mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
37358e81d0
FreeRDP/winpr/libwinpr/sspi
History
Samuel Holland 6931f54fad Fix NTLM AvPair lists 
There were two main issues here: First, the `ntlm_av_pair_add` and
`ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of
the list to replace the one they overwrote. This caused the second call
to one of those functions to fail (since it couldn't find the
terminator), which was the source of the test failure. It also caused
`ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of
bounds until they happened to find the right word.

Second, several bounds checks were wrong or missing. For example,
`ntlm_av_pair_add` does not ensure that the value fits inside the list.
And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can
return error codes or NULL, but those error returns were ignored, and
the values used anyway (such as in `ntlm_av_pair_add_copy`).

This fixes the list handling code to have the invariant that all
functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire
returned `AvPair` is within bounds. This removes the need for the length
parameter in functions that only operate on a single `AvPair`. This
check is performed by the new `ntlm_av_pair_check` helper, which is
added in some new places and used to simplify the code in others.

Other issues fixed along the way include:
 - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was
   returning the number of `NTLM_AV_PAIR`-sized chunks (which was
   possibly not even an integer) instead of the number of bytes
 - I removed an impossible check for `offset <= 0` in
   `ntlm_av_pair_get_next_pointer`
 - The assertion that `Value != NULL` and the call to `CopyMemory` are
   only necessary if `AvLen` is nonzero
 - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`)
   could be declared `static`

With this commit, TestNTLM now passes on powerpc64.

```
$ ./Testing/TestSspi TestNTLM
NTLM_NEGOTIATE (length = 40):
NTLM_CHALLENGE (length = 168):
NTLM_AUTHENTICATE (length = 352):
$ echo $?
0
```

Fixes #5250
2019-03-17 20:40:13 -05:00
..
CredSSP Functions static, warnings fixed. 2017-11-15 15:56:24 +01:00
Kerberos Cleaned up const char** -> char** for argv, since we definitely do modify the argv! 2018-06-06 16:43:09 +02:00
Negotiate Cleaned up const char** -> char** for argv, since we definitely do modify the argv! 2018-06-06 16:43:09 +02:00
NTLM Fix NTLM AvPair lists 2019-03-17 20:40:13 -05:00
Schannel Replaced BIO_free with BIO_free_all 2018-11-08 12:09:49 +01:00
test Fixed thread function return and parameters. 2018-03-07 14:36:55 +01:00
CMakeLists.txt fix Kerberos flavour's detection (MIT/Heimdal) and double free for MIT<1.13 2017-11-13 16:20:56 +01:00
ModuleOptions.cmake libwinpr: add module definition files 2012-09-21 13:02:54 -04:00
sspi_export.c fix [winpr/sspi]: export symbols on all systems 2018-11-14 12:19:36 +01:00
sspi_gss.c fixed include path 2018-02-05 14:34:49 +01:00
sspi_gss.h use SSIZE_T instead of ssize_t 2017-11-13 16:20:56 +01:00
sspi_winpr.c Fixed NULL dereferences and uninitialized values 2019-01-30 16:11:10 +01:00
sspi_winpr.h libwinpr-sspi: make native sspi option dynamic 2014-06-06 15:34:12 -04:00
sspi.c Removed unused functions, fixed feature define guards 2017-12-21 11:30:21 +01:00
sspi.h Fixed /pth: Consistently treat the hash offset to password length. 2018-05-03 17:51:11 +02:00