (xrdp_iso_recv(self->iso_layer, s) != 0)
      return 1;
-    in_uint8(self->in_s, opcode);
+    in_uint8(s, opcode);
    appid = opcode >> 2;
    if (appid == MCS_DPUM)
      return 1;
@ -93,19 +102,20 @@ int xrdp_mcs_recv(struct xrdp_mcs* self, int* chan)
    DEBUG(("  out xrdp_mcs_recv err got 0x%x need MCS_SDRQ\n\r", appid));
    return 1;
  }
-  in_uint8s(self->in_s, 2);
-  in_uint16_be(self->in_s, *chan);
-  in_uint8s(self->in_s, 1);
-  in_uint8(self->in_s, len);
+  in_uint8s(s, 2);
+  in_uint16_be(s, *chan);
+  in_uint8s(s, 1);
+  in_uint8(s, len);
  if (len & 0x80)
-    in_uint8s(self->in_s, 1);
+    in_uint8s(s, 1);
  DEBUG(("  out xrdp_mcs_recv\n\r"));
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_ber_parse_header(struct xrdp_mcs* self, int tag_val, int* len)
+int xrdp_mcs_ber_parse_header(struct xrdp_mcs* self, struct stream* s,
+                              int tag_val, int* len)
 {
  int tag;
  int l;
@ -113,29 +123,29 @@ int xrdp_mcs_ber_parse_header(struct xrdp_mcs* self, int tag_val, int* len)

  if (tag_val > 0xff)
  {
-    in_uint16_be(self->in_s, tag);
+    in_uint16_be(s, tag);
  }
  else
  {
-    in_uint8(self->in_s, tag);
+    in_uint8(s, tag);
  }
  if (tag != tag_val)
    return 1;
-  in_uint8(self->in_s, l);
+  in_uint8(s, l);
  if (l & 0x80)
  {
    l = l & ~0x80;
    *len = 0;
    while (l > 0)
    {
-      in_uint8(self->in_s, i);
+      in_uint8(s, i);
      *len = (*len << 8) | i;
      l--;
    }
  }
  else
    *len = l;
-  if (s_check(self->in_s))
+  if (s_check(s))
    return 0;
  else
    return 1;
@ -143,14 +153,14 @@ int xrdp_mcs_ber_parse_header(struct xrdp_mcs* self, int tag_val, int* len)

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_parse_domain_params(struct xrdp_mcs* self)
+int xrdp_mcs_parse_domain_params(struct xrdp_mcs* self, struct stream* s)
 {
  int len;

-  if (xrdp_mcs_ber_parse_header(self, MCS_TAG_DOMAIN_PARAMS, &len) != 0)
+  if (xrdp_mcs_ber_parse_header(self, s, MCS_TAG_DOMAIN_PARAMS, &len) != 0)
    return 1;
-  in_uint8s(self->in_s, len);
-  if (s_check(self->in_s))
+  in_uint8s(s, len);
+  if (s_check(s))
    return 0;
  else
    return 1;
@ -161,37 +171,73 @@ int xrdp_mcs_parse_domain_params(struct xrdp_mcs* self)
 int xrdp_mcs_recv_connect_initial(struct xrdp_mcs* self)
 {
  int len;
+  struct stream* s;

-  if (xrdp_iso_recv(self->iso_layer) != 0)
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_iso_recv(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  if (xrdp_mcs_ber_parse_header(self, MCS_CONNECT_INITIAL, &len) != 0)
+  }
+  if (xrdp_mcs_ber_parse_header(self, s, MCS_CONNECT_INITIAL, &len) != 0)
+  {
+    free_stream(s);
    return 1;
-  if (xrdp_mcs_ber_parse_header(self, BER_TAG_OCTET_STRING, &len) != 0)
+  }
+  if (xrdp_mcs_ber_parse_header(self, s, BER_TAG_OCTET_STRING, &len) != 0)
+  {
+    free_stream(s);
    return 1;
-  in_uint8s(self->in_s, len);
-  if (xrdp_mcs_ber_parse_header(self, BER_TAG_OCTET_STRING, &len) != 0)
+  }
+  in_uint8s(s, len);
+  if (xrdp_mcs_ber_parse_header(self, s, BER_TAG_OCTET_STRING, &len) != 0)
+  {
+    free_stream(s);
    return 1;
-  in_uint8s(self->in_s, len);
-  if (xrdp_mcs_ber_parse_header(self, BER_TAG_BOOLEAN, &len) != 0)
+  }
+  in_uint8s(s, len);
+  if (xrdp_mcs_ber_parse_header(self, s, BER_TAG_BOOLEAN, &len) != 0)
+  {
+    free_stream(s);
    return 1;
-  in_uint8s(self->in_s, len);
-  if (xrdp_mcs_parse_domain_params(self) != 0)
+  }
+  in_uint8s(s, len);
+  if (xrdp_mcs_parse_domain_params(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  if (xrdp_mcs_parse_domain_params(self) != 0)
+  }
+  if (xrdp_mcs_parse_domain_params(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  if (xrdp_mcs_parse_domain_params(self) != 0)
+  }
+  if (xrdp_mcs_parse_domain_params(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  if (xrdp_mcs_ber_parse_header(self, BER_TAG_OCTET_STRING, &len) != 0)
+  }
+  if (xrdp_mcs_ber_parse_header(self, s, BER_TAG_OCTET_STRING, &len) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
  /* make a copy of client mcs data */
  init_stream(self->client_mcs_data, len);
-  out_uint8a(self->client_mcs_data, self->in_s->p, len);
-  in_uint8s(self->in_s, len);
+  out_uint8a(self->client_mcs_data, s->p, len);
+  in_uint8s(s, len);
  s_mark_end(self->client_mcs_data);
-  if (s_check_end(self->in_s))
+  if (s_check_end(s))
+  {
+    free_stream(s);
    return 0;
+  }
  else
+  {
+    free_stream(s);
    return 1;
+  }
 }

 /*****************************************************************************/
@ -199,20 +245,33 @@ int xrdp_mcs_recv_connect_initial(struct xrdp_mcs* self)
 int xrdp_mcs_recv_edrq(struct xrdp_mcs* self)
 {
  int opcode;
+  struct stream* s;

-  if (xrdp_iso_recv(self->iso_layer) != 0)
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_iso_recv(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  in_uint8(self->in_s, opcode);
+  }
+  in_uint8(s, opcode);
  if ((opcode >> 2) != MCS_EDRQ)
+  {
+    free_stream(s);
    return 1;
-  in_uint8s(self->in_s, 2);
-  in_uint8s(self->in_s, 2);
+  }
+  in_uint8s(s, 2);
+  in_uint8s(s, 2);
  if (opcode & 2)
  {
-    in_uint16_be(self->in_s, self->userid);
+    in_uint16_be(s, self->userid);
  }
-  if (!(s_check_end(self->in_s)))
+  if (!(s_check_end(s)))
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

@ -221,18 +280,31 @@ int xrdp_mcs_recv_edrq(struct xrdp_mcs* self)
 int xrdp_mcs_recv_aurq(struct xrdp_mcs* self)
 {
  int opcode;
+  struct stream* s;

-  if (xrdp_iso_recv(self->iso_layer) != 0)
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_iso_recv(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  in_uint8(self->in_s, opcode);
+  }
+  in_uint8(s, opcode);
  if ((opcode >> 2) != MCS_AURQ)
+  {
+    free_stream(s);
    return 1;
+  }
  if (opcode & 2)
  {
-    in_uint16_be(self->in_s, self->userid);
+    in_uint16_be(s, self->userid);
  }
-  if (!(s_check_end(self->in_s)))
+  if (!(s_check_end(s)))
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

@ -240,14 +312,25 @@ int xrdp_mcs_recv_aurq(struct xrdp_mcs* self)
 /* returns error */
 int xrdp_mcs_send_aucf(struct xrdp_mcs* self)
 {
-  if (xrdp_iso_init(self->iso_layer, 4) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_iso_init(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint8(self->out_s, ((MCS_AUCF << 2) | 2));
-  out_uint8s(self->out_s, 1);
-  out_uint16_be(self->out_s, self->userid);
-  s_mark_end(self->out_s);
-  if (xrdp_iso_send(self->iso_layer) != 0)
+  }
+  out_uint8(s, ((MCS_AUCF << 2) | 2));
+  out_uint8s(s, 1);
+  out_uint16_be(s, self->userid);
+  s_mark_end(s);
+  if (xrdp_iso_send(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

@ -256,91 +339,106 @@ int xrdp_mcs_send_aucf(struct xrdp_mcs* self)
 int xrdp_mcs_recv_cjrq(struct xrdp_mcs* self)
 {
  int opcode;
+  struct stream* s;

