Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
3012038e
Commit
3012038e
authored
Mar 06, 2007
by
Rob Shearman
Committed by
Alexandre Julliard
Mar 06, 2007
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
secur32: NTLM - don't copy more data from User, Domain and Password
pointers in the SEC_WINNT_AUTH_IDENTITY structure than the corresponding Length fields say the pointers hold.
parent
7f16f21c
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
11 deletions
+16
-11
ntlm.c
dlls/secur32/ntlm.c
+16
-11
No files found.
dlls/secur32/ntlm.c
View file @
3012038e
...
...
@@ -172,11 +172,15 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
/* Get username and domain from pAuthData */
username
=
HeapAlloc
(
GetProcessHeap
(),
0
,
(
auth_data
->
UserLength
+
1
)
*
sizeof
(
SEC_WCHAR
));
lstrcpyW
(
username
,
auth_data
->
User
);
memcpy
(
username
,
auth_data
->
User
,
auth_data
->
UserLength
*
sizeof
(
SEC_WCHAR
));
username
[
auth_data
->
UserLength
]
=
'\0'
;
domain
=
HeapAlloc
(
GetProcessHeap
(),
0
,
(
auth_data
->
DomainLength
+
1
)
*
sizeof
(
SEC_WCHAR
));
lstrcpyW
(
domain
,
auth_data
->
Domain
);
memcpy
(
domain
,
auth_data
->
Domain
,
auth_data
->
DomainLength
*
sizeof
(
SEC_WCHAR
));
domain
[
auth_data
->
DomainLength
]
=
'\0'
;
}
TRACE
(
"Username is %s
\n
"
,
debugstr_w
(
username
));
unixcp_size
=
WideCharToMultiByte
(
CP_UNIXCP
,
WC_NO_BEST_FIT_CHARS
,
...
...
@@ -222,15 +226,16 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
{
helper
->
pwlen
=
WideCharToMultiByte
(
CP_UNIXCP
,
WC_NO_BEST_FIT_CHARS
,
auth_data
->
Password
,
auth_data
->
PasswordLength
+
1
,
NULL
,
0
,
NULL
,
auth_data
->
PasswordLength
,
NULL
,
0
,
NULL
,
NULL
)
+
1
;
helper
->
password
=
HeapAlloc
(
GetProcessHeap
(),
0
,
helper
->
pwlen
);
WideCharToMultiByte
(
CP_UNIXCP
,
WC_NO_BEST_FIT_CHARS
,
auth_data
->
Password
,
auth_data
->
PasswordLength
+
1
,
auth_data
->
Password
,
auth_data
->
PasswordLength
,
helper
->
password
,
helper
->
pwlen
,
NULL
,
NULL
);
helper
->
password
[
helper
->
pwlen
-
1
]
=
'\0'
;
}
}
...
...
@@ -304,11 +309,11 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
if
(
identity
->
UserLength
!=
0
)
{
user_sizeW
=
MultiByteToWideChar
(
CP_ACP
,
0
,
(
LPCSTR
)
identity
->
User
,
identity
->
UserLength
+
1
,
NULL
,
0
);
(
LPCSTR
)
identity
->
User
,
identity
->
UserLength
,
NULL
,
0
);
user
=
HeapAlloc
(
GetProcessHeap
(),
0
,
user_sizeW
*
sizeof
(
SEC_WCHAR
));
MultiByteToWideChar
(
CP_ACP
,
0
,
(
LPCSTR
)
identity
->
User
,
identity
->
UserLength
+
1
,
user
,
user_sizeW
);
identity
->
UserLength
,
user
,
user_sizeW
);
}
else
{
...
...
@@ -318,11 +323,11 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
if
(
identity
->
DomainLength
!=
0
)
{
domain_sizeW
=
MultiByteToWideChar
(
CP_ACP
,
0
,
(
LPCSTR
)
identity
->
Domain
,
identity
->
DomainLength
+
1
,
NULL
,
0
);
(
LPCSTR
)
identity
->
Domain
,
identity
->
DomainLength
,
NULL
,
0
);
domain
=
HeapAlloc
(
GetProcessHeap
(),
0
,
domain_sizeW
*
sizeof
(
SEC_WCHAR
));
MultiByteToWideChar
(
CP_ACP
,
0
,
(
LPCSTR
)
identity
->
Domain
,
identity
->
DomainLength
+
1
,
domain
,
domain_sizeW
);
identity
->
DomainLength
,
domain
,
domain_sizeW
);
}
else
{
...
...
@@ -502,11 +507,11 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
{
lstrcpynA
(
buffer
,
"PW "
,
max_len
-
1
);
if
((
ret
=
encodeBase64
((
unsigned
char
*
)
helper
->
password
,
helper
->
pwlen
-
2
,
buffer
+
3
,
helper
->
pwlen
-
1
,
buffer
+
3
,
max_len
-
3
,
&
buffer_len
))
!=
SEC_E_OK
)
{
TRACE
(
"Deleting password!
\n
"
);
memset
(
helper
->
password
,
0
,
helper
->
pwlen
-
2
);
memset
(
helper
->
password
,
0
,
helper
->
pwlen
-
1
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
password
);
goto
isc_end
;
}
...
...
@@ -734,7 +739,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
{
TRACE
(
"Deleting password!
\n
"
);
if
(
helper
->
password
)
memset
(
helper
->
password
,
0
,
helper
->
pwlen
-
2
);
memset
(
helper
->
password
,
0
,
helper
->
pwlen
-
1
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
password
);
}
isc_end:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment