Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
394519db
Commit
394519db
authored
Jun 26, 2012
by
Henri Verbeet
Committed by
Alexandre Julliard
Jun 26, 2012
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
secur32: Handle incomplete messages in schan_InitializeSecurityContextW().
parent
8f39fb14
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
72 additions
and
3 deletions
+72
-3
schannel.c
dlls/secur32/schannel.c
+24
-0
schannel.c
dlls/secur32/tests/schannel.c
+48
-3
No files found.
dlls/secur32/schannel.c
View file @
394519db
...
...
@@ -714,6 +714,30 @@ static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW(
}
else
{
unsigned
int
expected_size
;
unsigned
char
*
ptr
;
SecBuffer
*
buffer
;
int
idx
;
if
(
!
pInput
)
return
SEC_E_INCOMPLETE_MESSAGE
;
idx
=
schan_find_sec_buffer_idx
(
pInput
,
0
,
SECBUFFER_TOKEN
);
if
(
idx
==
-
1
)
return
SEC_E_INCOMPLETE_MESSAGE
;
buffer
=
&
pInput
->
pBuffers
[
idx
];
if
(
buffer
->
cbBuffer
<
5
)
return
SEC_E_INCOMPLETE_MESSAGE
;
ptr
=
buffer
->
pvBuffer
;
expected_size
=
5
+
((
ptr
[
3
]
<<
8
)
|
ptr
[
4
]);
if
(
buffer
->
cbBuffer
<
expected_size
)
{
TRACE
(
"Expected %u bytes, but buffer only contains %u bytes.
\n
"
,
expected_size
,
buffer
->
cbBuffer
);
return
SEC_E_INCOMPLETE_MESSAGE
;
}
ctx
=
schan_get_object
(
phContext
->
dwLower
,
SCHAN_HANDLE_CTX
);
}
...
...
dlls/secur32/tests/schannel.c
View file @
394519db
...
...
@@ -640,21 +640,66 @@ static void test_communication(void)
buffers
[
1
].
cBuffers
=
1
;
buffers
[
1
].
pBuffers
[
0
].
BufferType
=
SECBUFFER_TOKEN
;
data_size
=
buffers
[
0
].
pBuffers
[
0
].
cbBuffer
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
&
context
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
&
buffers
[
1
],
0
,
NULL
,
&
buffers
[
0
],
&
attrs
,
NULL
);
ok
(
status
==
SEC_E_INVALID_TOKEN
,
"Expected SEC_E_INVALID_TOKEN, got %08x
\n
"
,
status
);
buffers
[
0
].
pBuffers
[
0
].
cbBuffer
=
buf_size
;
buffers
[
1
].
cBuffers
=
4
;
buffers
[
1
].
pBuffers
[
0
].
cbBuffer
=
buf_size
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
NULL
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
NULL
,
0
,
&
context
,
&
buffers
[
0
],
&
attrs
,
NULL
);
ok
(
status
==
SEC_I_CONTINUE_NEEDED
,
"Expected SEC_I_CONTINUE_NEEDED, got %08x
\n
"
,
status
);
buf
=
&
buffers
[
0
].
pBuffers
[
0
];
send
(
sock
,
buf
->
pvBuffer
,
buf
->
cbBuffer
,
0
);
buf
->
cbBuffer
=
buf_size
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
&
context
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
NULL
,
0
,
NULL
,
&
buffers
[
0
],
&
attrs
,
NULL
);
ok
(
status
==
SEC_E_INCOMPLETE_MESSAGE
,
"Got unexpected status %#x.
\n
"
,
status
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
cbBuffer
==
buf_size
,
"Output buffer size changed.
\n
"
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
BufferType
==
SECBUFFER_TOKEN
,
"Output buffer type changed.
\n
"
);
buffers
[
1
].
cBuffers
=
4
;
buffers
[
1
].
pBuffers
[
0
].
cbBuffer
=
0
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
&
context
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
&
buffers
[
1
],
0
,
NULL
,
&
buffers
[
0
],
&
attrs
,
NULL
);
ok
(
status
==
SEC_E_INCOMPLETE_MESSAGE
,
"Got unexpected status %#x.
\n
"
,
status
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
cbBuffer
==
buf_size
,
"Output buffer size changed.
\n
"
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
BufferType
==
SECBUFFER_TOKEN
,
"Output buffer type changed.
\n
"
);
buf
=
&
buffers
[
1
].
pBuffers
[
0
];
buf
->
cbBuffer
=
buf_size
;
ret
=
receive_data
(
sock
,
buf
);
if
(
ret
==
-
1
)
return
;
buffers
[
1
].
pBuffers
[
0
].
cbBuffer
=
4
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
&
context
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
&
buffers
[
1
],
0
,
NULL
,
&
buffers
[
0
],
&
attrs
,
NULL
);
ok
(
status
==
SEC_E_INCOMPLETE_MESSAGE
,
"Got unexpected status %#x.
\n
"
,
status
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
cbBuffer
==
buf_size
,
"Output buffer size changed.
\n
"
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
BufferType
==
SECBUFFER_TOKEN
,
"Output buffer type changed.
\n
"
);
buffers
[
1
].
pBuffers
[
0
].
cbBuffer
=
5
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
&
context
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
&
buffers
[
1
],
0
,
NULL
,
&
buffers
[
0
],
&
attrs
,
NULL
);
ok
(
status
==
SEC_E_INCOMPLETE_MESSAGE
,
"Got unexpected status %#x.
\n
"
,
status
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
cbBuffer
==
buf_size
,
"Output buffer size changed.
\n
"
);
ok
(
buffers
[
0
].
pBuffers
[
0
].
BufferType
==
SECBUFFER_TOKEN
,
"Output buffer type changed.
\n
"
);
buffers
[
1
].
pBuffers
[
0
].
cbBuffer
=
ret
;
status
=
pInitializeSecurityContextA
(
&
cred_handle
,
&
context
,
(
SEC_CHAR
*
)
"localhost"
,
ISC_REQ_CONFIDENTIALITY
|
ISC_REQ_STREAM
,
0
,
0
,
&
buffers
[
1
],
0
,
NULL
,
&
buffers
[
0
],
&
attrs
,
NULL
);
buffers
[
1
].
pBuffers
[
0
].
cbBuffer
=
buf_size
;
while
(
status
==
SEC_I_CONTINUE_NEEDED
)
{
buf
=
&
buffers
[
0
].
pBuffers
[
0
];
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment