Commit Graph

278 Commits

Author SHA1 Message Date
Armin Novak
d36d94766e Replaced assert with WINPR_ASSERT 2021-06-14 09:37:07 +02:00
akallabeth
6b36c6d417
Replace fopen and path functions with wrappers (#7043)
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
2021-05-31 11:42:03 +02:00
Armin Novak
c4b3d53a9a Fix NTLM auth message return code. 2021-04-16 16:34:17 +02:00
Armin Novak
11ca443aaf Fixed NtStatus2Tag return. 2020-10-27 07:41:04 +01:00
Armin Novak
a9d9908bde Added log message for not implemented WinPR SSPI_WINPR functions. 2020-08-10 16:00:16 +02:00
Armin Novak
2686200c3b Added log message for not implemented WinPR SSPI functions. 2020-08-10 16:00:16 +02:00
Armin Novak
ef791456e3 Added log message for not implemented WinPR SSPI GSS functions. 2020-08-10 16:00:16 +02:00
Armin Novak
65819a7215 Added log message for not implemented Schannel functions. 2020-08-10 16:00:16 +02:00
Armin Novak
7837f517e5 Added log message for not implemented CREDSSP functions. 2020-08-10 16:00:16 +02:00
Armin Novak
7d0e54e5f8 Added log message for not implemented NEGOTIATE functions. 2020-08-10 16:00:16 +02:00
Armin Novak
58f471c7d9 Added log message for not implemented NTLM functions. 2020-08-10 14:41:20 +02:00
akallabeth
58a3122250 Fixed OOB read in ntlm_av_pair_get
CVE-2020-11097 thanks to @antonio-morales for finding this.
2020-06-22 11:51:39 +02:00
akallabeth
057b6df4ae Fixed memory leaks in ntlm 2020-06-22 11:51:38 +02:00
Armin Novak
8e45a2dd50 Respect SECBUFFER_READONLY flag in NTLM EncryptMessage 2020-06-19 11:31:13 +02:00
akallabeth
401bb836fb Fixed memory leak in NTLM test 2020-05-20 15:10:07 +02:00
akallabeth
0502bfcfbc Fixed BehaviorSanitizer warnings 2020-05-20 15:10:07 +02:00
akallabeth
b37d8c9be1 Fixed GHSL-2020-100: oob read in ntlm_read_ChallengeMessage
* Added length checks for data read from stream
* Unified function resource cleanup
2020-05-20 15:10:07 +02:00
akallabeth
8241ab42fd Fixed oob read in ntlm_read_AuthenticateMessage 2020-05-06 13:31:57 +02:00
akallabeth
afdffac4b5 Fixed oob read in ntlm_read_ntlm_v2_response 2020-05-06 13:31:57 +02:00
akallabeth
8fa3835963 Fixed oob read in ntlm_read_NegotiateMessage 2020-05-06 13:31:57 +02:00
Zhu Qun-Ying
5553be0983
possible memory leak when various functions return failure. (#6110)
* possible memory leak when allocation failed.

* Use initialization in stead of ZeroMemory

* Format with clang-format
2020-04-25 16:07:12 +02:00
Martin Haimberger
7b6b9a9675 removed unnecessary casts, use sizeof for debug printing 2020-04-15 13:20:03 +02:00
Martin Haimberger
85e49aa601 fix: server side ntlmv2 implementation
- in the case no mic was present, but the user was found,
  the enterd password was ignored and the user authenticated
2020-04-15 13:20:03 +02:00
Armin Novak
106ab8cfbd Removed unused function 2020-03-10 14:04:53 +01:00
Armin Novak
e63377945b Silenced warning due to missing debug define guard. 2020-03-10 14:04:53 +01:00
Armin Novak
1fd51d9183 Fixed clang scanbuild warnings. 2020-03-04 09:17:35 +01:00
Martin Fleisz
71feb974ac
Merge pull request #5739 from akallabeth/improve_function_hiding
Improve function hiding
2019-12-02 11:31:35 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
David Fort
5e6775ce95 winpr: fix anonymous enum members and menbers without a size 2019-11-25 13:39:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Bernhard Miklautz
f867c90e4c
Merge pull request #5308 from akallabeth/fix_win32_overlinking
Fixed windows overlinking.
2019-05-03 12:01:51 +02:00
Armin Novak
f8dd9a9f75 Fixed ntlm_av_pair_get_len return, no signed value required 2019-04-05 09:28:09 +02:00
Armin Novak
2c9cd5067f Fixed argument pointer type cast 2019-04-05 09:22:50 +02:00
Armin Novak
0b82768a70 Fixed sign-compare warnings 2019-04-05 09:14:34 +02:00
Armin Novak
8e0565b2bd Fixed windows overlinking. 2019-03-18 15:10:21 +01:00
Samuel Holland
6931f54fad Fix NTLM AvPair lists
There were two main issues here: First, the `ntlm_av_pair_add` and
`ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of
the list to replace the one they overwrote. This caused the second call
to one of those functions to fail (since it couldn't find the
terminator), which was the source of the test failure. It also caused
`ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of
bounds until they happened to find the right word.

