summaryrefslogtreecommitdiffstats
path: root/winpr/libwinpr/sspi
diff options
context:
space:
mode:
Diffstat (limited to 'winpr/libwinpr/sspi')
-rw-r--r--winpr/libwinpr/sspi/Kerberos/kerberos.c4
-rw-r--r--winpr/libwinpr/sspi/Kerberos/krb5glue_mit.c7
-rw-r--r--winpr/libwinpr/sspi/NTLM/ntlm.c6
-rw-r--r--winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c7
-rw-r--r--winpr/libwinpr/sspi/NTLM/ntlm_compute.c9
-rw-r--r--winpr/libwinpr/sspi/Negotiate/negotiate.c17
6 files changed, 36 insertions, 14 deletions
diff --git a/winpr/libwinpr/sspi/Kerberos/kerberos.c b/winpr/libwinpr/sspi/Kerberos/kerberos.c
index b7b71f9..3cf7786 100644
--- a/winpr/libwinpr/sspi/Kerberos/kerberos.c
+++ b/winpr/libwinpr/sspi/Kerberos/kerberos.c
@@ -657,6 +657,7 @@ static BOOL kerberos_rd_tgt_token(const sspi_gss_data* token, char** target, krb
*buf++ = '@';
strcpy(buf, str);
+ free(str);
return TRUE;
}
else if (val == KRB_TGT_REP)
@@ -1303,6 +1304,9 @@ static KRB_CONTEXT* get_context(PCtxtHandle phContext)
return NULL;
TCHAR* name = sspi_SecureHandleGetUpperPointer(phContext);
+ if (!name)
+ return NULL;
+
if (_tcscmp(KERBEROS_SSP_NAME, name) != 0)
return NULL;
return sspi_SecureHandleGetLowerPointer(phContext);
diff --git a/winpr/libwinpr/sspi/Kerberos/krb5glue_mit.c b/winpr/libwinpr/sspi/Kerberos/krb5glue_mit.c
index 2638b22..619f029 100644
--- a/winpr/libwinpr/sspi/Kerberos/krb5glue_mit.c
+++ b/winpr/libwinpr/sspi/Kerberos/krb5glue_mit.c
@@ -183,7 +183,10 @@ krb5_error_code krb5glue_get_init_creds(krb5_context ctx, krb5_principal princ,
rv = ENOMEM;
if (winpr_asprintf(&kdc_url, &size, "https://%s/KdcProxy", krb_settings->kdcUrl) <= 0)
+ {
+ free(kdc_url);
goto cleanup;
+ }
realm = calloc(princ->realm.length + 1, 1);
if (!realm)
@@ -210,7 +213,7 @@ krb5_error_code krb5glue_get_init_creds(krb5_context ctx, krb5_principal princ,
if ((rv = profile_flush_to_file(profile, tmp_profile_path)))
goto cleanup;
- profile_release(profile);
+ profile_abandon(profile);
profile = NULL;
if ((rv = profile_init_path(tmp_profile_path, &profile)))
goto cleanup;
@@ -239,7 +242,7 @@ cleanup:
krb5_get_init_creds_opt_free(ctx, gic_opt);
if (is_temp_ctx)
krb5_free_context(ctx);
- profile_release(profile);
+ profile_abandon(profile);
winpr_DeleteFile(tmp_profile_path);
free(tmp_profile_path);
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm.c b/winpr/libwinpr/sspi/NTLM/ntlm.c
index 6a2ee6a..bc16a40 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm.c
@@ -1255,7 +1255,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
+ {
+ winpr_HMAC_Free(hmac);
return SEC_E_INTERNAL_ERROR;
+ }
Data_Write_UINT32(&seq_no, MessageSeqNo);
winpr_HMAC_Update(hmac, (BYTE*)&seq_no, 4);
@@ -1303,7 +1306,10 @@ static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
+ {
+ winpr_HMAC_Free(hmac);
return SEC_E_INTERNAL_ERROR;
+ }
Data_Write_UINT32(&seq_no, MessageSeqNo);
winpr_HMAC_Update(hmac, (BYTE*)&seq_no, 4);
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
index 881a743..b270947 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
@@ -124,7 +124,6 @@ static INLINE BOOL ntlm_av_pair_get_id(const NTLM_AV_PAIR* pAvPair, size_t size,
ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList)
{
- size_t size = 0;
size_t cbAvPair = 0;
NTLM_AV_PAIR* pAvPair = NULL;
@@ -132,8 +131,12 @@ ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList)
