From 0d975f9c279d0b8eb57924da5c8b73cecb72ec11 Mon Sep 17 00:00:00 2001 From: David Fort Date: Thu, 26 Oct 2023 15:37:52 +0200 Subject: [PATCH] spnego: add NegoEx in known mechType and don't segfault with unknown mechType NegoEx is a known and very common mechType when the client is mstsc. The patch also fixes a segfault that was happening when we were logging a mech that we don't support. --- winpr/libwinpr/sspi/Negotiate/negotiate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/winpr/libwinpr/sspi/Negotiate/negotiate.c b/winpr/libwinpr/sspi/Negotiate/negotiate.c index b6c2797e4..25c4a1658 100644 --- a/winpr/libwinpr/sspi/Negotiate/negotiate.c +++ b/winpr/libwinpr/sspi/Negotiate/negotiate.c @@ -96,6 +96,8 @@ static const WinPrAsn1_OID kerberos_wrong_OID = { 9, (BYTE*)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" }; static const WinPrAsn1_OID ntlm_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }; +static const WinPrAsn1_OID negoex_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e" }; + #ifdef WITH_KRB5 static const SecPkg SecPkgTable[] = { { KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW }, @@ -186,6 +188,8 @@ static const char* negotiate_mech_name(const WinPrAsn1_OID* oid) return "Kerberos [wrong OID] (1.2.840.48018.1.2.2)"; else if (sspi_gss_oid_compare(oid, &ntlm_OID)) return "NTLM (1.3.6.1.4.1.311.2.2.10)"; + else if (sspi_gss_oid_compare(oid, &negoex_OID)) + return "NegoEx (1.3.6.1.4.1.311.2.2.30)"; else return "Unknown mechanism"; } @@ -1049,7 +1053,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext( return SEC_E_INVALID_TOKEN; init_context.mech = negotiate_GetMechByOID(&oid); - WLog_DBG(TAG, "Requested mechanism: %s", negotiate_mech_name(init_context.mech->oid)); + WLog_DBG(TAG, "Requested mechanism: %s", negotiate_mech_name(&oid)); /* Microsoft may send two versions of the kerberos OID */ if (init_context.mech == first_mech)