diff options
author | Simo Sorce <simo@redhat.com> | 2013-10-16 13:36:23 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-10-16 13:44:51 -0400 |
commit | bfb97d9d48c046c0e051dec9579dcb947b0c3668 (patch) | |
tree | 26d7542dd6e244acf68e6a40b7c1ff5aeca141d5 | |
parent | 9a6214cf1fe5a3db30496ab5762dcf6a2114110e (diff) | |
download | gss-ntlmssp-password.tar.gz gss-ntlmssp-password.tar.xz gss-ntlmssp-password.zip |
Fix handling of NULL domainpassword
Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the
NTOWFv2 computation.
Fix segfault in accept_sec_context, just make dom_name be an empty string.
Fix also memory leaks.
-rw-r--r-- | src/gss_sec_ctx.c | 12 | ||||
-rw-r--r-- | src/ntlm_crypto.c | 15 |
2 files changed, 17 insertions, 10 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 7736244..528cb13 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -938,6 +938,15 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, size_t ulen, dlen, uadlen; gss_buffer_desc usrname; + if (!dom_name) { + dom_name = strdup(""); + if (!dom_name) { + retmin = ENOMEM; + retmaj = GSS_S_FAILURE; + goto done; + } + } + ulen = strlen(usr_name); dlen = strlen(dom_name); if (ulen + dlen + 2 > 1024) { @@ -1075,6 +1084,9 @@ done: safefree(computer_name); safefree(workstation); safefree(domain); + safefree(usr_name); + safefree(dom_name); + safefree(wks_name); ntlm_free_buffer_data(&target_info); return retmaj; } diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index ba5c5b0..d48f31c 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -276,16 +276,11 @@ int NTOWFv2(struct ntlm_ctx *ctx, struct ntlm_key *nt_hash, if (!retstr) return ERR_CRYPTO; offs = out; - len = strlen(domain); - /* - out = MAX_USER_DOM_LEN - offs; - retstr = u8_toupper((const uint8_t *)domain, len, - NULL, NULL, &upcased[offs], &out); - if (!retstr) return ERR_CRYPTO; - offs += out; - */ - memcpy(&upcased[offs], domain, len); - offs += len; + if (domain) { + len = strlen(domain); + memcpy(&upcased[offs], domain, len); + offs += len; + } retstr = (uint8_t *)u8_conv_to_encoding("UCS-2LE", iconveh_error, upcased, offs, NULL, NULL, &out); |