mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed memory leaks in ntlm

Browse Source
This commit is contained in:
akallabeth 2020-05-25 10:05:57 +02:00 committed by Armin Novak
parent c0fd449ec0
commit 057b6df4ae
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
View File

@ -572,54 +572,54 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
size += 8; /* unknown 8-byte padding */ size += 8; /* unknown 8-byte padding */
if (!sspi_SecBufferAlloc(&context->AuthenticateTargetInfo, size)) if (!sspi_SecBufferAlloc(&context->AuthenticateTargetInfo, size))
return -1; goto fail;
AuthenticateTargetInfo = (NTLM_AV_PAIR*)context->AuthenticateTargetInfo.pvBuffer; AuthenticateTargetInfo = (NTLM_AV_PAIR*)context->AuthenticateTargetInfo.pvBuffer;
cbAuthenticateTargetInfo = context->AuthenticateTargetInfo.cbBuffer; cbAuthenticateTargetInfo = context->AuthenticateTargetInfo.cbBuffer;
if (!ntlm_av_pair_list_init(AuthenticateTargetInfo, cbAuthenticateTargetInfo)) if (!ntlm_av_pair_list_init(AuthenticateTargetInfo, cbAuthenticateTargetInfo))
return -1; goto fail;
if (AvNbDomainName) if (AvNbDomainName)
{ {
if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvNbDomainName, if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvNbDomainName,
cbAvNbDomainName)) cbAvNbDomainName))
return -1; goto fail;
} }
if (AvNbComputerName) if (AvNbComputerName)
{ {
if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
AvNbComputerName, cbAvNbComputerName)) AvNbComputerName, cbAvNbComputerName))
return -1; goto fail;
} }
if (AvDnsDomainName) if (AvDnsDomainName)
{ {
if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
AvDnsDomainName, cbAvDnsDomainName)) AvDnsDomainName, cbAvDnsDomainName))
return -1; goto fail;
} }
if (AvDnsComputerName) if (AvDnsComputerName)
{ {
if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
AvDnsComputerName, cbAvDnsComputerName)) AvDnsComputerName, cbAvDnsComputerName))
return -1; goto fail;
} }
if (AvDnsTreeName) if (AvDnsTreeName)
{ {
if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsTreeName, if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsTreeName,
cbAvDnsTreeName)) cbAvDnsTreeName))
return -1; goto fail;
} }
if (AvTimestamp) if (AvTimestamp)
{ {
if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvTimestamp, if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvTimestamp,
cbAvTimestamp)) cbAvTimestamp))
return -1; goto fail;
} }
if (context->UseMIC) if (context->UseMIC)
@ -629,28 +629,28 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvFlags, if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvFlags,
(PBYTE)&flags, 4)) (PBYTE)&flags, 4))
return -1; goto fail;
} }
if (context->SendSingleHostData) if (context->SendSingleHostData)
{ {
if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvSingleHost, if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvSingleHost,
(PBYTE)&context->SingleHostData, context->SingleHostData.Size)) (PBYTE)&context->SingleHostData, context->SingleHostData.Size))
return -1; goto fail;
} }
if (!context->SuppressExtendedProtection) if (!context->SuppressExtendedProtection)
{ {
if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvChannelBindings, if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvChannelBindings,
context->ChannelBindingsHash, 16)) context->ChannelBindingsHash, 16))
return -1; goto fail;
if (context->ServicePrincipalName.Length > 0) if (context->ServicePrincipalName.Length > 0)
{ {
if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvTargetName, if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvTargetName,
(PBYTE)context->ServicePrincipalName.Buffer, (PBYTE)context->ServicePrincipalName.Buffer,
context->ServicePrincipalName.Length)) context->ServicePrincipalName.Length))
return -1; goto fail;
} }
} }
@ -660,10 +660,13 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
AvEOL = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvEOL, NULL); AvEOL = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvEOL, NULL);
if (!AvEOL) if (!AvEOL)
return -1; goto fail;
ZeroMemory(AvEOL, sizeof(NTLM_AV_PAIR)); ZeroMemory(AvEOL, sizeof(NTLM_AV_PAIR));
} }
return 1; return 1;
fail:
sspi_SecBufferFree(&context->AuthenticateTargetInfo);
return -1;
} }

2
winpr/libwinpr/sspi/NTLM/ntlm_message.c
View File

@ -544,9 +544,9 @@ SECURITY_STATUS ntlm_read_ChallengeMessage(NTLM_CONTEXT* context, PSecBuffer buf
winpr_HexDump(TAG, WLOG_DEBUG, context->Timestamp, 8); winpr_HexDump(TAG, WLOG_DEBUG, context->Timestamp, 8);
#endif #endif
context->state = NTLM_STATE_AUTHENTICATE; context->state = NTLM_STATE_AUTHENTICATE;
ntlm_free_message_fields_buffer(&(message->TargetName));
status = SEC_I_CONTINUE_NEEDED; status = SEC_I_CONTINUE_NEEDED;
fail: fail:
ntlm_free_message_fields_buffer(&(message->TargetName));
Stream_Free(s, FALSE); Stream_Free(s, FALSE);
return status; return status;
} }