-  if (xrdp_iso_recv(self->iso_layer) != 0)
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_iso_recv(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  in_uint8(self->in_s, opcode);
+  }
+  in_uint8(s, opcode);
  if ((opcode >> 2) != MCS_CJRQ)
+  {
+    free_stream(s);
    return 1;
-  in_uint8s(self->in_s, 4);
+  }
+  in_uint8s(s, 4);
  if (opcode & 2)
  {
-    in_uint8s(self->in_s, 2);
+    in_uint8s(s, 2);
  }
-  if (!(s_check_end(self->in_s)))
+  if (!(s_check_end(s)))
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_ber_out_header(struct xrdp_mcs* self, int tag_val, int len)
+int xrdp_mcs_ber_out_header(struct xrdp_mcs* self, struct stream* s,
+                            int tag_val, int len)
 {
  if (tag_val > 0xff)
  {
-    out_uint16_be(self->out_s, tag_val);
+    out_uint16_be(s, tag_val);
  }
  else
  {
-    out_uint8(self->out_s, tag_val);
+    out_uint8(s, tag_val);
  }
  if (len >= 0x80)
  {
-    out_uint8(self->out_s, 0x82);
-    out_uint16_be(self->out_s, len);
+    out_uint8(s, 0x82);
+    out_uint16_be(s, len);
  }
  else
  {
-    out_uint8(self->out_s, len);
+    out_uint8(s, len);
  }
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_ber_out_int8(struct xrdp_mcs* self, int value)
+int xrdp_mcs_ber_out_int8(struct xrdp_mcs* self, struct stream* s, int value)
 {
-  xrdp_mcs_ber_out_header(self, BER_TAG_INTEGER, 1);
-  out_uint8(self->out_s, value);
+  xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 1);
+  out_uint8(s, value);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_ber_out_int16(struct xrdp_mcs* self, int value)
+int xrdp_mcs_ber_out_int16(struct xrdp_mcs* self, struct stream* s, int value)
 {
-  xrdp_mcs_ber_out_header(self, BER_TAG_INTEGER, 2);
-  out_uint8(self->out_s, value >> 8);
-  out_uint8(self->out_s, value);
+  xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 2);
+  out_uint8(s, (value >> 8));
+  out_uint8(s, value);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_ber_out_int24(struct xrdp_mcs* self, int value)
+int xrdp_mcs_ber_out_int24(struct xrdp_mcs* self, struct stream* s, int value)
 {
-  xrdp_mcs_ber_out_header(self, BER_TAG_INTEGER, 3);
-  out_uint8(self->out_s, value >> 16);
-  out_uint8(self->out_s, value >> 8);
-  out_uint8(self->out_s, value);
+  xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 3);
+  out_uint8(s, (value >> 16));
+  out_uint8(s, (value >> 8));
+  out_uint8(s, value);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_out_domain_params(struct xrdp_mcs* self, int max_channels,
+int xrdp_mcs_out_domain_params(struct xrdp_mcs* self, struct stream* s,
+                               int max_channels,
                               int max_users, int max_tokens,
                               int max_pdu_size)
 {
-  xrdp_mcs_ber_out_header(self, MCS_TAG_DOMAIN_PARAMS, 26);
-  xrdp_mcs_ber_out_int8(self, max_channels);
-  xrdp_mcs_ber_out_int8(self, max_users);
-  xrdp_mcs_ber_out_int8(self, max_tokens);
-  xrdp_mcs_ber_out_int8(self, 1);
-  xrdp_mcs_ber_out_int8(self, 0);
-  xrdp_mcs_ber_out_int8(self, 1);
-  xrdp_mcs_ber_out_int24(self, max_pdu_size);
-  xrdp_mcs_ber_out_int8(self, 2);
+  xrdp_mcs_ber_out_header(self, s, MCS_TAG_DOMAIN_PARAMS, 26);
+  xrdp_mcs_ber_out_int8(self, s, max_channels);
+  xrdp_mcs_ber_out_int8(self, s, max_users);
+  xrdp_mcs_ber_out_int8(self, s, max_tokens);
+  xrdp_mcs_ber_out_int8(self, s, 1);
+  xrdp_mcs_ber_out_int8(self, s, 0);
+  xrdp_mcs_ber_out_int8(self, s, 1);
+  xrdp_mcs_ber_out_int24(self, s, max_pdu_size);
+  xrdp_mcs_ber_out_int8(self, s, 2);
  return 0;
 }

@ -349,21 +447,28 @@ int xrdp_mcs_out_domain_params(struct xrdp_mcs* self, int max_channels,
 int xrdp_mcs_send_connect_response(struct xrdp_mcs* self)
 {
  int data_len;
+  struct stream* s;

+  make_stream(s);
+  init_stream(s, 8192);
  data_len = self->server_mcs_data->end - self->server_mcs_data->data;
-  xrdp_iso_init(self->iso_layer, 512);
-  xrdp_mcs_ber_out_header(self, MCS_CONNECT_RESPONSE, 313);
-  xrdp_mcs_ber_out_header(self, BER_TAG_RESULT, 1);
-  out_uint8(self->out_s, 0);
-  xrdp_mcs_ber_out_header(self, BER_TAG_INTEGER, 1);
-  out_uint8(self->out_s, 0);
-  xrdp_mcs_out_domain_params(self, 2, 2, 0, 0xffff);
-  xrdp_mcs_ber_out_header(self, BER_TAG_OCTET_STRING, data_len);
+  xrdp_iso_init(self->iso_layer, s);
+  xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, 313);
+  xrdp_mcs_ber_out_header(self, s, BER_TAG_RESULT, 1);
+  out_uint8(s, 0);
+  xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 1);
+  out_uint8(s, 0);
+  xrdp_mcs_out_domain_params(self, s, 2, 2, 0, 0xffff);
+  xrdp_mcs_ber_out_header(self, s, BER_TAG_OCTET_STRING, data_len);
  /* mcs data */
-  out_uint8a(self->out_s, self->server_mcs_data->data, data_len);
-  s_mark_end(self->out_s);
-  if (xrdp_iso_send(self->iso_layer) != 0)
+  out_uint8a(s, self->server_mcs_data->data, data_len);
+  s_mark_end(s);
+  if (xrdp_iso_send(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

@ -398,29 +503,29 @@ int xrdp_mcs_incoming(struct xrdp_mcs* self)

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_init(struct xrdp_mcs* self, int len)
+int xrdp_mcs_init(struct xrdp_mcs* self, struct stream* s)
 {
-  xrdp_iso_init(self->iso_layer, len + 8);
-  s_push_layer(self->out_s, mcs_hdr, 8);
+  xrdp_iso_init(self->iso_layer, s);
+  s_push_layer(s, mcs_hdr, 8);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_mcs_send(struct xrdp_mcs* self)
+int xrdp_mcs_send(struct xrdp_mcs* self, struct stream* s)
 {
  int len;

  DEBUG(("  in xrdp_mcs_send\n\r"));
-  s_pop_layer(self->out_s, mcs_hdr);
-  len = (self->out_s->end - self->out_s->p) - 8;
+  s_pop_layer(s, mcs_hdr);
+  len = (s->end - s->p) - 8;
  len = len | 0x8000;
-  out_uint8(self->out_s, MCS_SDIN << 2);
-  out_uint16_be(self->out_s, self->userid);
-  out_uint16_be(self->out_s, MCS_GLOBAL_CHANNEL);
-  out_uint8(self->out_s, 0x70);
-  out_uint16_be(self->out_s, len);
-  if (xrdp_iso_send(self->iso_layer) != 0)
+  out_uint8(s, MCS_SDIN << 2);
+  out_uint16_be(s, self->userid);
+  out_uint16_be(s, MCS_GLOBAL_CHANNEL);
+  out_uint8(s, 0x70);
+  out_uint16_be(s, len);
+  if (xrdp_iso_send(self->iso_layer, s) != 0)
    return 1;
  DEBUG(("  out xrdp_mcs_send\n\r"));
  return 0;
@ -431,18 +536,29 @@ int xrdp_mcs_send(struct xrdp_mcs* self)
 int xrdp_mcs_disconnect(struct xrdp_mcs* self)
 {
  int len;
+  struct stream* s;

-  xrdp_mcs_init(self, 100);
-  s_mark_end(self->out_s);
-  s_pop_layer(self->out_s, mcs_hdr);
-  len = (self->out_s->end - self->out_s->p) - 8;
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_mcs_init(self, s) != 0)
+  {
+    free_stream(s);
+    return 1;
+  }
+  s_mark_end(s);
+  s_pop_layer(s, mcs_hdr);
+  len = (s->end - s->p) - 8;
  len = len | 0x8000;
-  out_uint8(self->out_s, MCS_DPUM << 2);
-  out_uint16_be(self->out_s, self->userid);
-  out_uint16_be(self->out_s, MCS_GLOBAL_CHANNEL);
-  out_uint8(self->out_s, 0x70);
-  out_uint16_be(self->out_s, len);
-  if (xrdp_iso_send(self->iso_layer) != 0)
+  out_uint8(s, MCS_DPUM << 2);
+  out_uint16_be(s, self->userid);
+  out_uint16_be(s, MCS_GLOBAL_CHANNEL);
+  out_uint8(s, 0x70);
+  out_uint16_be(s, len);
+  if (xrdp_iso_send(self->iso_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }
--- a/xrdp/xrdp_orders.c
+++ b/xrdp/xrdp_orders.c
@ -30,13 +30,15 @@ struct xrdp_orders* xrdp_orders_create(struct xrdp_process* owner)
  self = (struct xrdp_orders*)g_malloc(sizeof(struct xrdp_orders), 1);
  self->pro_layer = owner;
  self->rdp_layer = owner->rdp_layer;
-  self->out_s = &owner->out_s;
+  make_stream(self->out_s);
+  init_stream(self->out_s, 8192);
  return self;
 }

