From efb99f144b67d1c642b3483d7fe738f0c1ef02f7 Mon Sep 17 00:00:00 2001 From: akallabeth Date: Mon, 25 May 2020 10:05:57 +0200 Subject: [PATCH] Fixed memory leaks in ntlm (cherry picked from commit 057b6df4aebbe8e739139087dfaab15104ca5ba7) --- winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c | 29 ++++++++++++++++------------- winpr/libwinpr/sspi/NTLM/ntlm_message.c | 2 +- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c index 7b6eabd..aa873db 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c @@ -572,54 +572,54 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context) size += 8; /* unknown 8-byte padding */ if (!sspi_SecBufferAlloc(&context->AuthenticateTargetInfo, size)) - return -1; + goto fail; AuthenticateTargetInfo = (NTLM_AV_PAIR*)context->AuthenticateTargetInfo.pvBuffer; cbAuthenticateTargetInfo = context->AuthenticateTargetInfo.cbBuffer; if (!ntlm_av_pair_list_init(AuthenticateTargetInfo, cbAuthenticateTargetInfo)) - return -1; + goto fail; if (AvNbDomainName) { if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvNbDomainName, cbAvNbDomainName)) - return -1; + goto fail; } if (AvNbComputerName) { if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvNbComputerName, cbAvNbComputerName)) - return -1; + goto fail; } if (AvDnsDomainName) { if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsDomainName, cbAvDnsDomainName)) - return -1; + goto fail; } if (AvDnsComputerName) { if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsComputerName, cbAvDnsComputerName)) - return -1; + goto fail; } if (AvDnsTreeName) { if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsTreeName, cbAvDnsTreeName)) - return -1; + goto fail; } if (AvTimestamp) { if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvTimestamp, cbAvTimestamp)) - return -1; + goto fail; } if (context->UseMIC) @@ -629,28 +629,28 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context) if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvFlags, (PBYTE)&flags, 4)) - return -1; + goto fail; } if (context->SendSingleHostData) { if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvSingleHost, (PBYTE)&context->SingleHostData, context->SingleHostData.Size)) - return -1; + goto fail; } if (!context->SuppressExtendedProtection) { if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvChannelBindings, context->ChannelBindingsHash, 16)) - return -1; + goto fail; if (context->ServicePrincipalName.Length > 0) { if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvTargetName, (PBYTE)context->ServicePrincipalName.Buffer, context->ServicePrincipalName.Length)) - return -1; + goto fail; } } @@ -660,10 +660,13 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context) AvEOL = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvEOL, NULL); if (!AvEOL) - return -1; + goto fail; ZeroMemory(AvEOL, sizeof(NTLM_AV_PAIR)); } return 1; +fail: + sspi_SecBufferFree(&context->AuthenticateTargetInfo); + return -1; } diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c index 314f5c1..34813a4 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c @@ -544,9 +544,9 @@ SECURITY_STATUS ntlm_read_ChallengeMessage(NTLM_CONTEXT* context, PSecBuffer buf winpr_HexDump(TAG, WLOG_DEBUG, context->Timestamp, 8); #endif context->state = NTLM_STATE_AUTHENTICATE; - ntlm_free_message_fields_buffer(&(message->TargetName)); status = SEC_I_CONTINUE_NEEDED; fail: + ntlm_free_message_fields_buffer(&(message->TargetName)); Stream_Free(s, FALSE); return status; } -- 2.7.4