VirtualBox RDP server sends two PDUs inside userData of one sendDataIndication.

[kiilerix]

VirtualBox RDP server will occasionally send extra data inside encrypted PDUs.

One example is that the VirtualBox server sends a sendDataIndication containing:

     initiator: User Channel
     channelId: I/O Channel
     dataPriority: high
     segmentation: begin end
     sec_flags: SEC_ENCRYPT

userData contains a security header that specifies encryption, and the decrypted data are:

18 00 07 00 00 00 00 00 00 00 00 00 06 00 1b 00 00 00 07 00 00 00 02 00
18 00 07 00 00 00 00 00 00 00 00 00 06 00 1b 00 00 00 07 00 00 00 03 00

It apparently contains two Share Data Header messages.

Note the similarity with the spurious message that is reported on ​http://www.virtualbox.org/ticket/8032 . I have also seen the issue with other "normal" (and much longer) PDUs.

I don't see any indication in the RDP specification that two messages in one sendDataIndication is permitted and I consider this a bug in the protocol implementation.

Microsofts RDP implementation never sends that.

AFAICS it is not defined how client implementations should handle such data, and they might choose to ignore the extra data or to fail because the received data obviously were wrong and nothing can be trusted.

I have only seen this when running XP (with Guest Additions) inside the VM. I have never seen it with linux and X (without additions) inside the VM. It mostly happens when minimizing/maximizing and moving the mouse in/out of the RDP client.

Please make sure that all Share Data Headers are sent in individual packages. That will allow interoperability with strictly protocol compliant clients.

VirtualBox-4.0-4.0.0_69151_fedora14-1.i686
Oracle_VM_VirtualBox_Extension_Pack-4.0.0-69151.vbox-extpack