 /*****************************************************************************/
 void xrdp_orders_delete(struct xrdp_orders* self)
 {
+  free_stream(self->out_s);
  g_free(self);
 }

@ -48,7 +50,8 @@ int xrdp_orders_init(struct xrdp_orders* self)
  if (self->order_level == 1)
  {
    self->order_count = 0;
-    if (xrdp_rdp_init_data(self->rdp_layer, 8192) != 0) /* is this big enough */
+    /* is this big enough */
+    if (xrdp_rdp_init_data(self->rdp_layer, self->out_s) != 0)
      return 1;
    out_uint16_le(self->out_s, RDP_UPDATE_ORDERS);
    out_uint8s(self->out_s, 2); /* pad */
@ -73,7 +76,8 @@ int xrdp_orders_send(struct xrdp_orders* self)
    {
      s_mark_end(self->out_s);
      *((short*)self->order_count_ptr) = self->order_count;
-      if (xrdp_rdp_send_data(self->rdp_layer, RDP_DATA_PDU_UPDATE) != 0)
+      if (xrdp_rdp_send_data(self->rdp_layer, self->out_s,
+                             RDP_DATA_PDU_UPDATE) != 0)
        rv = 1;
    }
  }
@ -88,7 +92,8 @@ int xrdp_orders_force_send(struct xrdp_orders* self)
  {
    s_mark_end(self->out_s);
    *((short*)self->order_count_ptr) = self->order_count;
-    if (xrdp_rdp_send_data(self->rdp_layer, RDP_DATA_PDU_UPDATE) != 0)
+    if (xrdp_rdp_send_data(self->rdp_layer, self->out_s,
+                           RDP_DATA_PDU_UPDATE) != 0)
      return 1;
  }
  self->order_count = 0;
@ -891,7 +896,6 @@ int xrdp_orders_mem_blt(struct xrdp_orders* self, int cache_id,
 /*****************************************************************************/
 /* returns error */
 /* when a palette gets sent, send the main palette too */
-/* don't need max size here */
 int xrdp_orders_send_palette(struct xrdp_orders* self, int* palette,
                             int cache_id)
 {
@ -899,10 +903,8 @@ int xrdp_orders_send_palette(struct xrdp_orders* self, int* palette,
  int len;
  int i;

-  /* gota clear any build up orders and send the main palette */
-  xrdp_orders_force_send(self);
  xrdp_wm_send_palette(self->pro_layer->wm);
-  xrdp_orders_init(self);
+  xrdp_orders_check(self, 2000);
  self->order_count++;
  order_flags = RDP_ORDER_STANDARD | RDP_ORDER_SECONDARY;
  out_uint8(self->out_s, order_flags);
--- a/xrdp/xrdp_process.c
+++ b/xrdp/xrdp_process.c
@ -39,8 +39,6 @@ void xrdp_process_delete(struct xrdp_process* self)
  xrdp_rdp_delete(self->rdp_layer);
  xrdp_orders_delete(self->orders);
  xrdp_wm_delete(self->wm);
-  g_free(self->in_s.data);
-  g_free(self->out_s.data);
  g_free(self);
 }

@ -50,7 +48,9 @@ int xrdp_process_main_loop(struct xrdp_process* self)
  int code;
  int i;
  int cont;
+  struct stream* s;

+  make_stream(s);
  self->status = 1;
  self->rdp_layer = xrdp_rdp_create(self);
  g_tcp_set_non_blocking(self->sck);
@ -61,10 +61,11 @@ int xrdp_process_main_loop(struct xrdp_process* self)
      i = g_tcp_select(self->sck);
      if (i == 1)
      {
+        init_stream(s, 8192);
        cont = 1;
        while (cont)
        {
-          if (xrdp_rdp_recv(self->rdp_layer, &code) != 0)
+          if (xrdp_rdp_recv(self->rdp_layer, s, &code) != 0)
            break;
          DEBUG(("xrdp_process_main_loop code %d\n\r", code));
          switch (code)
@ -75,10 +76,10 @@ int xrdp_process_main_loop(struct xrdp_process* self)
            case 0:
              break;
            case RDP_PDU_CONFIRM_ACTIVE:
-              xrdp_rdp_process_confirm_active(self->rdp_layer); /* 3 */
+              xrdp_rdp_process_confirm_active(self->rdp_layer, s); /* 3 */
              break;
            case RDP_PDU_DATA:
-              if (xrdp_rdp_process_data(self->rdp_layer) != 0) /* 7 */
+              if (xrdp_rdp_process_data(self->rdp_layer, s) != 0) /* 7 */
              {
                DEBUG(("xrdp_rdp_process_data returned non zero\n\r"));
                cont = 0;
@ -90,7 +91,7 @@ int xrdp_process_main_loop(struct xrdp_process* self)
              break;
          }
          if (cont)
-            cont = self->rdp_layer->next_packet < self->rdp_layer->in_s->end;
+            cont = s->next_packet < s->end;
        }
        if (cont) /* we must have errored out */
          break;
@ -115,5 +116,6 @@ int xrdp_process_main_loop(struct xrdp_process* self)
  g_tcp_close(self->sck);
  self->status = -1;
  xrdp_listen_delete_pro(self->lis_layer, self);
+  free_stream(s);
  return 0;
 }
--- a/xrdp/xrdp_rdp.c
+++ b/xrdp/xrdp_rdp.c
@ -53,8 +53,6 @@ struct xrdp_rdp* xrdp_rdp_create(struct xrdp_process* owner)

  self = (struct xrdp_rdp*)g_malloc(sizeof(struct xrdp_rdp), 1);
  self->pro_layer = owner;
-  self->in_s = &owner->in_s;
-  self->out_s = &owner->out_s;
  self->share_id = 66538;
  self->sec_layer = xrdp_sec_create(self);
  return self;
@ -70,103 +68,104 @@ void xrdp_rdp_delete(struct xrdp_rdp* self)
 }

 /*****************************************************************************/
-int xrdp_rdp_init(struct xrdp_rdp* self, int len)
+int xrdp_rdp_init(struct xrdp_rdp* self, struct stream* s)
 {
-  if (xrdp_sec_init(self->sec_layer, len + 6) != 0)
+  if (xrdp_sec_init(self->sec_layer, s) != 0)
    return 1;
-  s_push_layer(self->out_s, rdp_hdr, 6);
+  s_push_layer(s, rdp_hdr, 6);
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_init_data(struct xrdp_rdp* self, int len)
+int xrdp_rdp_init_data(struct xrdp_rdp* self, struct stream* s)
 {
-  if (xrdp_sec_init(self->sec_layer, len + 18) != 0)
+  if (xrdp_sec_init(self->sec_layer, s) != 0)
    return 1;
-  s_push_layer(self->out_s, rdp_hdr, 18);
+  s_push_layer(s, rdp_hdr, 18);
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_recv(struct xrdp_rdp* self, int* code)
+int xrdp_rdp_recv(struct xrdp_rdp* self, struct stream* s, int* code)
 {
  int error;
  int len;
  int pdu_code;
  int chan;

-  if (self->next_packet == 0 || self->next_packet >= self->in_s->end)
+  if (s->next_packet == 0 || s->next_packet >= s->end)
  {
    chan = 0;
-    error = xrdp_sec_recv(self->sec_layer, &chan);
+    error = xrdp_sec_recv(self->sec_layer, s, &chan);
    if (error == -1) /* special code for send demand active */
    {
-      self->next_packet = 0;
+      s->next_packet = 0;
      *code = -1;
      return 0;
    }
    if (chan != MCS_GLOBAL_CHANNEL && chan > 0)
    {
-      self->next_packet = 0;
+      s->next_packet = 0;
      *code = 0;
      return 0;
    }
    if (error != 0)
      return 1;
-    self->next_packet = self->in_s->p;
+    s->next_packet = s->p;
  }
  else
-    self->in_s->p = self->next_packet;
-  in_uint16_le(self->in_s, len);
+    s->p = s->next_packet;
+  in_uint16_le(s, len);
  if (len == 0x8000)
  {
-    self->next_packet += 8;
+    s->next_packet += 8;
    *code = 0;
    return 0;
  }
-  in_uint16_le(self->in_s, pdu_code);
+  in_uint16_le(s, pdu_code);
  *code = pdu_code & 0xf;
-  in_uint8s(self->in_s, 2); /* mcs user id */
-  self->next_packet += len;
+  in_uint8s(s, 2); /* mcs user id */
+  s->next_packet += len;
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_send(struct xrdp_rdp* self, int pdu_type)
+int xrdp_rdp_send(struct xrdp_rdp* self, struct stream* s, int pdu_type)
 {
  int len;

