From bc9ea2e15794e64b91b707a0896307b4953cbfb3 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 16 Oct 2013 13:36:23 -0400 Subject: Fix handling of NULL domain Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the NTOWFv2 computation. Fix segfault in accept_sec_context, just make dom_name be an empty string. Fix also memory leaks. --- src/gss_sec_ctx.c | 12 ++++++++++++ src/ntlm_crypto.c | 15 +++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 7736244..528cb13 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -938,6 +938,15 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, size_t ulen, dlen, uadlen; gss_buffer_desc usrname; + if (!dom_name) { + dom_name = strdup(""); + if (!dom_name) { + retmin = ENOMEM; + retmaj = GSS_S_FAILURE; + goto done; + } + } + ulen = strlen(usr_name); dlen = strlen(dom_name); if (ulen + dlen + 2 > 1024) { @@ -1075,6 +1084,9 @@ done: safefree(computer_name); safefree(workstation); safefree(domain); + safefree(usr_name); + safefree(dom_name); + safefree(wks_name); ntlm_free_buffer_data(&target_info); return retmaj; } diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index ba5c5b0..d48f31c 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -276,16 +276,11 @@ int NTOWFv2(struct ntlm_ctx *ctx, struct ntlm_key *nt_hash, if (!retstr) return ERR_CRYPTO; offs = out; - len = strlen(domain); - /* - out = MAX_USER_DOM_LEN - offs; - retstr = u8_toupper((const uint8_t *)domain, len, - NULL, NULL, &upcased[offs], &out); - if (!retstr) return ERR_CRYPTO; - offs += out; - */ - memcpy(&upcased[offs], domain, len); - offs += len; + if (domain) { + len = strlen(domain); + memcpy(&upcased[offs], domain, len); + offs += len; + } retstr = (uint8_t *)u8_conv_to_encoding("UCS-2LE", iconveh_error, upcased, offs, NULL, NULL, &out); -- cgit