nla and cmdline: integrated feedback

* fix possible problems with 0 size lengths * add return value checks
2015-06-23 10:14:11 +02:00 · 2015-06-23 10:14:11 +02:00 · 09445c2b0e
commit 09445c2b0e
parent af81a91ea7
2 changed files with 42 additions and 21 deletions
--- a/client/common/cmdline.c
+++ b/client/common/cmdline.c
@ -2264,17 +2264,23 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings,
 	if (!settings->Domain && user)
 	{
-		freerdp_parse_username(user, &settings->Username, &settings->Domain);
+		int ret;
 		ret = freerdp_parse_username(user, &settings->Username, &settings->Domain);
 		free(user);
 		if (ret != 0 )
 			return COMMAND_LINE_ERROR;
 	}
 	else
 		settings->Username = user;
 	if (!settings->GatewayDomain && gwUser)
 	{
-		freerdp_parse_username(gwUser, &settings->GatewayUsername,
+		int ret;
 		ret = freerdp_parse_username(gwUser, &settings->GatewayUsername,
 				       &settings->GatewayDomain);
 		free(gwUser);
 		if (ret != 0)
 			return COMMAND_LINE_ERROR;
 	}
 	else
 		settings->GatewayUsername = gwUser;
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@ -891,14 +891,18 @@ BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s)
 	{
 		return FALSE;
 	}
 	nla->identity->DomainLength = (UINT32) length;
-	nla->identity->Domain = (UINT16*) malloc(length);
+	if (nla->identity->DomainLength > 0)
-	if (!nla->identity->Domain)
+	{
-		return FALSE;
+		nla->identity->Domain = (UINT16*) malloc(length);
-	CopyMemory(nla->identity->Domain, Stream_Pointer(s), nla->identity->DomainLength);
+		if (!nla->identity->Domain)
-	Stream_Seek(s, nla->identity->DomainLength);
+			return FALSE;
-	nla->identity->DomainLength /= 2;
+		CopyMemory(nla->identity->Domain, Stream_Pointer(s), nla->identity->DomainLength);
 		Stream_Seek(s, nla->identity->DomainLength);
 		nla->identity->DomainLength /= 2;
 	}
 	else
 		nla->identity->Domain = NULL;
 	/* [1] userName (OCTET STRING) */
 	if (!ber_read_contextual_tag(s, 1, &length, TRUE) ||
@ -907,12 +911,17 @@ BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s)
 		return FALSE;
 	}
 	nla->identity->UserLength = (UINT32) length;
-	nla->identity->User = (UINT16*) malloc(length);
+	if (nla->identity->PasswordLength > 0)
-	if (!nla->identity->User)
+	{
-		return FALSE;
+		nla->identity->User = (UINT16 *) malloc(length);
-	CopyMemory(nla->identity->User, Stream_Pointer(s), nla->identity->UserLength);
+		if (!nla->identity->User)
-	Stream_Seek(s, nla->identity->UserLength);
+			return FALSE;
-	nla->identity->UserLength /= 2;
+		CopyMemory(nla->identity->User, Stream_Pointer(s), nla->identity->UserLength);
 		Stream_Seek(s, nla->identity->UserLength);
 		nla->identity->UserLength /= 2;
 	}
 	else
 		nla->identity->User = NULL;
 	/* [2] password (OCTET STRING) */
 	if (!ber_read_contextual_tag(s, 2, &length, TRUE) ||
@ -921,12 +930,18 @@ BOOL nla_read_ts_password_creds(rdpNla* nla, wStream* s)
 		return FALSE;
 	}
 	nla->identity->PasswordLength = (UINT32) length;
-	nla->identity->Password = (UINT16*) malloc(length);
+	if (nla->identity->PasswordLength > 0)
-	if (!nla->identity->Password)
+	{
-		return FALSE;
+		nla->identity->Password = (UINT16 *) malloc(length);
-	CopyMemory(nla->identity->Password, Stream_Pointer(s), nla->identity->PasswordLength);
+		if (!nla->identity->Password)
-	Stream_Seek(s, nla->identity->PasswordLength);
+			return FALSE;
-	nla->identity->PasswordLength /= 2;
+		CopyMemory(nla->identity->Password, Stream_Pointer(s), nla->identity->PasswordLength);
 		Stream_Seek(s, nla->identity->PasswordLength);
 		nla->identity->PasswordLength /= 2;
 	}
 	else
 		nla->identity->Password = NULL;
 	nla->identity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
 	return TRUE;