Commit Graph

2662 Commits

Author SHA1 Message Date
Armin Novak
7d6e85a886 Fixed uninitialized value 2020-07-01 16:50:20 +02:00
akallabeth
b971c5c97f Use CMake to detect availability of getlogin_r 2020-07-01 16:50:20 +02:00
akallabeth
caff01877d Fixed fallback to getlogin for android 2020-06-22 12:09:36 +02:00
akallabeth
308c2c3544 Removed duplicate semicolon 2020-06-22 11:51:39 +02:00
akallabeth
58a3122250 Fixed OOB read in ntlm_av_pair_get
CVE-2020-11097 thanks to @antonio-morales for finding this.
2020-06-22 11:51:39 +02:00
akallabeth
05cd9ea229 Fixed TrioParse and trio_length limts.
CVE-2020-4030 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
akallabeth
a45afe9db7 Replaced gmtime with gmtime_r 2020-06-22 11:51:38 +02:00
akallabeth
36478d3d0b Replaced getlogin with getlogin_r 2020-06-22 11:51:38 +02:00
akallabeth
240fdd07b1 Replaced localtime with localtime_r 2020-06-22 11:51:38 +02:00
akallabeth
057b6df4ae Fixed memory leaks in ntlm 2020-06-22 11:51:38 +02:00
Armin Novak
8e45a2dd50 Respect SECBUFFER_READONLY flag in NTLM EncryptMessage 2020-06-19 11:31:13 +02:00
Bernhard Miklautz
529e30c273 Revert "winpr/library: Use RTLD_GLOBAL for dlopen"
Using RTLD_GLOBAL in LoadLibraryA introduces a different behavior than
expected.

This reverts commit d566e00258.
2020-06-17 12:59:41 +02:00
Patrick Chin
8515846317 MessageQueue write time to current message not the next 2020-06-09 08:51:53 +02:00
Kobi Mizrachi
920acd4c0e winpr: image: add API to construct bmp header 2020-06-05 09:22:26 +02:00
Ondrej Holy
d566e00258 winpr/library: Use RTLD_GLOBAL for dlopen
LoadLibraryA implementation uses the RTLD_LOCAL flag for dlopen currently.
This flag doesn't allow the symbols to be used by the subsequently loaded
libraries. This is a problem for the video channel when -DBUILTIN_CHANNELS=OFF
is used as it uses functions from the geometry channel. Let's use RTLD_GLOBAL
instead to prevent "undefined symbol" errors in such cases.