  DEBUG(("in xrdp_rdp_send\n\r"));
-  s_pop_layer(self->out_s, rdp_hdr);
-  len = self->out_s->end - self->out_s->p;
-  out_uint16_le(self->out_s, len);
-  out_uint16_le(self->out_s, 0x10 | pdu_type);
-  out_uint16_le(self->out_s, self->mcs_channel);
-  if (xrdp_sec_send(self->sec_layer, 0) != 0)
+  s_pop_layer(s, rdp_hdr);
+  len = s->end - s->p;
+  out_uint16_le(s, len);
+  out_uint16_le(s, 0x10 | pdu_type);
+  out_uint16_le(s, self->mcs_channel);
+  if (xrdp_sec_send(self->sec_layer, s, 0) != 0)
    return 1;
  DEBUG(("out xrdp_rdp_send\n\r"));
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_send_data(struct xrdp_rdp* self, int data_pdu_type)
+int xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s,
+                       int data_pdu_type)
 {
  int len;

  DEBUG(("in xrdp_rdp_send_data\n\r"));
-  s_pop_layer(self->out_s, rdp_hdr);
-  len = self->out_s->end - self->out_s->p;
-  out_uint16_le(self->out_s, len);
-  out_uint16_le(self->out_s, 0x10 | RDP_PDU_DATA);
-  out_uint16_le(self->out_s, self->mcs_channel);
-  out_uint32_le(self->out_s, self->share_id);
-  out_uint8(self->out_s, 0);
-  out_uint8(self->out_s, 1);
-  out_uint16_le(self->out_s, len - 14);
-  out_uint8(self->out_s, data_pdu_type);
-  out_uint8(self->out_s, 0);
-  out_uint16_le(self->out_s, 0);
-  if (xrdp_sec_send(self->sec_layer, 0) != 0)
+  s_pop_layer(s, rdp_hdr);
+  len = s->end - s->p;
+  out_uint16_le(s, len);
+  out_uint16_le(s, 0x10 | RDP_PDU_DATA);
+  out_uint16_le(s, self->mcs_channel);
+  out_uint32_le(s, self->share_id);
+  out_uint8(s, 0);
+  out_uint8(s, 1);
+  out_uint16_le(s, len - 14);
+  out_uint8(s, data_pdu_type);
+  out_uint8(s, 0);
+  out_uint16_le(s, 0);
+  if (xrdp_sec_send(self->sec_layer, s, 0) != 0)
    return 1;
  DEBUG(("out xrdp_rdp_send_data\n\r"));
  return 0;
@ -226,135 +225,146 @@ int xrdp_rdp_incoming(struct xrdp_rdp* self)
 /*****************************************************************************/
 int xrdp_rdp_send_demand_active(struct xrdp_rdp* self)
 {
-  if (xrdp_rdp_init(self, 512) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_rdp_init(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }

-  out_uint32_le(self->out_s, self->share_id);
-  out_uint32_be(self->out_s, 0x04000401);
-  out_uint32_be(self->out_s, 0x524e5300);
-  out_uint32_be(self->out_s, 0x08000000);
-  out_uint32_be(self->out_s, 0x09000800);
-  out_uint16_le(self->out_s, self->mcs_channel);
-  out_uint16_be(self->out_s, 0xb5e2);
+  out_uint32_le(s, self->share_id);
+  out_uint32_be(s, 0x04000401);
+  out_uint32_be(s, 0x524e5300);
+  out_uint32_be(s, 0x08000000);
+  out_uint32_be(s, 0x09000800);
+  out_uint16_le(s, self->mcs_channel);
+  out_uint16_be(s, 0xb5e2);

  /* Output general capability set */
-  out_uint16_le(self->out_s, RDP_CAPSET_GENERAL); /* 1 */
-  out_uint16_le(self->out_s, RDP_CAPLEN_GENERAL); /* 24(0x18) */
-  out_uint16_le(self->out_s, 1); /* OS major type */
-  out_uint16_le(self->out_s, 3); /* OS minor type */
-  out_uint16_le(self->out_s, 0x200); /* Protocol version */
-  out_uint16_le(self->out_s, 0); /* pad */
-  out_uint16_le(self->out_s, 0); /* Compression types */
-  out_uint16_le(self->out_s, 0); /* pad */
-  out_uint16_le(self->out_s, 0); /* Update capability */
-  out_uint16_le(self->out_s, 0); /* Remote unshare capability */
-  out_uint16_le(self->out_s, 0); /* Compression level */
-  out_uint16_le(self->out_s, 0); /* Pad */
+  out_uint16_le(s, RDP_CAPSET_GENERAL); /* 1 */
+  out_uint16_le(s, RDP_CAPLEN_GENERAL); /* 24(0x18) */
+  out_uint16_le(s, 1); /* OS major type */
+  out_uint16_le(s, 3); /* OS minor type */
+  out_uint16_le(s, 0x200); /* Protocol version */
+  out_uint16_le(s, 0); /* pad */
+  out_uint16_le(s, 0); /* Compression types */
+  out_uint16_le(s, 0); /* pad */
+  out_uint16_le(s, 0); /* Update capability */
+  out_uint16_le(s, 0); /* Remote unshare capability */
+  out_uint16_le(s, 0); /* Compression level */
+  out_uint16_le(s, 0); /* Pad */

  /* Output bitmap capability set */
-  out_uint16_le(self->out_s, RDP_CAPSET_BITMAP); /* 2 */
-  out_uint16_le(self->out_s, RDP_CAPLEN_BITMAP); /* 28(0x1c) */
-  out_uint16_le(self->out_s, self->bpp); /* Preferred BPP */
-  out_uint16_le(self->out_s, 1); /* Receive 1 BPP */
-  out_uint16_le(self->out_s, 1); /* Receive 4 BPP */
-  out_uint16_le(self->out_s, 1); /* Receive 8 BPP */
-  out_uint16_le(self->out_s, self->width); /* width */
-  out_uint16_le(self->out_s, self->height); /* height */
-  out_uint16_le(self->out_s, 0); /* Pad */
-  out_uint16_le(self->out_s, 1); /* Allow resize */
-  out_uint16_le(self->out_s, 1); /* bitmap compression */
-  out_uint16_le(self->out_s, 0); /* unknown */
-  out_uint16_le(self->out_s, 0); /* unknown */
-  out_uint16_le(self->out_s, 0); /* pad */
+  out_uint16_le(s, RDP_CAPSET_BITMAP); /* 2 */
+  out_uint16_le(s, RDP_CAPLEN_BITMAP); /* 28(0x1c) */
+  out_uint16_le(s, self->bpp); /* Preferred BPP */
+  out_uint16_le(s, 1); /* Receive 1 BPP */
+  out_uint16_le(s, 1); /* Receive 4 BPP */
+  out_uint16_le(s, 1); /* Receive 8 BPP */
+  out_uint16_le(s, self->width); /* width */
+  out_uint16_le(s, self->height); /* height */
+  out_uint16_le(s, 0); /* Pad */
+  out_uint16_le(s, 1); /* Allow resize */
+  out_uint16_le(s, 1); /* bitmap compression */
+  out_uint16_le(s, 0); /* unknown */
+  out_uint16_le(s, 0); /* unknown */
+  out_uint16_le(s, 0); /* pad */

  /* Output ? */
-  out_uint16_le(self->out_s, 14);
-  out_uint16_le(self->out_s, 4);
+  out_uint16_le(s, 14);
+  out_uint16_le(s, 4);

