Commit Graph

2467 Commits

Author SHA1 Message Date
Samuel Holland
6931f54fad Fix NTLM AvPair lists
There were two main issues here: First, the `ntlm_av_pair_add` and
`ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of
the list to replace the one they overwrote. This caused the second call
to one of those functions to fail (since it couldn't find the
terminator), which was the source of the test failure. It also caused
`ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of
bounds until they happened to find the right word.

Second, several bounds checks were wrong or missing. For example,
`ntlm_av_pair_add` does not ensure that the value fits inside the list.
And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can
return error codes or NULL, but those error returns were ignored, and
the values used anyway (such as in `ntlm_av_pair_add_copy`).

This fixes the list handling code to have the invariant that all
functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire
returned `AvPair` is within bounds. This removes the need for the length
parameter in functions that only operate on a single `AvPair`. This
check is performed by the new `ntlm_av_pair_check` helper, which is
added in some new places and used to simplify the code in others.

Other issues fixed along the way include:
 - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was
   returning the number of `NTLM_AV_PAIR`-sized chunks (which was
   possibly not even an integer) instead of the number of bytes
 - I removed an impossible check for `offset <= 0` in
   `ntlm_av_pair_get_next_pointer`
 - The assertion that `Value != NULL` and the call to `CopyMemory` are
   only necessary if `AvLen` is nonzero
 - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`)
   could be declared `static`

With this commit, TestNTLM now passes on powerpc64.

```
$ ./Testing/TestSspi TestNTLM
NTLM_NEGOTIATE (length = 40):
NTLM_CHALLENGE (length = 168):
NTLM_AUTHENTICATE (length = 352):
$ echo $?
0
```