Second, several bounds checks were wrong or missing. For example,
`ntlm_av_pair_add` does not ensure that the value fits inside the list.
And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can
return error codes or NULL, but those error returns were ignored, and
the values used anyway (such as in `ntlm_av_pair_add_copy`).

This fixes the list handling code to have the invariant that all
functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire
returned `AvPair` is within bounds. This removes the need for the length
parameter in functions that only operate on a single `AvPair`. This
check is performed by the new `ntlm_av_pair_check` helper, which is
added in some new places and used to simplify the code in others.

Other issues fixed along the way include:
 - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was
   returning the number of `NTLM_AV_PAIR`-sized chunks (which was
   possibly not even an integer) instead of the number of bytes
 - I removed an impossible check for `offset <= 0` in
   `ntlm_av_pair_get_next_pointer`
 - The assertion that `Value != NULL` and the call to `CopyMemory` are
   only necessary if `AvLen` is nonzero
 - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`)
   could be declared `static`

With this commit, TestNTLM now passes on powerpc64.

```
$ ./Testing/TestSspi TestNTLM
NTLM_NEGOTIATE (length = 40):
NTLM_CHALLENGE (length = 168):
NTLM_AUTHENTICATE (length = 352):
$ echo $?
0
```

Fixes #5250
2019-03-17 20:40:13 -05:00
Armin Novak
fe9dcfacca Fixed NULL dereferences and uninitialized values 2019-01-30 16:11:10 +01:00
Armin Novak
17bbe7a23f Do not compile extended authentication debugging by default. 2018-11-21 15:36:31 +01:00
Armin Novak
d8d30a0554 Fix #5037: Fix calls to ntlm_print_av_pair_list 2018-11-21 09:18:38 +01:00
Armin Novak
eb57ed3a30 Refactored ntlm_av_pairs API
Tightened checks, cleaned up code and improved redability.
2018-11-20 11:08:31 +01:00
Armin Novak
2ee663f39d Fixed CVE-2018-8789
Thanks to Eyal Itkin from Check Point Software Technologies.
2018-11-20 11:08:31 +01:00
Bernhard Miklautz
a9bcc07d23 fix [winpr/sspi]: export symbols on all systems 2018-11-14 12:19:36 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
2018-11-08 12:09:49 +01:00
Ondrej Holy
35bccd5262 winpr/sspi/ntlm: Fix leak found by covscan
leaked_storage: Variable "sam" going out of scope leaks the storage it points to.
leaked_storage: Variable "s" going out of scope leaks the storage it points to.
leaked_storage: Variable "snt" going out of scope leaks the storage it points to.
2018-08-22 14:34:02 +02:00
Pascal J. Bourguignon
15f2bafeab Cleaned up const char** -> char** for argv, since we definitely do modify the argv!
(we overwrite the password and pin arguments).
This implies changes in the argument parsing tests that now must pass a mutable argv
(copied from the statically declared test argvs).
Some other const inconsistency have been dealt with too.
2018-06-06 16:43:09 +02:00
Armin Novak
e8b9116507 Fixed invalid function argument for ntlm_compute_message_integrity_check 2018-05-11 11:00:46 +02:00
Armin Novak
5b961e9c75 Fixed /pth: Consistently treat the hash offset to password length. 2018-05-03 17:51:11 +02:00
Martin Fleisz
b228deb998
Merge pull request #4543 from oshogbo/master
Fix variable passsed to HashCallback with MIC.
2018-04-18 14:50:31 +02:00
Mariusz Zaborski
509afe252d Remove MessageIntegrityCheck from context. 2018-04-17 15:03:27 +02:00
Mariusz Zaborski
fe37fede50 Fix variable passsed to HashCallback with MIC.
The value in the context is not set yet and we need one from
authentication message.
2018-04-06 21:18:20 +02:00