  /* Output order capability set */
-  out_uint16_le(self->out_s, RDP_CAPSET_ORDER); /* 3 */
-  out_uint16_le(self->out_s, RDP_CAPLEN_ORDER); /* 88(0x58) */
-  out_uint8s(self->out_s, 16);
-  out_uint32_be(self->out_s, 0x40420f00);
-  out_uint16_le(self->out_s, 1); /* Cache X granularity */
-  out_uint16_le(self->out_s, 20); /* Cache Y granularity */
-  out_uint16_le(self->out_s, 0); /* Pad */
-  out_uint16_le(self->out_s, 1); /* Max order level */
-  out_uint16_le(self->out_s, 0x2f); /* Number of fonts */
-  out_uint16_le(self->out_s, 0x22); /* Capability flags */
+  out_uint16_le(s, RDP_CAPSET_ORDER); /* 3 */
+  out_uint16_le(s, RDP_CAPLEN_ORDER); /* 88(0x58) */
+  out_uint8s(s, 16);
+  out_uint32_be(s, 0x40420f00);
+  out_uint16_le(s, 1); /* Cache X granularity */
+  out_uint16_le(s, 20); /* Cache Y granularity */
+  out_uint16_le(s, 0); /* Pad */
+  out_uint16_le(s, 1); /* Max order level */
+  out_uint16_le(s, 0x2f); /* Number of fonts */
+  out_uint16_le(s, 0x22); /* Capability flags */
  /* caps */
-  out_uint8(self->out_s, 1); /* dest blt */
-  out_uint8(self->out_s, 1); /* pat blt */
-  out_uint8(self->out_s, 1); /* screen blt */
-  out_uint8(self->out_s, 1); /* memblt */
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 0);
-  out_uint8(self->out_s, 0);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 1);
-  out_uint8(self->out_s, 0);
-  out_uint8(self->out_s, 0);
-  out_uint8(self->out_s, 0);
-  out_uint16_le(self->out_s, 0x6a1);
-  out_uint8s(self->out_s, 6); /* ? */
-  out_uint32_le(self->out_s, 0x0f4240); /* desk save */
-  out_uint32_le(self->out_s, 0); /* ? */
-  out_uint32_le(self->out_s, 0); /* ? */
+  out_uint8(s, 1); /* dest blt */
+  out_uint8(s, 1); /* pat blt */
+  out_uint8(s, 1); /* screen blt */
+  out_uint8(s, 1); /* memblt */
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 0);
+  out_uint8(s, 0);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 1);
+  out_uint8(s, 0);
+  out_uint8(s, 0);
+  out_uint8(s, 0);
+  out_uint16_le(s, 0x6a1);
+  out_uint8s(s, 6); /* ? */
+  out_uint32_le(s, 0x0f4240); /* desk save */
+  out_uint32_le(s, 0); /* ? */
+  out_uint32_le(s, 0); /* ? */

  /* Output color cache capability set */
-  out_uint16_le(self->out_s, RDP_CAPSET_COLCACHE);
-  out_uint16_le(self->out_s, RDP_CAPLEN_COLCACHE);
-  out_uint16_le(self->out_s, 6); /* cache size */
-  out_uint16_le(self->out_s, 0); /* pad */
+  out_uint16_le(s, RDP_CAPSET_COLCACHE);
+  out_uint16_le(s, RDP_CAPLEN_COLCACHE);
+  out_uint16_le(s, 6); /* cache size */
+  out_uint16_le(s, 0); /* pad */

  /* Output pointer capability set */
-  out_uint16_le(self->out_s, RDP_CAPSET_POINTER);
-  out_uint16_le(self->out_s, RDP_CAPLEN_POINTER);
-  out_uint16_le(self->out_s, 1); /* Colour pointer */
-  out_uint16_le(self->out_s, 0x19); /* Cache size */
+  out_uint16_le(s, RDP_CAPSET_POINTER);
+  out_uint16_le(s, RDP_CAPLEN_POINTER);
+  out_uint16_le(s, 1); /* Colour pointer */
+  out_uint16_le(s, 0x19); /* Cache size */

  /* Output ? */
-  out_uint16_le(self->out_s, 0xd);
-  out_uint16_le(self->out_s, 0x58); /* 88 */
-  out_uint8(self->out_s, 1);
-  out_uint8s(self->out_s, 83);
+  out_uint16_le(s, 0xd);
+  out_uint16_le(s, 0x58); /* 88 */
+  out_uint8(s, 1);
+  out_uint8s(s, 83);

-  s_mark_end(self->out_s);
+  s_mark_end(s);

-  if (xrdp_rdp_send(self, RDP_PDU_DEMAND_ACTIVE) != 0)
+  if (xrdp_rdp_send(self, s, RDP_PDU_DEMAND_ACTIVE) != 0)
+  {
+    free_stream(s);
    return 1;
+  }

+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_process_confirm_active(struct xrdp_rdp* self)
+int xrdp_rdp_process_confirm_active(struct xrdp_rdp* self, struct stream* s)
 {
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_process_data_pointer(struct xrdp_rdp* self)
+int xrdp_rdp_process_data_pointer(struct xrdp_rdp* self, struct stream* s)
 {
  return 0;
 }
@ -410,7 +420,7 @@ int xrdp_rdp_process_input_mouse(struct xrdp_rdp* self, int device_flags,

 /*****************************************************************************/
 /* RDP_DATA_PDU_INPUT */
-int xrdp_rdp_process_data_input(struct xrdp_rdp* self)
+int xrdp_rdp_process_data_input(struct xrdp_rdp* self, struct stream* s)
 {
  int num_events;
  int index;
@ -419,16 +429,16 @@ int xrdp_rdp_process_data_input(struct xrdp_rdp* self)
  int param1;
  int param2;

-  in_uint16_le(self->in_s, num_events);
-  in_uint8s(self->in_s, 2); /* pad */
+  in_uint16_le(s, num_events);
+  in_uint8s(s, 2); /* pad */
  DEBUG(("xrdp_rdp_process_data_input %d events\n\r", num_events))
  for (index = 0; index < num_events; index++)
  {
-    in_uint8s(self->in_s, 4); /* time */
-    in_uint16_le(self->in_s, msg_type);
-    in_uint16_le(self->in_s, device_flags);
-    in_sint16_le(self->in_s, param1);
-    in_sint16_le(self->in_s, param2);
+    in_uint8s(s, 4); /* time */
+    in_uint16_le(s, msg_type);
+    in_uint16_le(s, device_flags);
+    in_sint16_le(s, param1);
+    in_sint16_le(s, param2);
    switch (msg_type)
    {
      case RDP_INPUT_SYNCHRONIZE: /* 0 */
@ -451,38 +461,60 @@ int xrdp_rdp_process_data_input(struct xrdp_rdp* self)
 /*****************************************************************************/
 int xrdp_rdp_send_synchronise(struct xrdp_rdp* self)
 {
-  if (xrdp_rdp_init_data(self, 4) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_rdp_init_data(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint16_le(self->out_s, 1);
-  out_uint16_le(self->out_s, 1002);
-  s_mark_end(self->out_s);
-  if (xrdp_rdp_send_data(self, RDP_DATA_PDU_SYNCHRONISE) != 0)
+  }
+  out_uint16_le(s, 1);
+  out_uint16_le(s, 1002);
+  s_mark_end(s);
+  if (xrdp_rdp_send_data(self, s, RDP_DATA_PDU_SYNCHRONISE) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
 int xrdp_rdp_send_control(struct xrdp_rdp* self, int action)
 {
-  if (xrdp_rdp_init_data(self, 8) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_rdp_init_data(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint16_le(self->out_s, action);
-  out_uint16_le(self->out_s, 0); /* userid */
-  out_uint32_le(self->out_s, 1002); /* control id */
-  s_mark_end(self->out_s);
-  if (xrdp_rdp_send_data(self, RDP_DATA_PDU_CONTROL) != 0)
+  }
+  out_uint16_le(s, action);
+  out_uint16_le(s, 0); /* userid */
+  out_uint32_le(s, 1002); /* control id */
+  s_mark_end(s);
+  if (xrdp_rdp_send_data(self, s, RDP_DATA_PDU_CONTROL) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_process_data_control(struct xrdp_rdp* self)
+int xrdp_rdp_process_data_control(struct xrdp_rdp* self, struct stream* s)
 {
  int action;

-  in_uint16_le(self->in_s, action);
-  in_uint8s(self->in_s, 2); /* user id */
-  in_uint8s(self->in_s, 4); /* control id */
+  in_uint16_le(s, action);
+  in_uint8s(s, 2); /* user id */
+  in_uint8s(s, 4); /* control id */
  if (action == RDP_CTL_REQUEST_CONTROL)
  {
    xrdp_rdp_send_synchronise(self);
@ -499,7 +531,7 @@ int xrdp_rdp_process_data_sync(struct xrdp_rdp* self)
 }

 /*****************************************************************************/
-int xrdp_rdp_process_screen_update(struct xrdp_rdp* self)
+int xrdp_rdp_process_screen_update(struct xrdp_rdp* self, struct stream* s)
 {
  int op;
  int left;
@ -508,11 +540,11 @@ int xrdp_rdp_process_screen_update(struct xrdp_rdp* self)
  int bottom;
  struct xrdp_rect rect;

-  in_uint32_le(self->in_s, op);
-  in_uint16_le(self->in_s, left);
-  in_uint16_le(self->in_s, top);
-  in_uint16_le(self->in_s, right);
-  in_uint16_le(self->in_s, bottom);
+  in_uint32_le(s, op);
+  in_uint16_le(s, left);
+  in_uint16_le(s, top);
+  in_uint16_le(s, right);
+  in_uint16_le(s, bottom);
  xrdp_wm_rect(&rect, left, top, (right - left) + 1, (bottom - top) + 1);
  if (self->up_and_running && self->pro_layer->wm != 0)
    xrdp_bitmap_invalidate(self->pro_layer->wm->screen, &rect);
@ -522,23 +554,34 @@ int xrdp_rdp_process_screen_update(struct xrdp_rdp* self)
 /*****************************************************************************/
 int xrdp_rdp_send_unknown1(struct xrdp_rdp* self)
 {
-  if (xrdp_rdp_init_data(self, 300) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_rdp_init_data(self, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint8a(self->out_s, unknown1, 172);
-  s_mark_end(self->out_s);
-  if (xrdp_rdp_send_data(self, 0x28) != 0)
+  }
+  out_uint8a(s, unknown1, 172);
+  s_mark_end(s);
+  if (xrdp_rdp_send_data(self, s, 0x28) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