Fixes #5250
2019-03-17 20:40:13 -05:00
MartinHaimberger
46b1e88a70
Merge pull request #5027 from akallabeth/wlog_off_fix
Fix #5024: Update inherited log level for all child loggers when setting a new one.
2019-02-28 10:55:12 +01:00
Armin Novak
32e5407b43 Ignore INVALID_HANDLE_VALUE during clang scanbuild runs.
The value INVALID_HANDLE_VALUE could in theory be a valid memory address,
so the analyzer is confused and thinks either we have a memroy leak
or we try to free a fixed address.
2019-02-21 12:21:51 +01:00
Armin Novak
41d382569c Respect return value from SetEvent and abort creation. 2019-02-21 12:21:51 +01:00
Martin Fleisz
3169b77d70
Merge pull request #5230 from akallabeth/sign_compare_fixes
Sign compare fixes
2019-02-08 09:35:50 +01:00
Armin Novak
22eddef668 Fixed wide character comparison. 2019-02-08 09:20:58 +01:00
Martin Fleisz
6415cfec48
Merge pull request #5131 from akallabeth/cmd_line_error_logging
Added extended error logging for assistance, rdp file and command line parser
2019-02-08 09:11:35 +01:00
Bernhard Miklautz
162a69b0f0
Merge pull request #5139 from akallabeth/drive_hotplug_shutdown_crash_fix
Fixed crash on drive hotplug shutdown.
2019-02-07 10:08:41 +01:00
Armin Novak
3679eefbd4 Fixed BipBuffer Read/Write, limit to SSIZE_MAX. 2019-01-30 18:05:49 +01:00
Armin Novak
650f63c7ca Added missing SSIZE_MAX define 2019-01-30 18:05:49 +01:00
Armin Novak
9c5c722aaa Fixed use of ASCII function on WCHAR 2019-01-30 18:05:49 +01:00
Armin Novak
221cb48e2d Fixed sign-compare warning 2019-01-30 18:05:49 +01:00
Armin Novak
585391dfbf Fixed sign-compare warning 2019-01-30 18:05:49 +01:00
Armin Novak
2bd43398e8 Fixed sign-compare warning 2019-01-30 18:05:49 +01:00
Armin Novak
f39ec7c453 Fixed sign-compare warning 2019-01-30 18:05:49 +01:00
Armin Novak
fe9dcfacca Fixed NULL dereferences and uninitialized values 2019-01-30 16:11:10 +01:00
Armin Novak
c00010478c Fix FindNextFileA path termination with a single separator. 2019-01-30 15:44:45 +01:00
Armin Novak
9033df501e Fixed compiler warnings for TRIO_CONST and limited data type. 2019-01-29 17:51:44 +01:00
Armin Novak
2e5fd8d16b Fixed clang analyzer false positive memory leaks.
Added a justification for each #ifndef __clang_analyzer__
2019-01-29 17:17:30 +01:00
akallabeth
0a8ebcfcac
Merge pull request #5187 from astrand/mingw-part1
Mingw build fixes part1
2019-01-29 10:46:21 +01:00
David Fort
ad75ae512c
Merge pull request #5200 from akallabeth/os2_fixes
Os2 fixes
2019-01-18 18:04:23 +01:00
Armin Novak
4f1462b73b Added fix for OS2 paths.
Reported on mailing list by Andrey Vasilkin
2019-01-18 13:13:41 +01:00
Armin Novak
b08505cbe0 Fixed return check in SwitchToThread
Patch on mailing list by Andrey Vasilkin
2019-01-18 13:02:30 +01:00
Armin Novak
4d4f3617bd Fixed memory leak in lodepng. 2019-01-16 15:23:12 +01:00
Armin Novak
fc9e88d64f Added flag to silence command line parser logging during detection. 2019-01-16 14:32:19 +01:00
Armin Novak
89f3f7d837 Added extended error logging for assistance, rdp file and command line parser. 2019-01-16 14:32:19 +01:00
Bernhard Miklautz
3498e76948 fix [winpr/hash]: initialize ssl
winpr-crypt is used in winpr for hash generation but currently it's
still required to initialize openssl in the application itself.
winpr-hash didn't do that therefore the generated hashes were useless.
2019-01-16 12:05:47 +01:00
Peter Åstrand (astrand)
a7f4b90f36 Pointer arithmetics require lvalue
(type *)x evaluates to a temporary. Fixed build with GCC.
2019-01-09 11:13:38 +01:00
Peter Åstrand (astrand)
32ba90ec0a Avoid building POSIX clipboard if WIN32
MinGW has unistd.h.
2019-01-09 10:04:38 +01:00
Peter Åstrand (astrand)
30cd1ba1ab Use lowercase for includes and libs
Makes build possible on case sensitive systems such as MinGW on Linux.
2019-01-09 09:36:28 +01:00
Martin Fleisz
7bc69cd61e
Merge pull request #5155 from akallabeth/ext_debug_functions
Added backtrace function working on allocated logger.
2019-01-08 10:18:06 +01:00
Ilya Shipitsin
f422fe63cf identical code for both branches, found by coverity 2019-01-07 23:01:31 +05:00
Armin Novak
5dea64a468 Added backtrace function working on allocated logger. 2018-12-17 09:24:57 +01:00
Martin Fleisz
5bff8bf694
Merge pull request #5125 from akallabeth/clipboard_string_length_fix
Fix #5121: Determine actual string length for input data
2018-12-11 10:30:39 +01:00
Armin Novak
66e71ef963 Added missing define for _wcsnlen for windows. 2018-12-10 14:02:57 +01:00
Armin Novak
d198f73081 Fix #5121: Determine actual string length for input data
ConvertFromUnicode ignores '\0' sequences when the length of the input
string is given. Clipboard strings may be larger than the actual string
length and padded with random data leading to decoding errors.
Limit the length to the first occurrence of a '\0'.
2018-12-10 12:41:04 +01:00
Armin Novak
1e644fc37e Added _wcsnlen function for WCHAR string length. 2018-12-10 12:39:32 +01:00
Armin Novak
e3c85eb3dc removed strcpy 2018-12-06 10:17:05 +01:00
Armin Novak
3d487d0718 Fixed #5093: Try to read timezone from java TimeZone first
persist.sys.timezone property might not exist, try to get the
timezone identifier from the java class first.
2018-12-05 10:41:14 +01:00
Armin Novak
22be8f21ae Fix length type, use size_t 2018-12-04 09:34:22 +01:00
Armin Novak
d27cd1b19e Fixed unit tests, use uniqe file names 2018-12-04 08:45:41 +01:00
Bernhard Miklautz
52d1b35a63
Merge pull request #5046 from akallabeth/silence_wlog
Do not compile extended debugging by default.
2018-11-26 11:10:59 +00:00
Armin Novak
96fe23193e Initialize WtsApi32_WtsApiFunctionTable NULL 2018-11-22 17:30:16 +01:00
Armin Novak
617c00c8f5 WLog_IsLevelActive is now a exported function istead of inline.
Since this function calls WLog_GetLogLevel anyway better only
export the API to allow internal checks to be modified in the
future without breaking API
2018-11-22 16:34:38 +01:00
Martin Fleisz
947aa80033
Merge pull request #5016 from akallabeth/windows_server_build_fix
Windows server build fix
2018-11-21 16:02:47 +01:00
Armin Novak
17bbe7a23f Do not compile extended authentication debugging by default. 2018-11-21 15:36:31 +01:00
Armin Novak
d8d30a0554 Fix #5037: Fix calls to ntlm_print_av_pair_list 2018-11-21 09:18:38 +01:00
Armin Novak
eb57ed3a30 Refactored ntlm_av_pairs API
Tightened checks, cleaned up code and improved redability.
2018-11-20 11:08:31 +01:00
Armin Novak
2ee663f39d Fixed CVE-2018-8789
Thanks to Eyal Itkin from Check Point Software Technologies.
2018-11-20 11:08:31 +01:00
Armin Novak
28f51efe9c Fixed update of log filters in case of level change. 2018-11-19 13:04:40 +01:00