mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

spnego: add NegoEx in known mechType and don't segfault with unknown mechType

Browse Source 
NegoEx is a known and very common mechType when the client is mstsc.
The patch also fixes a segfault that was happening when we were logging a mech that
we don't support.
This commit is contained in:
David Fort 2023-10-26 15:37:52 +02:00 committed by akallabeth
parent 13b44b8b77
commit 0d975f9c27
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
winpr/libwinpr/sspi/Negotiate/negotiate.c
View File

@ -96,6 +96,8 @@ static const WinPrAsn1_OID kerberos_wrong_OID = { 9,
(BYTE*)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" }; (BYTE*)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" };
static const WinPrAsn1_OID ntlm_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }; static const WinPrAsn1_OID ntlm_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
static const WinPrAsn1_OID negoex_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e" };
#ifdef WITH_KRB5 #ifdef WITH_KRB5
static const SecPkg SecPkgTable[] = { static const SecPkg SecPkgTable[] = {
{ KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW }, { KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW },
@ -186,6 +188,8 @@ static const char* negotiate_mech_name(const WinPrAsn1_OID* oid)
return "Kerberos [wrong OID] (1.2.840.48018.1.2.2)"; return "Kerberos [wrong OID] (1.2.840.48018.1.2.2)";
else if (sspi_gss_oid_compare(oid, &ntlm_OID)) else if (sspi_gss_oid_compare(oid, &ntlm_OID))
return "NTLM (1.3.6.1.4.1.311.2.2.10)"; return "NTLM (1.3.6.1.4.1.311.2.2.10)";
else if (sspi_gss_oid_compare(oid, &negoex_OID))
return "NegoEx (1.3.6.1.4.1.311.2.2.30)";
else else
return "Unknown mechanism"; return "Unknown mechanism";
} }
@ -1049,7 +1053,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(
return SEC_E_INVALID_TOKEN; return SEC_E_INVALID_TOKEN;
init_context.mech = negotiate_GetMechByOID(&oid); init_context.mech = negotiate_GetMechByOID(&oid);
WLog_DBG(TAG, "Requested mechanism: %s", negotiate_mech_name(init_context.mech->oid)); WLog_DBG(TAG, "Requested mechanism: %s", negotiate_mech_name(&oid));
/* Microsoft may send two versions of the kerberos OID */ /* Microsoft may send two versions of the kerberos OID */
if (init_context.mech == first_mech) if (init_context.mech == first_mech)