Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
81213a88
Commit
81213a88
authored
May 10, 2012
by
Hans Leidekker
Committed by
Alexandre Julliard
May 10, 2012
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
secur32: Fix potential leaks of the NTLM session key.
parent
25f34789
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
10 additions
and
8 deletions
+10
-8
dispatcher.c
dlls/secur32/dispatcher.c
+1
-0
ntlm.c
dlls/secur32/ntlm.c
+9
-8
No files found.
dlls/secur32/dispatcher.c
View file @
81213a88
...
@@ -281,6 +281,7 @@ void cleanup_helper(PNegoHelper helper)
...
@@ -281,6 +281,7 @@ void cleanup_helper(PNegoHelper helper)
return
;
return
;
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
com_buf
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
com_buf
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
/* closing stdin will terminate ntlm_auth */
/* closing stdin will terminate ntlm_auth */
close
(
helper
->
pipe_out
);
close
(
helper
->
pipe_out
);
...
...
dlls/secur32/ntlm.c
View file @
81213a88
...
@@ -825,7 +825,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
...
@@ -825,7 +825,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
ret
=
SEC_E_BUFFER_TOO_SMALL
;
ret
=
SEC_E_BUFFER_TOO_SMALL
;
if
((
phContext
==
NULL
)
&&
(
pInput
==
NULL
))
if
((
phContext
==
NULL
)
&&
(
pInput
==
NULL
))
{
{
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
cleanup_helper
(
helper
);
cleanup_helper
(
helper
);
phNewContext
->
dwUpper
=
0
;
phNewContext
->
dwUpper
=
0
;
phNewContext
->
dwLower
=
0
;
phNewContext
->
dwLower
=
0
;
...
@@ -844,7 +843,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
...
@@ -844,7 +843,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
ret
=
SEC_E_BUFFER_TOO_SMALL
;
ret
=
SEC_E_BUFFER_TOO_SMALL
;
if
((
phContext
==
NULL
)
&&
(
pInput
==
NULL
))
if
((
phContext
==
NULL
)
&&
(
pInput
==
NULL
))
{
{
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
cleanup_helper
(
helper
);
cleanup_helper
(
helper
);
phNewContext
->
dwUpper
=
0
;
phNewContext
->
dwUpper
=
0
;
phNewContext
->
dwLower
=
0
;
phNewContext
->
dwLower
=
0
;
...
@@ -858,7 +856,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
...
@@ -858,7 +856,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
ret
=
SEC_E_INTERNAL_ERROR
;
ret
=
SEC_E_INTERNAL_ERROR
;
if
((
phContext
==
NULL
)
&&
(
pInput
==
NULL
))
if
((
phContext
==
NULL
)
&&
(
pInput
==
NULL
))
{
{
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
cleanup_helper
(
helper
);
cleanup_helper
(
helper
);
phNewContext
->
dwUpper
=
0
;
phNewContext
->
dwUpper
=
0
;
phNewContext
->
dwLower
=
0
;
phNewContext
->
dwLower
=
0
;
...
@@ -907,8 +904,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
...
@@ -907,8 +904,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
helper
->
session_key
=
HeapAlloc
(
GetProcessHeap
(),
0
,
bin_len
);
helper
->
session_key
=
HeapAlloc
(
GetProcessHeap
(),
0
,
bin_len
);
if
(
!
helper
->
session_key
)
if
(
!
helper
->
session_key
)
{
{
TRACE
(
"Failed to allocate memory for session key
\n
"
);
ret
=
SEC_E_INSUFFICIENT_MEMORY
;
ret
=
SEC_E_INTERNAL_ERROR
;
goto
isc_end
;
goto
isc_end
;
}
}
memcpy
(
helper
->
session_key
,
bin
,
bin_len
);
memcpy
(
helper
->
session_key
,
bin
,
bin_len
);
...
@@ -1288,7 +1284,13 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
...
@@ -1288,7 +1284,13 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
if
(
strncmp
(
buffer
,
"BH "
,
3
)
==
0
)
if
(
strncmp
(
buffer
,
"BH "
,
3
)
==
0
)
{
{
TRACE
(
"Helper sent %s
\n
"
,
debugstr_a
(
buffer
+
3
));
TRACE
(
"Helper sent %s
\n
"
,
debugstr_a
(
buffer
+
3
));
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
helper
->
session_key
=
HeapAlloc
(
GetProcessHeap
(),
0
,
16
);
helper
->
session_key
=
HeapAlloc
(
GetProcessHeap
(),
0
,
16
);
if
(
!
helper
->
session_key
)
{
ret
=
SEC_E_INSUFFICIENT_MEMORY
;
goto
asc_end
;
}
/*FIXME: Generate the dummy session key = MD4(MD4(password))*/
/*FIXME: Generate the dummy session key = MD4(MD4(password))*/
memset
(
helper
->
session_key
,
0
,
16
);
memset
(
helper
->
session_key
,
0
,
16
);
}
}
...
@@ -1300,11 +1302,11 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
...
@@ -1300,11 +1302,11 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
TRACE
(
"Failed to decode session key
\n
"
);
TRACE
(
"Failed to decode session key
\n
"
);
}
}
TRACE
(
"Session key is %s
\n
"
,
debugstr_a
(
buffer
+
3
));
TRACE
(
"Session key is %s
\n
"
,
debugstr_a
(
buffer
+
3
));
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
helper
->
session_key
=
HeapAlloc
(
GetProcessHeap
(),
0
,
16
);
helper
->
session_key
=
HeapAlloc
(
GetProcessHeap
(),
0
,
16
);
if
(
!
helper
->
session_key
)
if
(
!
helper
->
session_key
)
{
{
TRACE
(
"Failed to allocate memory for session key
\n
"
);
ret
=
SEC_E_INSUFFICIENT_MEMORY
;
ret
=
SEC_E_INTERNAL_ERROR
;
goto
asc_end
;
goto
asc_end
;
}
}
memcpy
(
helper
->
session_key
,
bin
,
16
);
memcpy
(
helper
->
session_key
,
bin
,
16
);
...
@@ -1356,7 +1358,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContex
...
@@ -1356,7 +1358,6 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContex
phContext
->
dwLower
=
0
;
phContext
->
dwLower
=
0
;
SECUR32_arc4Cleanup
(
helper
->
crypt
.
ntlm
.
a4i
);
SECUR32_arc4Cleanup
(
helper
->
crypt
.
ntlm
.
a4i
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
session_key
);
SECUR32_arc4Cleanup
(
helper
->
crypt
.
ntlm2
.
send_a4i
);
SECUR32_arc4Cleanup
(
helper
->
crypt
.
ntlm2
.
send_a4i
);
SECUR32_arc4Cleanup
(
helper
->
crypt
.
ntlm2
.
recv_a4i
);
SECUR32_arc4Cleanup
(
helper
->
crypt
.
ntlm2
.
recv_a4i
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
crypt
.
ntlm2
.
send_sign_key
);
HeapFree
(
GetProcessHeap
(),
0
,
helper
->
crypt
.
ntlm2
.
send_sign_key
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment