From 87e9a24b1e0204aca4206fdc1ce75fe55a3eb580 Mon Sep 17 00:00:00 2001
From: Bernhard Miklautz <bmiklautz@thinstuff.at>
Date: Mon, 1 Jul 2013 19:07:35 +0200
Subject: [PATCH 1/2] tls: updated certificate mismatch message

Added information to the message if the name found is an CN or an
alternative name. Also print a message if no CN was not found instead
of (null).
---
 libfreerdp/crypto/tls.c | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index a15be3ea4..22a74fdfe 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -685,7 +685,8 @@ BOOL tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname)
 	}
 
 #ifndef _WIN32
-	free(common_name);
+	if (common_name)
+		free(common_name);
 #endif
 
 	return verification_status;
@@ -715,25 +716,20 @@ void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name
 	fprintf(stderr, "@           WARNING: CERTIFICATE NAME MISMATCH!           @\n");
 	fprintf(stderr, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n");
 	fprintf(stderr, "The hostname used for this connection (%s) \n", hostname);
-
-	if (alt_names_count < 1)
+	fprintf(stderr, "does not match %s given in the certificate:\n", alt_names_count < 1 ? "the name" : "any of the names");
+	fprintf(stderr, "Common Name (CN):\n");
+	fprintf(stderr, "\t%s\n", common_name ? common_name : "no CN found in certificate");
+	if (alt_names_count > 1)
 	{
-		fprintf(stderr, "does not match the name given in the certificate:\n");
-		fprintf(stderr, "%s\n", common_name);
-	}
-	else
-	{
-		fprintf(stderr, "does not match the names given in the certificate:\n");
-		fprintf(stderr, "%s", common_name);
-
-		for (index = 0; index < alt_names_count; index++)
+		fprintf(stderr, "Alternative names:\n");
+		if (alt_names_count > 1)
 		{
-			fprintf(stderr, ", %s", alt_names[index]);
+			for (index = 0; index < alt_names_count; index++)
+			{
+				fprintf(stderr, "\t %s\n", alt_names[index]);
+			}
 		}
-
-		fprintf(stderr, "\n");
 	}
-
 	fprintf(stderr, "A valid certificate for the wrong name should NOT be trusted!\n");
 }
 

From 0773bb9303d24473fe1185d85a424dfe159aff53 Mon Sep 17 00:00:00 2001
From: Bernhard Miklautz <bmiklautz@thinstuff.at>
Date: Mon, 1 Jul 2013 19:24:19 +0200
Subject: [PATCH 2/2] nla: invalidate sec handle after creation

If sec pointer isn't invalidated after creation it is not possible
to check if the upper and lower pointers are valid.

This fixes a segfault in the server part if the client disconnects before
the authentication was finished.
---
 libfreerdp/core/nla.c       | 1 +
 libfreerdp/core/peer.c      | 1 +
 libfreerdp/core/transport.c | 2 ++
 winpr/libwinpr/sspi/sspi.c  | 6 +++---
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c
index 2b4b71992..875c0ae73 100644
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@@ -1245,6 +1245,7 @@ rdpCredssp* credssp_new(freerdp* instance, rdpTransport* transport, rdpSettings*
 		ZeroMemory(&credssp->negoToken, sizeof(SecBuffer));
 		ZeroMemory(&credssp->pubKeyAuth, sizeof(SecBuffer));
 		ZeroMemory(&credssp->authInfo, sizeof(SecBuffer));
+		SecInvalidateHandle(&credssp->context);
 
 		if (credssp->server)
 		{
diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c
index 3806a736e..eb4ad60ea 100644
--- a/libfreerdp/core/peer.c
+++ b/libfreerdp/core/peer.c
@@ -272,6 +272,7 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra)
 				sspi_CopyAuthIdentity(&client->identity, &(rdp->nego->transport->credssp->identity));
 				IFCALLRET(client->Logon, client->authenticated, client, &client->identity, TRUE);
 				credssp_free(rdp->nego->transport->credssp);
+				rdp->nego->transport->credssp = NULL;
 			}
 			else
 			{
diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c
index a9a710511..4afec5a12 100644
--- a/libfreerdp/core/transport.c
+++ b/libfreerdp/core/transport.c
@@ -159,6 +159,7 @@ BOOL transport_connect_nla(rdpTransport* transport)
 			"If credentials are valid, the NTLMSSP implementation may be to blame.\n");
 
 		credssp_free(transport->credssp);
+		transport->credssp = NULL;
 		return FALSE;
 	}
 
@@ -292,6 +293,7 @@ BOOL transport_accept_nla(rdpTransport* transport)
 	{
 		fprintf(stderr, "client authentication failure\n");
 		credssp_free(transport->credssp);
+		transport->credssp = NULL;
 		return FALSE;
 	}
 
diff --git a/winpr/libwinpr/sspi/sspi.c b/winpr/libwinpr/sspi/sspi.c
index 8747e3f01..96c959995 100644
--- a/winpr/libwinpr/sspi/sspi.c
+++ b/winpr/libwinpr/sspi/sspi.c
@@ -248,7 +248,7 @@ void* sspi_SecureHandleGetLowerPointer(SecHandle* handle)
 {
 	void* pointer;
 
-	if (!handle)
+	if (!handle || !SecIsValidHandle(handle))
 		return NULL;
 
 	pointer = (void*) ~((size_t) handle->dwLower);
@@ -268,7 +268,7 @@ void* sspi_SecureHandleGetUpperPointer(SecHandle* handle)
 {
 	void* pointer;
 
-	if (!handle)
+	if (!handle || !SecIsValidHandle(handle))
 		return NULL;
 
 	pointer = (void*) ~((size_t) handle->dwUpper);
@@ -839,7 +839,7 @@ SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDes
 
 SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext)
 {
-	char* Name;
+	char* Name = NULL;
 	SECURITY_STATUS status;
 	SecurityFunctionTableA* table;