Commit Graph

2244 Commits

Author SHA1 Message Date
Armin Novak
7d6e85a886 Fixed uninitialized value 2020-07-01 16:50:20 +02:00
akallabeth
b971c5c97f Use CMake to detect availability of getlogin_r 2020-07-01 16:50:20 +02:00
akallabeth
caff01877d Fixed fallback to getlogin for android 2020-06-22 12:09:36 +02:00
akallabeth
308c2c3544 Removed duplicate semicolon 2020-06-22 11:51:39 +02:00
akallabeth
58a3122250 Fixed OOB read in ntlm_av_pair_get
CVE-2020-11097 thanks to @antonio-morales for finding this.
2020-06-22 11:51:39 +02:00
akallabeth
05cd9ea229 Fixed TrioParse and trio_length limts.
CVE-2020-4030 thanks to @antonio-morales for finding this.
2020-06-22 11:51:38 +02:00
akallabeth
a45afe9db7 Replaced gmtime with gmtime_r 2020-06-22 11:51:38 +02:00
akallabeth
36478d3d0b Replaced getlogin with getlogin_r 2020-06-22 11:51:38 +02:00
akallabeth
240fdd07b1 Replaced localtime with localtime_r 2020-06-22 11:51:38 +02:00
akallabeth
057b6df4ae Fixed memory leaks in ntlm 2020-06-22 11:51:38 +02:00
Armin Novak
8e45a2dd50 Respect SECBUFFER_READONLY flag in NTLM EncryptMessage 2020-06-19 11:31:13 +02:00
Bernhard Miklautz
529e30c273 Revert "winpr/library: Use RTLD_GLOBAL for dlopen"
Using RTLD_GLOBAL in LoadLibraryA introduces a different behavior than
expected.

This reverts commit d566e00258.
2020-06-17 12:59:41 +02:00
Patrick Chin
8515846317 MessageQueue write time to current message not the next 2020-06-09 08:51:53 +02:00
Kobi Mizrachi
920acd4c0e winpr: image: add API to construct bmp header 2020-06-05 09:22:26 +02:00
Ondrej Holy
d566e00258 winpr/library: Use RTLD_GLOBAL for dlopen
LoadLibraryA implementation uses the RTLD_LOCAL flag for dlopen currently.
This flag doesn't allow the symbols to be used by the subsequently loaded
libraries. This is a problem for the video channel when -DBUILTIN_CHANNELS=OFF
is used as it uses functions from the geometry channel. Let's use RTLD_GLOBAL
instead to prevent "undefined symbol" errors in such cases.

