Commit Graph

265 Commits

Author SHA1 Message Date
Armin Novak
8e45a2dd50 Respect SECBUFFER_READONLY flag in NTLM EncryptMessage 2020-06-19 11:31:13 +02:00
akallabeth
401bb836fb Fixed memory leak in NTLM test 2020-05-20 15:10:07 +02:00
akallabeth
0502bfcfbc Fixed BehaviorSanitizer warnings 2020-05-20 15:10:07 +02:00
akallabeth
b37d8c9be1 Fixed GHSL-2020-100: oob read in ntlm_read_ChallengeMessage
* Added length checks for data read from stream
* Unified function resource cleanup
2020-05-20 15:10:07 +02:00
akallabeth
8241ab42fd Fixed oob read in ntlm_read_AuthenticateMessage 2020-05-06 13:31:57 +02:00
akallabeth
afdffac4b5 Fixed oob read in ntlm_read_ntlm_v2_response 2020-05-06 13:31:57 +02:00
akallabeth
8fa3835963 Fixed oob read in ntlm_read_NegotiateMessage 2020-05-06 13:31:57 +02:00
Zhu Qun-Ying
5553be0983
possible memory leak when various functions return failure. (#6110)
* possible memory leak when allocation failed.

* Use initialization in stead of ZeroMemory

* Format with clang-format
2020-04-25 16:07:12 +02:00
Martin Haimberger
7b6b9a9675 removed unnecessary casts, use sizeof for debug printing 2020-04-15 13:20:03 +02:00
Martin Haimberger
85e49aa601 fix: server side ntlmv2 implementation
- in the case no mic was present, but the user was found,
  the enterd password was ignored and the user authenticated
2020-04-15 13:20:03 +02:00
Armin Novak
106ab8cfbd Removed unused function 2020-03-10 14:04:53 +01:00
Armin Novak
e63377945b Silenced warning due to missing debug define guard. 2020-03-10 14:04:53 +01:00
Armin Novak
1fd51d9183 Fixed clang scanbuild warnings. 2020-03-04 09:17:35 +01:00
Martin Fleisz
71feb974ac
Merge pull request #5739 from akallabeth/improve_function_hiding
Improve function hiding
2019-12-02 11:31:35 +01:00
Armin Novak
7c243da6e1 Remove symbols exported by accident. 2019-12-02 10:57:31 +01:00
David Fort
5e6775ce95 winpr: fix anonymous enum members and menbers without a size 2019-11-25 13:39:31 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Bernhard Miklautz
f867c90e4c
Merge pull request #5308 from akallabeth/fix_win32_overlinking
Fixed windows overlinking.
2019-05-03 12:01:51 +02:00
Armin Novak
f8dd9a9f75 Fixed ntlm_av_pair_get_len return, no signed value required 2019-04-05 09:28:09 +02:00
Armin Novak
2c9cd5067f Fixed argument pointer type cast 2019-04-05 09:22:50 +02:00
Armin Novak
0b82768a70 Fixed sign-compare warnings 2019-04-05 09:14:34 +02:00
Armin Novak
8e0565b2bd Fixed windows overlinking. 2019-03-18 15:10:21 +01:00
Samuel Holland
6931f54fad Fix NTLM AvPair lists
There were two main issues here: First, the `ntlm_av_pair_add` and
`ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of
the list to replace the one they overwrote. This caused the second call
to one of those functions to fail (since it couldn't find the
terminator), which was the source of the test failure. It also caused
`ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of
bounds until they happened to find the right word.

Second, several bounds checks were wrong or missing. For example,
`ntlm_av_pair_add` does not ensure that the value fits inside the list.
And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can
return error codes or NULL, but those error returns were ignored, and
the values used anyway (such as in `ntlm_av_pair_add_copy`).

This fixes the list handling code to have the invariant that all
functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire
returned `AvPair` is within bounds. This removes the need for the length
parameter in functions that only operate on a single `AvPair`. This
check is performed by the new `ntlm_av_pair_check` helper, which is
added in some new places and used to simplify the code in others.

