mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nla: invalidate sec handle after creation

Browse Source 
If sec pointer isn't invalidated after creation it is not possible
to check if the upper and lower pointers are valid.

This fixes a segfault in the server part if the client disconnects before
the authentication was finished.
This commit is contained in:
Bernhard Miklautz 2013-07-01 19:24:19 +02:00
parent 87e9a24b1e
commit 0773bb9303
4 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libfreerdp/core/nla.c
View File

@ -1245,6 +1245,7 @@ rdpCredssp* credssp_new(freerdp* instance, rdpTransport* transport, rdpSettings*
ZeroMemory(&credssp->negoToken, sizeof(SecBuffer));
ZeroMemory(&credssp->pubKeyAuth, sizeof(SecBuffer));
ZeroMemory(&credssp->authInfo, sizeof(SecBuffer));
SecInvalidateHandle(&credssp->context);
if (credssp->server)
{

1
libfreerdp/core/peer.c
View File

@ -272,6 +272,7 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
sspi_CopyAuthIdentity(&client->identity, &(rdp->nego->transport->credssp->identity));
IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE);
credssp_free(rdp->nego->transport->credssp);
rdp->nego->transport->credssp = NULL;
}
else
{

2
libfreerdp/core/transport.c
View File

@ -159,6 +159,7 @@ BOOL transport_connect_nla(rdpTransport* transport)
"If credentials are valid, the NTLMSSP implementation may be to blame.\n");
credssp_free(transport->credssp);
transport->credssp = NULL;
return FALSE;
}
@ -292,6 +293,7 @@ BOOL transport_accept_nla(rdpTransport* transport)
{
fprintf(stderr, "client authentication failure\n");
credssp_free(transport->credssp);
transport->credssp = NULL;
return FALSE;
}

6
winpr/libwinpr/sspi/sspi.c
View File

@ -248,7 +248,7 @@ void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
{
void* pointer;
if (!handle)
if (!handle || !SecIsValidHandle(handle))
return NULL;
pointer = (void*) ~((size_t) handle->dwLower);
@ -268,7 +268,7 @@ void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
{
void* pointer;
if (!handle)
if (!handle || !SecIsValidHandle(handle))
return NULL;
pointer = (void*) ~((size_t) handle->dwUpper);
@ -839,7 +839,7 @@ SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDes
SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext)
{
char* Name;
char* Name = NULL;
SECURITY_STATUS status;
SecurityFunctionTableA* table;