Fixes: https://github.com/FreeRDP/FreeRDP/issues/6236
2020-05-27 13:06:12 +02:00
akallabeth
58ef235bc5 Removed unused variable warnings 2020-05-20 15:10:07 +02:00
akallabeth
aea795eecf Fixed invalid argument to strtok_s 2020-05-20 15:10:07 +02:00
akallabeth
45860a5561 Fixed issues with clang sanitizers and alignemt offsets. 2020-05-20 15:10:07 +02:00
akallabeth
7540384db1 utf8 behaviour fixes 2020-05-20 15:10:07 +02:00
akallabeth
401bb836fb Fixed memory leak in NTLM test 2020-05-20 15:10:07 +02:00
akallabeth
1baf67d881 Fixed memory leak in ini parser and test functions. 2020-05-20 15:10:07 +02:00
akallabeth
a887c890f2 Fixed BehaviorSanitizer warnings. 2020-05-20 15:10:07 +02:00
akallabeth
0502bfcfbc Fixed BehaviorSanitizer warnings 2020-05-20 15:10:07 +02:00
akallabeth
b37d8c9be1 Fixed GHSL-2020-100: oob read in ntlm_read_ChallengeMessage
* Added length checks for data read from stream
* Unified function resource cleanup
2020-05-20 15:10:07 +02:00
Armin Novak
24a8a56694 Fixed #6202: Missing NULL checks 2020-05-20 15:02:24 +02:00
Armin Novak
50278f7076 Fixed #6201: event handler count check 2020-05-20 15:02:24 +02:00
akallabeth
ddb388e152 Refactored sam functions to utilize strtok_s 2020-05-18 12:07:59 +02:00
akallabeth
7890833af8 Replaced strtok with strtok_s 2020-05-18 11:39:22 +02:00
Kobi Mizrachi
fddda159d9 change use of strtok to strtok_s 2020-05-18 11:08:20 +02:00
akallabeth
7b1d440945 Refactored StreamPool 2020-05-13 17:11:17 +02:00
akallabeth
8d70a3492b Added warning to all collection structs 2020-05-12 14:05:28 +02:00
akallabeth
844ec8f74c Fixed #6136: Cleaned up Stack API 2020-05-12 14:05:28 +02:00
akallabeth
bc0a2c277d Silence valgrind in unicode conversion functions
Only check destination buffer for NULL if length argument did not
already indicate the buffer needs to be allocated.
2020-05-08 11:04:03 +02:00
akallabeth
dffd893dc5 Fixed integer overflow in winpr_image_bitmap_read_buffer
Thanks to hac425
2020-05-08 11:04:03 +02:00
akallabeth
8241ab42fd Fixed oob read in ntlm_read_AuthenticateMessage 2020-05-06 13:31:57 +02:00
akallabeth
afdffac4b5 Fixed oob read in ntlm_read_ntlm_v2_response 2020-05-06 13:31:57 +02:00
akallabeth
8fa3835963 Fixed oob read in ntlm_read_NegotiateMessage 2020-05-06 13:31:57 +02:00
qarmin
ceec2cf1a0 Fixed copy paste error in MessagePipe.c 2020-05-01 19:42:46 +02:00
Zhu Qun-Ying
5553be0983
possible memory leak when various functions return failure. (#6110)
* possible memory leak when allocation failed.

* Use initialization in stead of ZeroMemory

* Format with clang-format
2020-04-25 16:07:12 +02:00
Zhu Qun-Ying
a1e421c93d use WINPR_MD5_DIGEST_LENGTH in stead of magic number for hash array 2020-04-24 08:33:30 +02:00
Zhu Qun-Ying
8cc9b09ba1 Use NTOWFv2FromHashW() in NTOWFv2W() to avoid duplicate code 2020-04-24 08:33:30 +02:00
Alex Wilson
40f23e2728 SCardReadCache/SCardWriteCache should actually cache data
Currently since the hash/keyCompare/keyClone members on the
context->cache were never being set, we were using the
HashTable_Pointer* variants, meaning that lookup always
failed (since we never ask for the same *pointer* twice).

This also revealed that the logic for autoallocate on these ops
was a bit backwards, and some error codes and support for the
"freshness" counter were missing.

In Win10 (at least with some card minidrivers) the freshness
counter is load-bearing and smartcard login won't work without
implementing a very basic version of it.
2020-04-21 08:11:54 +02:00
David Fort
7733fe7a8a
Merge pull request #6060 from akallabeth/warnings
Fix some compiler warnings
2020-04-16 10:54:43 +02:00
Martin Haimberger
7b6b9a9675 removed unnecessary casts, use sizeof for debug printing 2020-04-15 13:20:03 +02:00
Martin Haimberger
85e49aa601 fix: server side ntlmv2 implementation
- in the case no mic was present, but the user was found,
  the enterd password was ignored and the user authenticated
2020-04-15 13:20:03 +02:00
Armin Novak
ebf44f80eb Fixed format string warnings. 2020-04-11 09:43:01 +02:00
Martin Fleisz
99786970a3
Merge pull request #5884 from akallabeth/smartcard_ndr_strict
Smartcard tighter input validation
2020-03-31 08:34:04 +02:00
Armin Novak
ab21b1ef25 Silenced warning due to missing define guard. 2020-03-10 14:04:53 +01:00
Armin Novak
461bc825de Removed unused function 2020-03-10 14:04:53 +01:00
Armin Novak
07cc1edaa0 Removed unused function 2020-03-10 14:04:53 +01:00