Commit Graph

49 Commits

Author SHA1 Message Date
akallabeth
8fa3835963 Fixed oob read in ntlm_read_NegotiateMessage 2020-05-06 13:31:57 +02:00
Martin Haimberger
7b6b9a9675 removed unnecessary casts, use sizeof for debug printing 2020-04-15 13:20:03 +02:00
Martin Haimberger
85e49aa601 fix: server side ntlmv2 implementation
- in the case no mic was present, but the user was found,
  the enterd password was ignored and the user authenticated
2020-04-15 13:20:03 +02:00
Armin Novak
e63377945b Silenced warning due to missing debug define guard. 2020-03-10 14:04:53 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
2c9cd5067f Fixed argument pointer type cast 2019-04-05 09:22:50 +02:00
Samuel Holland
6931f54fad Fix NTLM AvPair lists
There were two main issues here: First, the `ntlm_av_pair_add` and
`ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of
the list to replace the one they overwrote. This caused the second call
to one of those functions to fail (since it couldn't find the
terminator), which was the source of the test failure. It also caused
`ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of
bounds until they happened to find the right word.

Second, several bounds checks were wrong or missing. For example,
`ntlm_av_pair_add` does not ensure that the value fits inside the list.
And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can
return error codes or NULL, but those error returns were ignored, and
the values used anyway (such as in `ntlm_av_pair_add_copy`).

This fixes the list handling code to have the invariant that all
functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire
returned `AvPair` is within bounds. This removes the need for the length
parameter in functions that only operate on a single `AvPair`. This
check is performed by the new `ntlm_av_pair_check` helper, which is
added in some new places and used to simplify the code in others.

Other issues fixed along the way include:
 - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was
   returning the number of `NTLM_AV_PAIR`-sized chunks (which was
   possibly not even an integer) instead of the number of bytes
 - I removed an impossible check for `offset <= 0` in
   `ntlm_av_pair_get_next_pointer`
 - The assertion that `Value != NULL` and the call to `CopyMemory` are
   only necessary if `AvLen` is nonzero
 - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`)
   could be declared `static`

With this commit, TestNTLM now passes on powerpc64.

```
$ ./Testing/TestSspi TestNTLM
NTLM_NEGOTIATE (length = 40):
NTLM_CHALLENGE (length = 168):
NTLM_AUTHENTICATE (length = 352):
$ echo $?
0
```

Fixes #5250
2019-03-17 20:40:13 -05:00
Armin Novak
17bbe7a23f Do not compile extended authentication debugging by default. 2018-11-21 15:36:31 +01:00
Armin Novak
d8d30a0554 Fix #5037: Fix calls to ntlm_print_av_pair_list 2018-11-21 09:18:38 +01:00
Armin Novak
eb57ed3a30 Refactored ntlm_av_pairs API
Tightened checks, cleaned up code and improved redability.
2018-11-20 11:08:31 +01:00
Armin Novak
2ee663f39d Fixed CVE-2018-8789
Thanks to Eyal Itkin from Check Point Software Technologies.
2018-11-20 11:08:31 +01:00
Ondrej Holy
35bccd5262 winpr/sspi/ntlm: Fix leak found by covscan
leaked_storage: Variable "sam" going out of scope leaks the storage it points to.
leaked_storage: Variable "s" going out of scope leaks the storage it points to.
leaked_storage: Variable "snt" going out of scope leaks the storage it points to.
2018-08-22 14:34:02 +02:00
Armin Novak
e8b9116507 Fixed invalid function argument for ntlm_compute_message_integrity_check 2018-05-11 11:00:46 +02:00
Mariusz Zaborski
509afe252d Remove MessageIntegrityCheck from context. 2018-04-17 15:03:27 +02:00
David Fort
41823080f9 Fix users of Stream_GetPosition() that returns size_t 2017-12-11 22:38:58 +01:00
Armin Novak
b2c29158be Scanbuild warning, argument checks and leak fixes.
* Added Stream_GetRemainingCapacity to check remaining stream size
  before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
2017-03-02 18:13:43 +01:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Ondrej Holy
95a1b53940 winpr/ntlm: Fix endianness in ntlm_av_pair_list
Data in ntlm_av_pair_list are accessed directly, which doesn't work on
big endian machines currently. The recieved data are stored as little
endian. Use conversion macros from endian.h to load and store the data
properly.

