diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 2b4b71992..875c0ae73 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -1245,6 +1245,7 @@ rdpCredssp* credssp_new(freerdp* instance, rdpTransport* transport, rdpSettings* ZeroMemory(&credssp->negoToken, sizeof(SecBuffer)); ZeroMemory(&credssp->pubKeyAuth, sizeof(SecBuffer)); ZeroMemory(&credssp->authInfo, sizeof(SecBuffer)); + SecInvalidateHandle(&credssp->context); if (credssp->server) { diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c index 3806a736e..eb4ad60ea 100644 --- a/libfreerdp/core/peer.c +++ b/libfreerdp/core/peer.c @@ -272,6 +272,7 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra) sspi_CopyAuthIdentity(&client->identity, &(rdp->nego->transport->credssp->identity)); IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE); credssp_free(rdp->nego->transport->credssp); + rdp->nego->transport->credssp = NULL; } else { diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index a9a710511..4afec5a12 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -159,6 +159,7 @@ BOOL transport_connect_nla(rdpTransport* transport) "If credentials are valid, the NTLMSSP implementation may be to blame.\n"); credssp_free(transport->credssp); + transport->credssp = NULL; return FALSE; } @@ -292,6 +293,7 @@ BOOL transport_accept_nla(rdpTransport* transport) { fprintf(stderr, "client authentication failure\n"); credssp_free(transport->credssp); + transport->credssp = NULL; return FALSE; } diff --git a/winpr/libwinpr/sspi/sspi.c b/winpr/libwinpr/sspi/sspi.c index 8747e3f01..96c959995 100644 --- a/winpr/libwinpr/sspi/sspi.c +++ b/winpr/libwinpr/sspi/sspi.c @@ -248,7 +248,7 @@ void* sspi_SecureHandleGetLowerPointer(SecHandle* handle) { void* pointer; - if (!handle) + if (!handle || !SecIsValidHandle(handle)) return NULL; pointer = (void*) ~((size_t) handle->dwLower); @@ -268,7 +268,7 @@ void* sspi_SecureHandleGetUpperPointer(SecHandle* handle) { void* pointer; - if (!handle) + if (!handle || !SecIsValidHandle(handle)) return NULL; pointer = (void*) ~((size_t) handle->dwUpper); @@ -839,7 +839,7 @@ SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDes SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext) { - char* Name; + char* Name = NULL; SECURITY_STATUS status; SecurityFunctionTableA* table;