Other issues fixed along the way include:
 - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was
   returning the number of `NTLM_AV_PAIR`-sized chunks (which was
   possibly not even an integer) instead of the number of bytes
 - I removed an impossible check for `offset <= 0` in
   `ntlm_av_pair_get_next_pointer`
 - The assertion that `Value != NULL` and the call to `CopyMemory` are
   only necessary if `AvLen` is nonzero
 - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`)
   could be declared `static`

With this commit, TestNTLM now passes on powerpc64.

```
$ ./Testing/TestSspi TestNTLM
NTLM_NEGOTIATE (length = 40):
NTLM_CHALLENGE (length = 168):
NTLM_AUTHENTICATE (length = 352):
$ echo $?
0
```

Fixes #5250
2019-03-17 20:40:13 -05:00
Armin Novak
fe9dcfacca Fixed NULL dereferences and uninitialized values 2019-01-30 16:11:10 +01:00
Armin Novak
17bbe7a23f Do not compile extended authentication debugging by default. 2018-11-21 15:36:31 +01:00
Armin Novak
d8d30a0554 Fix #5037: Fix calls to ntlm_print_av_pair_list 2018-11-21 09:18:38 +01:00
Armin Novak
eb57ed3a30 Refactored ntlm_av_pairs API
Tightened checks, cleaned up code and improved redability.
2018-11-20 11:08:31 +01:00
Armin Novak
2ee663f39d Fixed CVE-2018-8789
Thanks to Eyal Itkin from Check Point Software Technologies.
2018-11-20 11:08:31 +01:00
Bernhard Miklautz
a9bcc07d23 fix [winpr/sspi]: export symbols on all systems 2018-11-14 12:19:36 +01:00
Armin Novak
5f4843191b Replaced BIO_free with BIO_free_all
There is no point in using BIO_free with a custom recursion
to free up stacked BIOs if there is already BIO_free_all.
Using it consistently avoids memory leaks due to stacked BIOs
not being recursively freed.
2018-11-08 12:09:49 +01:00
Ondrej Holy
35bccd5262 winpr/sspi/ntlm: Fix leak found by covscan
leaked_storage: Variable "sam" going out of scope leaks the storage it points to.
leaked_storage: Variable "s" going out of scope leaks the storage it points to.
leaked_storage: Variable "snt" going out of scope leaks the storage it points to.
2018-08-22 14:34:02 +02:00
Pascal J. Bourguignon
15f2bafeab Cleaned up const char** -> char** for argv, since we definitely do modify the argv!
(we overwrite the password and pin arguments).
This implies changes in the argument parsing tests that now must pass a mutable argv
(copied from the statically declared test argvs).
Some other const inconsistency have been dealt with too.
2018-06-06 16:43:09 +02:00
Armin Novak
e8b9116507 Fixed invalid function argument for ntlm_compute_message_integrity_check 2018-05-11 11:00:46 +02:00
Armin Novak
5b961e9c75 Fixed /pth: Consistently treat the hash offset to password length. 2018-05-03 17:51:11 +02:00
Martin Fleisz
b228deb998
Merge pull request #4543 from oshogbo/master
Fix variable passsed to HashCallback with MIC.
2018-04-18 14:50:31 +02:00
Mariusz Zaborski
509afe252d Remove MessageIntegrityCheck from context. 2018-04-17 15:03:27 +02:00
Mariusz Zaborski
fe37fede50 Fix variable passsed to HashCallback with MIC.
The value in the context is not set yet and we need one from
authentication message.
2018-04-06 21:18:20 +02:00
Mariusz Zaborski
00374382d9 There is no reason to restrict nSize to 2 the hostname can be empty on
UNIX-like machines.
2018-04-06 21:07:51 +02:00
Armin Novak
2517755d25 Fixed thread function return and parameters. 2018-03-07 14:36:55 +01:00
Armin Novak
53d2150e00 Fixed windows unicode authentication. 2018-02-13 11:29:56 +01:00
David Fort
6c64aa4e20 fixed include path
It was working because of multiple include directories.
2018-02-05 14:34:49 +01:00
Armin Novak
60ab8cc724 Fixed memory leak. 2018-01-24 14:11:33 +01:00
Armin Novak
29f2d2d9bb Fixed missing packageName setup in server NLA 2018-01-17 09:09:58 +01:00
Armin Novak
dc48c42926 Refactored NTLM, functions static where approprate 2018-01-16 11:34:07 +01:00
Armin Novak
1611ec16b1 Refactored kerberos SSPI
* Functions static where approrpriate
* Variables static const where appropriate
2018-01-16 10:58:30 +01:00
Armin Novak
c62fde53a4 Fix #4306:
* Do not reset context when changing package.
* All functions not exported static.
2018-01-16 10:31:08 +01:00
Armin Novak
5550f6ffe1 Fixed #4357: NTLM debug message. 2018-01-12 09:22:08 +01:00
Armin Novak
a0b49f4e07 Removed unused functions, fixed feature define guards 2017-12-21 11:30:21 +01:00
Armin Novak
50a0968c6a Removed unused variables. 2017-12-21 11:29:24 +01:00
Armin Novak
6a21bdae3d Fixed various scanbuild warnings. 2017-12-21 09:34:35 +01:00