Marc-André Moreau
commit
691813b847
@ -1245,6 +1245,7 @@ rdpCredssp* credssp_new(freerdp* instance, rdpTransport* transport, rdpSettings*
|
||||
ZeroMemory(&credssp->negoToken, sizeof(SecBuffer));
|
||||
ZeroMemory(&credssp->pubKeyAuth, sizeof(SecBuffer));
|
||||
ZeroMemory(&credssp->authInfo, sizeof(SecBuffer));
|
||||
SecInvalidateHandle(&credssp->context);
|
||||
|
||||
if (credssp->server)
|
||||
{
|
||||
|
||||
@ -272,6 +272,7 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
|
||||
sspi_CopyAuthIdentity(&client->identity, &(rdp->nego->transport->credssp->identity));
|
||||
IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE);
|
||||
credssp_free(rdp->nego->transport->credssp);
|
||||
rdp->nego->transport->credssp = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -159,6 +159,7 @@ BOOL transport_connect_nla(rdpTransport* transport)
|
||||
"If credentials are valid, the NTLMSSP implementation may be to blame.\n");
|
||||
|
||||
credssp_free(transport->credssp);
|
||||
transport->credssp = NULL;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@ -292,6 +293,7 @@ BOOL transport_accept_nla(rdpTransport* transport)
|
||||
{
|
||||
fprintf(stderr, "client authentication failure\n");
|
||||
credssp_free(transport->credssp);
|
||||
transport->credssp = NULL;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
@ -685,7 +685,8 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
|
||||
}
|
||||
|
||||
#ifndef _WIN32
|
||||
free(common_name);
|
||||
if (common_name)
|
||||
free(common_name);
|
||||
#endif
|
||||
|
||||
return verification_status;
|
||||
@ -715,25 +716,20 @@ void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name
|
||||
fprintf(stderr, "@ WARNING: CERTIFICATE NAME MISMATCH! @\n");
|
||||
fprintf(stderr, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n");
|
||||
fprintf(stderr, "The hostname used for this connection (%s) \n", hostname);
|
||||
|
||||
if (alt_names_count < 1)
|
||||
fprintf(stderr, "does not match %s given in the certificate:\n", alt_names_count < 1 ? "the name" : "any of the names");
|
||||
fprintf(stderr, "Common Name (CN):\n");
|
||||
fprintf(stderr, "\t%s\n", common_name ? common_name : "no CN found in certificate");
|
||||
if (alt_names_count > 1)
|
||||
{
|
||||
fprintf(stderr, "does not match the name given in the certificate:\n");
|
||||
fprintf(stderr, "%s\n", common_name);
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(stderr, "does not match the names given in the certificate:\n");
|
||||
fprintf(stderr, "%s", common_name);
|
||||
|
||||
for (index = 0; index < alt_names_count; index++)
|
||||
fprintf(stderr, "Alternative names:\n");
|
||||
if (alt_names_count > 1)
|
||||
{
|
||||
fprintf(stderr, ", %s", alt_names[index]);
|
||||
for (index = 0; index < alt_names_count; index++)
|
||||
{
|
||||
fprintf(stderr, "\t %s\n", alt_names[index]);
|
||||
}
|
||||
}
|
||||
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
|
||||
fprintf(stderr, "A valid certificate for the wrong name should NOT be trusted!\n");
|
||||
}
|
||||
|
||||
|
||||
@ -248,7 +248,7 @@ void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
|
||||
{
|
||||
void* pointer;
|
||||
|
||||
if (!handle)
|
||||
if (!handle || !SecIsValidHandle(handle))
|
||||
return NULL;
|
||||
|
||||
pointer = (void*) ~((size_t) handle->dwLower);
|
||||
@ -268,7 +268,7 @@ void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
|
||||
{
|
||||
void* pointer;
|
||||
|
||||
if (!handle)
|
||||
if (!handle || !SecIsValidHandle(handle))
|
||||
return NULL;
|
||||
|
||||
pointer = (void*) ~((size_t) handle->dwUpper);
|
||||
@ -839,7 +839,7 @@ SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDes
|
||||
|
||||
SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext)
|
||||
{
|
||||
char* Name;
|
||||
char* Name = NULL;
|
||||
SECURITY_STATUS status;
|
||||
SecurityFunctionTableA* table;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user