Fixes: https://github.com/FreeRDP/FreeRDP/issues/6236
2020-05-27 13:06:12 +02:00
akallabeth
58ef235bc5 Removed unused variable warnings 2020-05-20 15:10:07 +02:00
akallabeth
aea795eecf Fixed invalid argument to strtok_s 2020-05-20 15:10:07 +02:00
akallabeth
45860a5561 Fixed issues with clang sanitizers and alignemt offsets. 2020-05-20 15:10:07 +02:00
akallabeth
7540384db1 utf8 behaviour fixes 2020-05-20 15:10:07 +02:00
akallabeth
401bb836fb Fixed memory leak in NTLM test 2020-05-20 15:10:07 +02:00
akallabeth
b9149df1e6 Fixed BehaviourSanitizer warnings in streams. 2020-05-20 15:10:07 +02:00
akallabeth
1baf67d881 Fixed memory leak in ini parser and test functions. 2020-05-20 15:10:07 +02:00
akallabeth
a887c890f2 Fixed BehaviorSanitizer warnings. 2020-05-20 15:10:07 +02:00
akallabeth
0502bfcfbc Fixed BehaviorSanitizer warnings 2020-05-20 15:10:07 +02:00
akallabeth
535ef57e2e Fixed BehaviorSantizer warnings. 2020-05-20 15:10:07 +02:00
akallabeth
b37d8c9be1 Fixed GHSL-2020-100: oob read in ntlm_read_ChallengeMessage
* Added length checks for data read from stream
* Unified function resource cleanup
2020-05-20 15:10:07 +02:00
Armin Novak
24a8a56694 Fixed #6202: Missing NULL checks 2020-05-20 15:02:24 +02:00
Armin Novak
50278f7076 Fixed #6201: event handler count check 2020-05-20 15:02:24 +02:00
akallabeth
ddb388e152 Refactored sam functions to utilize strtok_s 2020-05-18 12:07:59 +02:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
Kobi Mizrachi
fddda159d9 change use of strtok to strtok_s 2020-05-18 11:08:20 +02:00
akallabeth
7b1d440945 Refactored StreamPool 2020-05-13 17:11:17 +02:00
akallabeth
8d70a3492b Added warning to all collection structs 2020-05-12 14:05:28 +02:00
akallabeth
844ec8f74c Fixed #6136: Cleaned up Stack API 2020-05-12 14:05:28 +02:00
Kentaro Hayashi
148f3c675d Fixed typos (Otherweise)
Otherweise ->
Otherw ise
      ^
2020-05-10 16:35:20 +09:00
akallabeth
bc0a2c277d Silence valgrind in unicode conversion functions
Only check destination buffer for NULL if length argument did not
already indicate the buffer needs to be allocated.
2020-05-08 11:04:03 +02:00
akallabeth
dffd893dc5 Fixed integer overflow in winpr_image_bitmap_read_buffer
Thanks to hac425
2020-05-08 11:04:03 +02:00
akallabeth
8241ab42fd Fixed oob read in ntlm_read_AuthenticateMessage 2020-05-06 13:31:57 +02:00
akallabeth
afdffac4b5 Fixed oob read in ntlm_read_ntlm_v2_response 2020-05-06 13:31:57 +02:00
akallabeth
8fa3835963 Fixed oob read in ntlm_read_NegotiateMessage 2020-05-06 13:31:57 +02:00
qarmin
ceec2cf1a0 Fixed copy paste error in MessagePipe.c 2020-05-01 19:42:46 +02:00
Zhu Qun-Ying
5553be0983
possible memory leak when various functions return failure. (#6110)
* possible memory leak when allocation failed.

* Use initialization in stead of ZeroMemory

* Format with clang-format
2020-04-25 16:07:12 +02:00
Zhu Qun-Ying
a1e421c93d use WINPR_MD5_DIGEST_LENGTH in stead of magic number for hash array 2020-04-24 08:33:30 +02:00
Zhu Qun-Ying
8cc9b09ba1 Use NTOWFv2FromHashW() in NTOWFv2W() to avoid duplicate code 2020-04-24 08:33:30 +02:00
Alex Wilson
40f23e2728 SCardReadCache/SCardWriteCache should actually cache data
Currently since the hash/keyCompare/keyClone members on the
context->cache were never being set, we were using the
HashTable_Pointer* variants, meaning that lookup always
failed (since we never ask for the same *pointer* twice).

This also revealed that the logic for autoallocate on these ops
was a bit backwards, and some error codes and support for the
"freshness" counter were missing.

In Win10 (at least with some card minidrivers) the freshness
counter is load-bearing and smartcard login won't work without
implementing a very basic version of it.
2020-04-21 08:11:54 +02:00
David Fort
7733fe7a8a
Merge pull request #6060 from akallabeth/warnings
Fix some compiler warnings
2020-04-16 10:54:43 +02:00
Martin Fleisz
9e1b2eb42e
Merge pull request #6081 from akallabeth/disable_spincount
Disable spincount
2020-04-15 13:24:26 +02:00
Martin Haimberger
7b6b9a9675 removed unnecessary casts, use sizeof for debug printing 2020-04-15 13:20:03 +02:00
Martin Haimberger
85e49aa601 fix: server side ntlmv2 implementation
- in the case no mic was present, but the user was found,
  the enterd password was ignored and the user authenticated
2020-04-15 13:20:03 +02:00
Armin Novak
a161bafa5f Fix #6066, #6045: Disable spincount by default. 2020-04-13 09:56:19 +02:00