 /*****************************************************************************/
-int xrdp_rdp_process_data_font(struct xrdp_rdp* self)
+int xrdp_rdp_process_data_font(struct xrdp_rdp* self, struct stream* s)
 {
  int seq;

-  in_uint8s(self->in_s, 2); /* num of fonts */
-  in_uint8s(self->in_s, 2); // unknown
-  in_uint16_le(self->in_s, seq);
+  in_uint8s(s, 2); /* num of fonts */
+  in_uint8s(s, 2); // unknown
+  in_uint16_le(s, seq);
  /* 419 client sends Seq 1, then 2 */
  /* 2600 clients sends only Seq 3 */
  if (seq == 2 || seq == 3) /* after second font message, we are up and */
@ -551,35 +594,35 @@ int xrdp_rdp_process_data_font(struct xrdp_rdp* self)

 /*****************************************************************************/
 /* RDP_PDU_DATA */
-int xrdp_rdp_process_data(struct xrdp_rdp* self)
+int xrdp_rdp_process_data(struct xrdp_rdp* self, struct stream* s)
 {
  int len;
  int data_type;
  int ctype;
  int clen;

-  in_uint8s(self->in_s, 6);
-  in_uint16_le(self->in_s, len);
-  in_uint8(self->in_s, data_type);
-  in_uint8(self->in_s, ctype);
-  in_uint16_le(self->in_s, clen);
+  in_uint8s(s, 6);
+  in_uint16_le(s, len);
+  in_uint8(s, data_type);
+  in_uint8(s, ctype);
+  in_uint16_le(s, clen);
  DEBUG(("xrdp_rdp_process_data code %d\n\r", data_type));
  switch (data_type)
  {
    case RDP_DATA_PDU_POINTER: /* 27 */
-      xrdp_rdp_process_data_pointer(self);
+      xrdp_rdp_process_data_pointer(self, s);
      break;
    case RDP_DATA_PDU_INPUT: /* 28 */
-      xrdp_rdp_process_data_input(self);
+      xrdp_rdp_process_data_input(self, s);
      break;
    case RDP_DATA_PDU_CONTROL: /* 20 */
-      xrdp_rdp_process_data_control(self);
+      xrdp_rdp_process_data_control(self, s);
      break;
    case RDP_DATA_PDU_SYNCHRONISE: /* 31 */
      xrdp_rdp_process_data_sync(self);
      break;
    case 33: /* 33 ?? */
-      xrdp_rdp_process_screen_update(self);
+      xrdp_rdp_process_screen_update(self, s);
      break;

    //case 35: /* 35 ?? this comes when minimuzing a full screen mstsc.exe 2600 */
@ -588,7 +631,7 @@ int xrdp_rdp_process_data(struct xrdp_rdp* self)
      return 1;
      break;
    case RDP_DATA_PDU_FONT2: /* 39 */
-      xrdp_rdp_process_data_font(self);
+      xrdp_rdp_process_data_font(self, s);
      break;
    default:
      g_printf("unknown in xrdp_rdp_process_data %d\n\r", data_type);
--- a/xrdp/xrdp_sec.c
+++ b/xrdp/xrdp_sec.c
@ -118,8 +118,6 @@ struct xrdp_sec* xrdp_sec_create(struct xrdp_rdp* owner)

  self = (struct xrdp_sec*)g_malloc(sizeof(struct xrdp_sec), 1);
  self->rdp_layer = owner;
-  self->in_s = owner->in_s;
-  self->out_s = owner->out_s;
  self->rc4_key_size = 1;
  self->decrypt_rc4_info = g_rc4_info_create();
  self->encrypt_rc4_info = g_rc4_info_create();
@ -143,11 +141,11 @@ void xrdp_sec_delete(struct xrdp_sec* self)

 /*****************************************************************************/
 /* returns error */
-int xrdp_sec_init(struct xrdp_sec* self, int len)
+int xrdp_sec_init(struct xrdp_sec* self, struct stream* s)
 {
-  if (xrdp_mcs_init(self->mcs_layer, len + 4) != 0)
+  if (xrdp_mcs_init(self->mcs_layer, s) != 0)
    return 1;
-  s_push_layer(self->out_s, sec_hdr, 4);
+  s_push_layer(s, sec_hdr, 4);
  return 0;
 }

@ -210,7 +208,7 @@ void xrdp_sec_decrypt(struct xrdp_sec* self, char* data, int len)

 /*****************************************************************************/
 /* returns error */
-int xrdp_sec_process_logon_info(struct xrdp_sec* self)
+int xrdp_sec_process_logon_info(struct xrdp_sec* self, struct stream* s)
 {
  int flags;
  int len_domain;
@ -219,8 +217,8 @@ int xrdp_sec_process_logon_info(struct xrdp_sec* self)
  int len_program;
  int len_directory;

-  in_uint8s(self->in_s, 4);
-  in_uint32_le(self->in_s, flags);
+  in_uint8s(s, 4);
+  in_uint32_le(s, flags);
  DEBUG(("in xrdp_sec_process_logon_info flags $%x\n", flags));
  /* this is the first test that the decrypt is working */
  if ((flags & RDP_LOGON_NORMAL) != RDP_LOGON_NORMAL) /* 0x33 */
@ -229,16 +227,16 @@ int xrdp_sec_process_logon_info(struct xrdp_sec* self)
    ;
  if (flags & RDP_COMPRESSION)
    ;
-  in_uint16_le(self->in_s, len_domain);
-  in_uint16_le(self->in_s, len_user);
-  in_uint16_le(self->in_s, len_password);
-  in_uint16_le(self->in_s, len_program);
-  in_uint16_le(self->in_s, len_directory);
-  in_uint8s(self->in_s, len_domain + 2);
-  in_uint8s(self->in_s, len_user + 2);
-  in_uint8s(self->in_s, len_password + 2);
-  in_uint8s(self->in_s, len_program + 2);
-  in_uint8s(self->in_s, len_directory + 2);
+  in_uint16_le(s, len_domain);
+  in_uint16_le(s, len_user);
+  in_uint16_le(s, len_password);
+  in_uint16_le(s, len_program);
+  in_uint16_le(s, len_directory);
+  in_uint8s(s, len_domain + 2);
+  in_uint8s(s, len_user + 2);
+  in_uint8s(s, len_password + 2);
+  in_uint8s(s, len_program + 2);
+  in_uint8s(s, len_directory + 2);
  return 0;
 }

@ -246,12 +244,23 @@ int xrdp_sec_process_logon_info(struct xrdp_sec* self)
 /* returns error */
 int xrdp_sec_send_lic_initial(struct xrdp_sec* self)
 {
-  if (xrdp_mcs_init(self->mcs_layer, 322) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_mcs_init(self->mcs_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint8a(self->out_s, lic1, 322);
-  s_mark_end(self->out_s);
-  if (xrdp_mcs_send(self->mcs_layer) != 0)
+  }
+  out_uint8a(s, lic1, 322);
+  s_mark_end(s);
+  if (xrdp_mcs_send(self->mcs_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

@ -259,12 +268,23 @@ int xrdp_sec_send_lic_initial(struct xrdp_sec* self)
 /* returns error */
 int xrdp_sec_send_lic_response(struct xrdp_sec* self)
 {
-  if (xrdp_mcs_init(self->mcs_layer, 20) != 0)
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  if (xrdp_mcs_init(self->mcs_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
-  out_uint8a(self->out_s, lic2, 20);
-  s_mark_end(self->out_s);
-  if (xrdp_mcs_send(self->mcs_layer) != 0)
+  }
+  out_uint8a(s, lic2, 20);
+  s_mark_end(s);
+  if (xrdp_mcs_send(self->mcs_layer, s) != 0)
+  {
+    free_stream(s);
    return 1;
+  }
+  free_stream(s);
  return 0;
 }

@ -388,25 +408,25 @@ void xrdp_sec_establish_keys(struct xrdp_sec* self)

 /*****************************************************************************/
 /* returns error */
-int xrdp_sec_recv(struct xrdp_sec* self, int* chan)
+int xrdp_sec_recv(struct xrdp_sec* self, struct stream* s, int* chan)
 {
  int flags;
  int len;