https://github.com/FreeRDP/FreeRDP/issues/2520
2016-05-30 13:37:15 +02:00
Marc-André Moreau
2a5192b027 Merge branch 'master' of github.com:awakecoding/FreeRDP into egfx
Conflicts:
	client/Windows/wf_cliprdr.h
	client/Windows/wf_event.h
	client/X11/xf_client.c
	client/X11/xf_gdi.c
	libfreerdp/gdi/gdi.c
	server/Mac/mf_input.c
2014-09-17 19:09:56 -04:00
Marc-André Moreau
f0bff7e890 libwinpr-sspi: fix NTLM strict error check 2014-09-17 18:44:59 -04:00
Armin Novak
81a4081279 Decreased logging verbosity. 2014-09-16 09:37:45 +02:00
Armin Novak
6a26e33695 Fixed winpr_HexDump calls in debug mode. 2014-09-09 16:32:22 +02:00
Armin Novak
b22b897389 Reformatted changed files. 2014-09-09 16:32:22 +02:00
Armin Novak
7e3a1b3073 Now using macro to generate module specific log tag. 2014-09-09 16:32:04 +02:00
Armin Novak
28ece6bb46 Replaced stdio logging with WLog 2014-09-09 16:31:46 +02:00
Marc-André Moreau
e272bc923e libwinpr-sspi: fix server-side NTLM authentication against NTLMv2 without key exchange 2014-06-18 14:42:35 -04:00
Marc-André Moreau
1b93dca6c0 libwinpr-sspi: add support for querying user+domain and setting NTLM hash 2014-06-10 16:38:16 -04:00
Marc-André Moreau
8a343c3e6d libwinpr-sspi: fix memory leaks 2014-06-10 14:16:02 -04:00
Marc-André Moreau
0ebc7e2ab4 libwinpr-sspi: add custom API for passing NTLM hashes and credentials dynamically 2014-06-09 15:25:00 -04:00
Marc-André Moreau
a07f616895 libwinpr-sspi: improve link interface 2014-06-07 10:50:51 -04:00
Marc-André Moreau
1b5a2340d2 libwinpr-sspi: even more code hardening 2014-06-07 00:17:11 -04:00
Marc-André Moreau
c5a1a8ac27 libwinpr-sspi: fix native sspi build 2014-06-05 22:10:08 -04:00
Armin Novak
a3b531c036 Fixed issues found with clang-analyzer 2013-09-05 12:14:33 +02:00
Armin Novak
f231f3fcc5 Fixed coverity issue 1047597 2013-09-05 12:14:32 +02:00
Marc-André Moreau
367ebf32a3 freerdp: make use of stream macros to access members 2013-05-15 12:14:26 -04:00
Marc-André Moreau
51715636a5 freerdp: remove some deprecated stream utils 2013-04-29 22:35:15 -04:00
Hardening
7701c9d934 Replace printf(...) by fprintf(stderr, ...) 2013-03-28 23:06:34 +01:00
Marc-André Moreau
ff586504e7 libwinpr-sspi: cleanup NTLM messages 2013-01-30 20:39:57 -05:00
Marc-André Moreau
4a5bd8584a libwinpr-sspi: cleanup NTLM authenticate message construction 2013-01-30 19:47:27 -05:00
Marc-André Moreau
85b023bb08 libwinpr-sspi: remove debug output 2012-12-13 16:30:34 -05:00
Marc-André Moreau
72110807b1 libfreerdp-core: fix NLA 2012-12-13 16:29:16 -05:00
Marc-André Moreau
424ac18eba libwinpr-utils: simplify winpr stream utils even more 2012-12-10 14:43:48 -05:00
Marc-André Moreau
6e07570dda libwinpr-utils: simplify stream utils 2012-12-10 14:23:27 -05:00
Marc-André Moreau
c4e06eb0a7 libwinpr-utils: refactor winpr stream utils 2012-12-10 14:08:06 -05:00
Marc-André Moreau
2db4c27be7 libfreerdp-core: fix SPN for TS Gateway 2012-11-27 16:37:56 -05:00
Marc-André Moreau
83473d11d1 channels: patch memory leaks, load addins from list 2012-11-19 13:26:56 -05:00
Marc-André Moreau
5a16095ddf libwinpr-sspi: valgrind cleanup 2012-08-23 01:18:47 -04:00
Marc-André Moreau
faa4311232 libwinpr: add proper config.h inclusions 2012-08-14 17:20:53 -04:00
Marc-André Moreau
384af1d93b include: move winpr include directory inside winpr 2012-08-14 15:49:39 -04:00