Fix handling of NULL domainpassword

Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the
NTOWFv2 computation.

Fix segfault in accept_sec_context, just make dom_name be an empty string.

Fix also memory leaks.

2 files changed, 17 insertions, 10 deletions

diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 7736244..528cb13 100644
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -938,6 +938,15 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
             size_t ulen, dlen, uadlen;
             gss_buffer_desc usrname;
 
+            if (!dom_name) {
+                dom_name = strdup("");
+                if (!dom_name) {
+                    retmin = ENOMEM;
+                    retmaj = GSS_S_FAILURE;
+                    goto done;
+                }
+            }
+
             ulen = strlen(usr_name);
             dlen = strlen(dom_name);
             if (ulen + dlen + 2 > 1024) {
@@ -1075,6 +1084,9 @@ done:
     safefree(computer_name);
     safefree(workstation);
     safefree(domain);
+    safefree(usr_name);
+    safefree(dom_name);
+    safefree(wks_name);
     ntlm_free_buffer_data(&target_info);
     return retmaj;
 }
diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c
index ba5c5b0..d48f31c 100644
--- a/src/ntlm_crypto.c
+++ b/src/ntlm_crypto.c
@@ -276,16 +276,11 @@ int NTOWFv2(struct ntlm_ctx *ctx, struct ntlm_key *nt_hash,
     if (!retstr) return ERR_CRYPTO;
     offs = out;
 
-    len = strlen(domain);
-    /*
-    out = MAX_USER_DOM_LEN - offs;
-    retstr = u8_toupper((const uint8_t *)domain, len,
-                        NULL, NULL, &upcased[offs], &out);
-    if (!retstr) return ERR_CRYPTO;
-    offs += out;
-    */
-    memcpy(&upcased[offs], domain, len);
-    offs += len;
+    if (domain) {
+        len = strlen(domain);
+        memcpy(&upcased[offs], domain, len);
+        offs += len;
+    }
 
     retstr = (uint8_t *)u8_conv_to_encoding("UCS-2LE", iconveh_error,
                                             upcased, offs, NULL, NULL, &out);