  DEBUG((" in xrdp_sec_recv\n\r"));
-  if (xrdp_mcs_recv(self->mcs_layer, chan) != 0)
+  if (xrdp_mcs_recv(self->mcs_layer, s, chan) != 0)
    return 1;
-  in_uint32_le(self->in_s, flags);
+  in_uint32_le(s, flags);
  DEBUG((" in xrdp_sec_recv flags $%x\n\r", flags));
  if (flags & SEC_ENCRYPT) /* 0x08 */
  {
-    in_uint8s(self->in_s, 8); /* signature */
-    xrdp_sec_decrypt(self, self->in_s->p, self->in_s->end - self->in_s->p);
+    in_uint8s(s, 8); /* signature */
+    xrdp_sec_decrypt(self, s->p, s->end - s->p);
  }
  if (flags & SEC_CLIENT_RANDOM) /* 0x01 */
  {
-    in_uint32_le(self->in_s, len);
-    in_uint8a(self->in_s, self->client_crypt_random, 64);
+    in_uint32_le(s, len);
+    in_uint8a(s, self->client_crypt_random, 64);
    xrdp_sec_rsa_op(self->client_random, self->client_crypt_random,
                    pub_mod, pri_exp);
    xrdp_sec_establish_keys(self);
@ -415,7 +435,7 @@ int xrdp_sec_recv(struct xrdp_sec* self, int* chan)
  }
  if (flags & SEC_LOGON_INFO) /* 0x40 */
  {
-    if (xrdp_sec_process_logon_info(self) != 0)
+    if (xrdp_sec_process_logon_info(self, s) != 0)
      return 1;
    if (xrdp_sec_send_lic_initial(self) != 0)
      return 1;
@ -435,12 +455,12 @@ int xrdp_sec_recv(struct xrdp_sec* self, int* chan)
 /*****************************************************************************/
 /* returns error */
 /* TODO needs outgoing encryption */
-int xrdp_sec_send(struct xrdp_sec* self, int flags)
+int xrdp_sec_send(struct xrdp_sec* self, struct stream* s, int flags)
 {
  DEBUG((" in xrdp_sec_send\n\r"));
-  s_pop_layer(self->out_s, sec_hdr);
-  out_uint32_le(self->out_s, flags);
-  if (xrdp_mcs_send(self->mcs_layer) != 0)
+  s_pop_layer(s, sec_hdr);
+  out_uint32_le(s, flags);
+  if (xrdp_mcs_send(self->mcs_layer, s) != 0)
    return 1;
  DEBUG((" out xrdp_sec_send\n\r"));
  return 0;
--- a/xrdp/xrdp_tcp.c
+++ b/xrdp/xrdp_tcp.c
@ -28,8 +28,6 @@ struct xrdp_tcp* xrdp_tcp_create(struct xrdp_iso* owner)

  self = (struct xrdp_tcp*)g_malloc(sizeof(struct xrdp_tcp), 1);
  self->iso_layer = owner;
-  self->in_s = owner->in_s;
-  self->out_s = owner->out_s;
  /* get sck from xrdp_process */
  self->sck = owner->mcs_layer->sec_layer->rdp_layer->pro_layer->sck;
  return self;
@ -44,25 +42,25 @@ void xrdp_tcp_delete(struct xrdp_tcp* self)
 /*****************************************************************************/
 /* get out stream ready for data */
 /* returns error */
-int xrdp_tcp_init(struct xrdp_tcp* self, int len)
+int xrdp_tcp_init(struct xrdp_tcp* self, struct stream* s)
 {
-  init_stream(self->out_s, len);
+  init_stream(s, 8192);
  return 0;
 }

 /*****************************************************************************/
 /* returns error */
-int xrdp_tcp_recv(struct xrdp_tcp* self, int len)
+int xrdp_tcp_recv(struct xrdp_tcp* self, struct stream* s, int len)
 {
  int rcvd;

  DEBUG(("    in xrdp_tcp_recv, gota get %d bytes\n", len))
-  init_stream(self->in_s, len);
+  init_stream(s, len);
  while (len > 0)
  {
    if (g_is_term())
      return 1;
-    rcvd = g_tcp_recv(self->sck, self->in_s->end, len, 0);
+    rcvd = g_tcp_recv(self->sck, s->end, len, 0);
    if (rcvd == -1)
    {
      if (g_tcp_last_error_would_block(self->sck))
@ -80,7 +78,7 @@ int xrdp_tcp_recv(struct xrdp_tcp* self, int len)
    }
    else
    {
-      self->in_s->end += rcvd;
+      s->end += rcvd;
      len -= rcvd;
    }
  }
@ -89,20 +87,20 @@ int xrdp_tcp_recv(struct xrdp_tcp* self, int len)

 /*****************************************************************************/
 /* returns error */
-int xrdp_tcp_send(struct xrdp_tcp* self)
+int xrdp_tcp_send(struct xrdp_tcp* self, struct stream* s)
 {
  int len;
  int total;
  int sent;

-  len = self->out_s->end - self->out_s->data;
+  len = s->end - s->data;
  DEBUG(("    in xrdp_tcp_send, gota send %d bytes\n\r", len))
  total = 0;
  while (total < len)
  {
    if (g_is_term())
      return 1;
-    sent = g_tcp_send(self->sck, self->out_s->data + total, len - total, 0);
+    sent = g_tcp_send(self->sck, s->data + total, len - total, 0);
    if (sent == -1)
    {
      if (g_tcp_last_error_would_block(self->sck))
--- a/xrdp/xrdp_types.h
+++ b/xrdp/xrdp_types.h
@ -91,16 +91,12 @@ struct xrdp_pen
 struct xrdp_tcp
 {
  int sck;
-  struct stream* in_s;
-  struct stream* out_s;
  struct xrdp_iso* iso_layer; /* owner */
 };

 /* iso */
 struct xrdp_iso
 {
-  struct stream* in_s;
-  struct stream* out_s;
  struct xrdp_mcs* mcs_layer; /* owner */
  struct xrdp_tcp* tcp_layer;
 };
@ -108,8 +104,6 @@ struct xrdp_iso
 /* mcs */
 struct xrdp_mcs
 {
-  struct stream* in_s;
-  struct stream* out_s;
  struct xrdp_sec* sec_layer; /* owner */
  struct xrdp_iso* iso_layer;
  int userid;
@ -121,8 +115,6 @@ struct xrdp_mcs
 /* sec */
 struct xrdp_sec
 {
-  struct stream* in_s;
-  struct stream* out_s;
  struct xrdp_rdp* rdp_layer; /* owner */
  struct xrdp_mcs* mcs_layer;
  char server_random[32];
@ -146,11 +138,8 @@ struct xrdp_sec
 /* rdp */
 struct xrdp_rdp
 {
-  struct stream* in_s;
-  struct stream* out_s;
  struct xrdp_process* pro_layer; /* owner */
  struct xrdp_sec* sec_layer;
-  char* next_packet;
  int share_id;
  int mcs_channel;
  int bpp;
@ -257,7 +246,6 @@ struct xrdp_wm
  struct xrdp_bitmap* screen;
  struct xrdp_orders* orders;
  struct xrdp_painter* painter;
-  struct stream* out_s;
  struct xrdp_rdp* rdp_layer;
  struct xrdp_cache* cache;
  int palette[256];
@ -296,8 +284,6 @@ struct xrdp_process
  int status;
  int sck;
  int term;
-  struct stream in_s;
-  struct stream out_s;
  struct xrdp_listen* lis_layer; /* owner */
  struct xrdp_rdp* rdp_layer;
  /* create these when up and running */
--- a/xrdp/xrdp_wm.c
+++ b/xrdp/xrdp_wm.c
@ -35,7 +35,6 @@ struct xrdp_wm* xrdp_wm_create(struct xrdp_process* owner)
  self->pro_layer = owner;
  self->orders = owner->orders;
  self->painter = xrdp_painter_create(self);
-  self->out_s = &owner->out_s;
  self->rdp_layer = owner->rdp_layer;
  self->cache = xrdp_cache_create(self, self->orders);
  return self;
@ -57,21 +56,25 @@ int xrdp_wm_send_palette(struct xrdp_wm* self)
 {
  int i;
  int color;
+  struct stream* s;

-  xrdp_rdp_init_data(self->rdp_layer, 776);
-  out_uint16_le(self->out_s, RDP_UPDATE_PALETTE);
-  out_uint16_le(self->out_s, 0);
-  out_uint16_le(self->out_s, 256); /* # of colors */
-  out_uint16_le(self->out_s, 0);
+  make_stream(s);
+  init_stream(s, 8192);
+  xrdp_rdp_init_data(self->rdp_layer, s);
+  out_uint16_le(s, RDP_UPDATE_PALETTE);
+  out_uint16_le(s, 0);
+  out_uint16_le(s, 256); /* # of colors */
+  out_uint16_le(s, 0);
  for (i = 0; i < 256; i++)
  {
    color = self->palette[i];
-    out_uint8(self->out_s, color >> 16);
-    out_uint8(self->out_s, color >> 8);
-    out_uint8(self->out_s, color);
+    out_uint8(s, color >> 16);
+    out_uint8(s, color >> 8);
+    out_uint8(s, color);
  }
-  s_mark_end(self->out_s);
-  xrdp_rdp_send_data(self->rdp_layer, RDP_DATA_PDU_UPDATE);
+  s_mark_end(s);
+  xrdp_rdp_send_data(self->rdp_layer, s, RDP_DATA_PDU_UPDATE);
+  free_stream(s);
  return 0;
 }

