Fixed memory leaks in ntlm

author akallabeth <akallabeth@posteo.net>

Mon, 25 May 2020 08:05:57 +0000 (10:05 +0200)

committer Armin Novak <armin.novak@thincast.com>

Mon, 22 Jun 2020 10:11:48 +0000 (12:11 +0200)
author akallabeth <akallabeth@posteo.net>
Mon, 25 May 2020 08:05:57 +0000 (10:05 +0200)
committer Armin Novak <armin.novak@thincast.com>
Mon, 22 Jun 2020 10:11:48 +0000 (12:11 +0200)
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c

index 7b6eabd..aa873db 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
@@ -572,54 +572,54 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
                 size += 8; /* unknown 8-byte padding */
  
         if (!sspi_SecBufferAlloc(&context->AuthenticateTargetInfo, size))
-               return -1;
+               goto fail;
  
         AuthenticateTargetInfo = (NTLM_AV_PAIR*)context->AuthenticateTargetInfo.pvBuffer;
         cbAuthenticateTargetInfo = context->AuthenticateTargetInfo.cbBuffer;
  
         if (!ntlm_av_pair_list_init(AuthenticateTargetInfo, cbAuthenticateTargetInfo))
-               return -1;
+               goto fail;
  
         if (AvNbDomainName)
         {
                 if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvNbDomainName,
                                            cbAvNbDomainName))
-                       return -1;
+                       goto fail;
         }
  
         if (AvNbComputerName)
         {
                 if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                                            AvNbComputerName, cbAvNbComputerName))
-                       return -1;
+                       goto fail;
         }
  
         if (AvDnsDomainName)
         {
                 if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                                            AvDnsDomainName, cbAvDnsDomainName))
-                       return -1;
+                       goto fail;
         }
  
         if (AvDnsComputerName)
         {
                 if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                                            AvDnsComputerName, cbAvDnsComputerName))
-                       return -1;
+                       goto fail;
         }
  
         if (AvDnsTreeName)
         {
                 if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsTreeName,
                                            cbAvDnsTreeName))
-                       return -1;
+                       goto fail;
         }
  
         if (AvTimestamp)
         {
                 if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvTimestamp,
                                            cbAvTimestamp))
-                       return -1;
+                       goto fail;
         }
  
         if (context->UseMIC)
@@ -629,28 +629,28 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
  
                 if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvFlags,
                                       (PBYTE)&flags, 4))
-                       return -1;
+                       goto fail;
         }
  
         if (context->SendSingleHostData)
         {
                 if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvSingleHost,
                                       (PBYTE)&context->SingleHostData, context->SingleHostData.Size))
-                       return -1;
+                       goto fail;
         }
  
         if (!context->SuppressExtendedProtection)
         {
                 if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvChannelBindings,
                                       context->ChannelBindingsHash, 16))
-                       return -1;
+                       goto fail;
  
                 if (context->ServicePrincipalName.Length > 0)
                 {
                         if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvTargetName,
                                               (PBYTE)context->ServicePrincipalName.Buffer,
                                               context->ServicePrincipalName.Length))
-                               return -1;
+                               goto fail;
                 }
         }
  
@@ -660,10 +660,13 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
                 AvEOL = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvEOL, NULL);
  
                 if (!AvEOL)
-                       return -1;
+                       goto fail;
  
                 ZeroMemory(AvEOL, sizeof(NTLM_AV_PAIR));
         }
  
         return 1;
+fail:
+       sspi_SecBufferFree(&context->AuthenticateTargetInfo);
+       return -1;
  }
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c

index 314f5c1..34813a4 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
@@ -544,9 +544,9 @@ SECURITY_STATUS ntlm_read_ChallengeMessage(NTLM_CONTEXT* context, PSecBuffer buf
         winpr_HexDump(TAG, WLOG_DEBUG, context->Timestamp, 8);
  #endif
         context->state = NTLM_STATE_AUTHENTICATE;
-       ntlm_free_message_fields_buffer(&(message->TargetName));
         status = SEC_I_CONTINUE_NEEDED;
  fail:
+       ntlm_free_message_fields_buffer(&(message->TargetName));
         Stream_Free(s, FALSE);
         return status;
  }
author	akallabeth <akallabeth@posteo.net>
	Mon, 25 May 2020 08:05:57 +0000 (10:05 +0200)
committer	Armin Novak <armin.novak@thincast.com>
	Mon, 22 Jun 2020 10:11:48 +0000 (12:11 +0200)
winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c		patch \| blob \| history
winpr/libwinpr/sspi/NTLM/ntlm_message.c		patch \| blob \| history