if (!pAvPair)
return 0;
- size = ((PBYTE)pAvPair - (PBYTE)pAvPairList) + sizeof(NTLM_AV_PAIR);
+ if (pAvPair < pAvPairList)
+ return 0;
+
+ const size_t size = ((PBYTE)pAvPair - (PBYTE)pAvPairList) + sizeof(NTLM_AV_PAIR);
WINPR_ASSERT(size <= ULONG_MAX);
+ WINPR_ASSERT(size >= 0);
return (ULONG)size;
}
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
index 9c6e818..69970c8 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@@ -248,15 +248,12 @@ BOOL ntlm_write_ntlm_v2_response(wStream* s, const NTLMv2_RESPONSE* response)
void ntlm_current_time(BYTE* timestamp)
{
- FILETIME filetime = { 0 };
- ULARGE_INTEGER time64 = { 0 };
+ FILETIME ft = { 0 };
WINPR_ASSERT(timestamp);
- GetSystemTimeAsFileTime(&filetime);
- time64.u.LowPart = filetime.dwLowDateTime;
- time64.u.HighPart = filetime.dwHighDateTime;
- CopyMemory(timestamp, &(time64.QuadPart), 8);
+ GetSystemTimeAsFileTime(&ft);
+ CopyMemory(timestamp, &(ft), sizeof(ft));
}
/**
diff --git a/winpr/libwinpr/sspi/Negotiate/negotiate.c b/winpr/libwinpr/sspi/Negotiate/negotiate.c
index 7249399..66d8d53 100644
--- a/winpr/libwinpr/sspi/Negotiate/negotiate.c
+++ b/winpr/libwinpr/sspi/Negotiate/negotiate.c
@@ -97,13 +97,14 @@ static const WinPrAsn1_OID negoex_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x
#ifdef WITH_KRB5
static const SecPkg SecPkgTable[] = {
{ KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW },
+ { KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW },
{ NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA, &NTLM_SecurityFunctionTableW }
};
static const Mech MechTable[] = {
{ &kerberos_u2u_OID, &SecPkgTable[0], ISC_REQ_INTEGRITY | ISC_REQ_USE_SESSION_KEY, TRUE },
- { &kerberos_OID, &SecPkgTable[0], ISC_REQ_INTEGRITY, TRUE },
- { &ntlm_OID, &SecPkgTable[1], 0, FALSE },
+ { &kerberos_OID, &SecPkgTable[1], ISC_REQ_INTEGRITY, TRUE },
+ { &ntlm_OID, &SecPkgTable[2], 0, FALSE },
};
#else
static const SecPkg SecPkgTable[] = { { NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA,
@@ -599,7 +600,11 @@ static SECURITY_STATUS negotiate_mic_exchange(NEGOTIATE_CONTEXT* context, NegTok
}
/* When using NTLM cipher states need to be reset after mic exchange */
- if (_tcscmp(sspi_SecureHandleGetUpperPointer(&context->sub_context), NTLM_SSP_NAME) == 0)
+ const TCHAR* name = sspi_SecureHandleGetUpperPointer(&context->sub_context);
+ if (!name)
+ return SEC_E_INTERNAL_ERROR;
+
+ if (_tcscmp(name, NTLM_SSP_NAME) == 0)
{
if (!ntlm_reset_cipher_state(&context->sub_context))
return SEC_E_INTERNAL_ERROR;
@@ -674,6 +679,9 @@ static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(
if (!init_context.mech)
{
/* Use the output buffer to store the optimistic token */
+ if (!output_buffer)
+ goto cleanup;
+
CopyMemory(&output_token.mechToken, output_buffer, sizeof(SecBuffer));
if (bindings_buffer)
@@ -1127,7 +1135,8 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(
return SEC_E_INVALID_TOKEN;
/* Use the output buffer to store the optimistic token */
- CopyMemory(&output_token.mechToken, output_buffer, sizeof(SecBuffer));
+ if (output_buffer)
+ CopyMemory(&output_token.mechToken, output_buffer, sizeof(SecBuffer));
status = context->mech->pkg->table->AcceptSecurityContext(
sub_cred, &context->sub_context, &mech_input, fContextReq | context->mech->flags,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 22:53:43 +0000