@ -86,7 +89,10 @@ int xrdp_wm_send_bitmap(struct xrdp_wm* self, struct xrdp_bitmap* bitmap,
  int total_lines;
  int lines_sending;
  char* p;
+  struct stream* s;

+  make_stream(s);
+  init_stream(s, 8192);
  data_size = bitmap->width * bitmap->height * ((bitmap->bpp + 7) / 8);
  line_size = bitmap->width * ((bitmap->bpp + 7) / 8);
  total_lines = data_size / line_size;
@ -97,21 +103,21 @@ int xrdp_wm_send_bitmap(struct xrdp_wm* self, struct xrdp_bitmap* bitmap,
    lines_sending = total_lines;
  while (i < total_lines)
  {
-    xrdp_rdp_init_data(self->rdp_layer, 8192);
-    out_uint16_le(self->out_s, RDP_UPDATE_BITMAP);
-    out_uint16_le(self->out_s, 1); /* num updates */
-    out_uint16_le(self->out_s, x);
-    out_uint16_le(self->out_s, y + i);
-    out_uint16_le(self->out_s, (x + cx) - 1);
-    out_uint16_le(self->out_s, (y + i + cy) - 1);
-    out_uint16_le(self->out_s, bitmap->width);
-    out_uint16_le(self->out_s, lines_sending);
-    out_uint16_le(self->out_s, bitmap->bpp); /* bpp */
-    out_uint16_le(self->out_s, 0); /* compress */
-    out_uint16_le(self->out_s, line_size * lines_sending); /* bufsize */
-    out_uint8a(self->out_s, p, line_size * lines_sending);
-    s_mark_end(self->out_s);
-    xrdp_rdp_send_data(self->rdp_layer, RDP_DATA_PDU_UPDATE);
+    xrdp_rdp_init_data(self->rdp_layer, s);
+    out_uint16_le(s, RDP_UPDATE_BITMAP);
+    out_uint16_le(s, 1); /* num updates */
+    out_uint16_le(s, x);
+    out_uint16_le(s, y + i);
+    out_uint16_le(s, (x + cx) - 1);
+    out_uint16_le(s, (y + i + cy) - 1);
+    out_uint16_le(s, bitmap->width);
+    out_uint16_le(s, lines_sending);
+    out_uint16_le(s, bitmap->bpp); /* bpp */
+    out_uint16_le(s, 0); /* compress */
+    out_uint16_le(s, line_size * lines_sending); /* bufsize */
+    out_uint8a(s, p, line_size * lines_sending);
+    s_mark_end(s);
+    xrdp_rdp_send_data(self->rdp_layer, s, RDP_DATA_PDU_UPDATE);
    p = p + line_size * lines_sending;
    i = i + lines_sending;
    if (i + lines_sending > total_lines)
@ -119,6 +125,7 @@ int xrdp_wm_send_bitmap(struct xrdp_wm* self, struct xrdp_bitmap* bitmap,
    if (lines_sending <= 0)
      break;
  }
+  free_stream(s);
  return 0;
 }

@ -262,12 +269,17 @@ int xrdp_wm_login_notify(struct xrdp_bitmap* wnd,
 /*****************************************************************************/
 int xrdp_set_cursor(struct xrdp_wm* self, int cache_idx)
 {
-  xrdp_rdp_init_data(self->rdp_layer, 8000);
-  out_uint16_le(self->out_s, RDP_POINTER_CACHED);
-  out_uint16_le(self->out_s, 0); /* pad */
-  out_uint16_le(self->out_s, cache_idx); /* cache_idx */
-  s_mark_end(self->out_s);
-  xrdp_rdp_send_data(self->rdp_layer, RDP_DATA_PDU_POINTER);
+  struct stream* s;
+
+  make_stream(s);
+  init_stream(s, 8192);
+  xrdp_rdp_init_data(self->rdp_layer, s);
+  out_uint16_le(s, RDP_POINTER_CACHED);
+  out_uint16_le(s, 0); /* pad */
+  out_uint16_le(s, cache_idx); /* cache_idx */
+  s_mark_end(s);
+  xrdp_rdp_send_data(self->rdp_layer, s, RDP_DATA_PDU_POINTER);
+  free_stream(s);
  return 0;
 }

@ -313,68 +325,75 @@ int xrdp_send_cursor(struct xrdp_wm* self, char* file_name, int cache_idx)
  int rv;
  int pixel;
  int palette[16];
+  struct stream* fs;
  struct stream* s;

  rv = 1;
-  s = (struct stream*)g_malloc(sizeof(struct stream), 1);
-  init_stream(s, 8001);
+  make_stream(s);
+  init_stream(s, 8192);
+  make_stream(fs);
+  init_stream(fs, 8192);
  fd = g_file_open(file_name);
-  g_file_read(fd, s->data, 8000);
+  g_file_read(fd, fs->data, 8192);
  g_file_close(fd);
-  in_uint8s(s, 6);
-  in_uint8(s, w);
-  in_uint8(s, h);
-  in_uint8s(s, 2);
-  in_uint16_le(s, x);
-  in_uint16_le(s, y);
-  in_uint8s(s, 22);
-  in_uint8(s, bpp);
-  in_uint8s(s, 25);
+  in_uint8s(fs, 6);
+  in_uint8(fs, w);
+  in_uint8(fs, h);
+  in_uint8s(fs, 2);
+  in_uint16_le(fs, x);
+  in_uint16_le(fs, y);
+  in_uint8s(fs, 22);
+  in_uint8(fs, bpp);
+  in_uint8s(fs, 25);
  if (w == 32 && h == 32)
  {
-    xrdp_rdp_init_data(self->rdp_layer, 8000);
-    out_uint16_le(self->out_s, RDP_POINTER_COLOR);
-    out_uint16_le(self->out_s, 0); /* pad */
-    out_uint16_le(self->out_s, cache_idx); /* cache_idx */
-    out_uint16_le(self->out_s, x);
-    out_uint16_le(self->out_s, y);
-    out_uint16_le(self->out_s, w);
-    out_uint16_le(self->out_s, h);
-    out_uint16_le(self->out_s, 128);
-    out_uint16_le(self->out_s, 3072);
+    xrdp_rdp_init_data(self->rdp_layer, s);
+    out_uint16_le(s, RDP_POINTER_COLOR);
+    out_uint16_le(s, 0); /* pad */
+    out_uint16_le(s, cache_idx); /* cache_idx */
+    out_uint16_le(s, x);
+    out_uint16_le(s, y);
+    out_uint16_le(s, w);
+    out_uint16_le(s, h);
+    out_uint16_le(s, 128);
+    out_uint16_le(s, 3072);
    if (bpp == 1)
    {
-      in_uint8a(s, palette, 8);
+      in_uint8a(fs, palette, 8);
      for (i = 0; i < 32; i++)
+      {
        for (j = 0; j < 32; j++)
        {
-          pixel = palette[xrdp_wm_get_pixel(s->p, j, i, 32, 1)];
-          out_uint8(self->out_s, pixel);
-          out_uint8(self->out_s, pixel >> 8);
-          out_uint8(self->out_s, pixel >> 16);
+          pixel = palette[xrdp_wm_get_pixel(fs->p, j, i, 32, 1)];
+          out_uint8(s, pixel);
+          out_uint8(s, pixel >> 8);
+          out_uint8(s, pixel >> 16);
        }
-      in_uint8s(s, 128);
+      }
+      in_uint8s(fs, 128);
    }
    else if (bpp == 4)
    {
-      in_uint8a(s, palette, 64);
+      in_uint8a(fs, palette, 64);
      for (i = 0; i < 32; i++)
+      {
        for (j = 0; j < 32; j++)
        {
-          pixel = palette[xrdp_wm_get_pixel(s->p, j, i, 32, 4)];
-          out_uint8(self->out_s, pixel);
-          out_uint8(self->out_s, pixel >> 8);
-          out_uint8(self->out_s, pixel >> 16);
+          pixel = palette[xrdp_wm_get_pixel(fs->p, j, i, 32, 4)];
+          out_uint8(s, pixel);
+          out_uint8(s, pixel >> 8);
+          out_uint8(s, pixel >> 16);
        }
-      in_uint8s(s, 512);
+      }
+      in_uint8s(fs, 512);
    }
-    out_uint8a(self->out_s, s->p, 128); /* mask */
-    s_mark_end(self->out_s);
-    xrdp_rdp_send_data(self->rdp_layer, RDP_DATA_PDU_POINTER);
+    out_uint8a(s, fs->p, 128); /* mask */
+    s_mark_end(s);
+    xrdp_rdp_send_data(self->rdp_layer, s, RDP_DATA_PDU_POINTER);
    rv = 0;
  }
-  g_free(s->data);
-  g_free(s);
+  free_stream(s);
+  free_stream(fs);
  return rv;
 }