mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nla: invalidate sec handle after creation

Browse Source 
If sec pointer isn't invalidated after creation it is not possible
to check if the upper and lower pointers are valid.

This fixes a segfault in the server part if the client disconnects before
the authentication was finished.
This commit is contained in:
Bernhard Miklautz 2013-07-01 19:24:19 +02:00
parent 87e9a24b1e
commit 0773bb9303
4 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libfreerdp/core/nla.c
View File

@ -1245,6 +1245,7 @@ rdpCredssp* credssp_new(freerdp* instance, rdpTransport* transport, rdpSettings*
ZeroMemory(&credssp->negoToken, sizeof(SecBuffer)); ZeroMemory(&credssp->negoToken, sizeof(SecBuffer));
ZeroMemory(&credssp->pubKeyAuth, sizeof(SecBuffer)); ZeroMemory(&credssp->pubKeyAuth, sizeof(SecBuffer));
ZeroMemory(&credssp->authInfo, sizeof(SecBuffer)); ZeroMemory(&credssp->authInfo, sizeof(SecBuffer));
SecInvalidateHandle(&credssp->context);
if (credssp->server) if (credssp->server)
{ {

1
libfreerdp/core/peer.c
View File

@ -272,6 +272,7 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
sspi_CopyAuthIdentity(&client->identity, &(rdp->nego->transport->credssp->identity)); sspi_CopyAuthIdentity(&client->identity, &(rdp->nego->transport->credssp->identity));
IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE); IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE);
credssp_free(rdp->nego->transport->credssp); credssp_free(rdp->nego->transport->credssp);
rdp->nego->transport->credssp = NULL;
} }
else else
{ {

2
libfreerdp/core/transport.c
View File

@ -159,6 +159,7 @@ BOOL transport_connect_nla(rdpTransport* transport)
"If credentials are valid, the NTLMSSP implementation may be to blame.\n"); "If credentials are valid, the NTLMSSP implementation may be to blame.\n");
credssp_free(transport->credssp); credssp_free(transport->credssp);
transport->credssp = NULL;
return FALSE; return FALSE;
} }
@ -292,6 +293,7 @@ BOOL transport_accept_nla(rdpTransport* transport)
{ {
fprintf(stderr, "client authentication failure\n"); fprintf(stderr, "client authentication failure\n");
credssp_free(transport->credssp); credssp_free(transport->credssp);
transport->credssp = NULL;
return FALSE; return FALSE;
} }

6
winpr/libwinpr/sspi/sspi.c
View File

@ -248,7 +248,7 @@ void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
{ {
void* pointer; void* pointer;
if (!handle) if (!handle || !SecIsValidHandle(handle))
return NULL; return NULL;
pointer = (void*) ~((size_t) handle->dwLower); pointer = (void*) ~((size_t) handle->dwLower);
@ -268,7 +268,7 @@ void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
{ {
void* pointer; void* pointer;
if (!handle) if (!handle || !SecIsValidHandle(handle))
return NULL; return NULL;
pointer = (void*) ~((size_t) handle->dwUpper); pointer = (void*) ~((size_t) handle->dwUpper);
@ -839,7 +839,7 @@ SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDes
SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext) SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext)
{ {
char* Name; char* Name = NULL;
SECURITY_STATUS status; SECURITY_STATUS status;
SecurityFunctionTableA* table; SecurityFunctionTableA* table;