ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secur32: Handle incomplete messages in schan_InitializeSecurityContextW().

This commit is contained in:
Henri Verbeet 2012-06-26 16:03:49 +02:00 committed by Alexandre Julliard
parent 8f39fb146a
commit 394519db67
2 changed files with 72 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
dlls/secur32/schannel.c
View File

@ -714,6 +714,30 @@ static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW(
} }
else else
{ {
unsigned int expected_size;
unsigned char *ptr;
SecBuffer *buffer;
int idx;
if (!pInput)
return SEC_E_INCOMPLETE_MESSAGE;
idx = schan_find_sec_buffer_idx(pInput, 0, SECBUFFER_TOKEN);
if (idx == -1)
return SEC_E_INCOMPLETE_MESSAGE;
buffer = &pInput->pBuffers[idx];
if (buffer->cbBuffer < 5)
return SEC_E_INCOMPLETE_MESSAGE;
ptr = buffer->pvBuffer;
expected_size = 5 + ((ptr[3] << 8) | ptr[4]);
if (buffer->cbBuffer < expected_size)
{
TRACE("Expected %u bytes, but buffer only contains %u bytes.\n", expected_size, buffer->cbBuffer);
return SEC_E_INCOMPLETE_MESSAGE;
}
ctx = schan_get_object(phContext->dwLower, SCHAN_HANDLE_CTX); ctx = schan_get_object(phContext->dwLower, SCHAN_HANDLE_CTX);
} }

51
dlls/secur32/tests/schannel.c
View File

@ -640,21 +640,66 @@ static void test_communication(void)
buffers[1].cBuffers = 1; buffers[1].cBuffers = 1;
buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN; buffers[1].pBuffers[0].BufferType = SECBUFFER_TOKEN;
data_size = buffers[0].pBuffers[0].cbBuffer;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost", status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM, ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL); 0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status); ok(status == SEC_E_INVALID_TOKEN, "Expected SEC_E_INVALID_TOKEN, got %08x\n", status);
buffers[0].pBuffers[0].cbBuffer = buf_size; buffers[0].pBuffers[0].cbBuffer = buf_size;
buffers[1].cBuffers = 4;
buffers[1].pBuffers[0].cbBuffer = buf_size;
status = pInitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost", status = pInitializeSecurityContextA(&cred_handle, NULL, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM, ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL); 0, 0, NULL, 0, &context, &buffers[0], &attrs, NULL);
ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status); ok(status == SEC_I_CONTINUE_NEEDED, "Expected SEC_I_CONTINUE_NEEDED, got %08x\n", status);
buf = &buffers[0].pBuffers[0];
send(sock, buf->pvBuffer, buf->cbBuffer, 0);
buf->cbBuffer = buf_size;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, NULL, 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buffers[1].cBuffers = 4;
buffers[1].pBuffers[0].cbBuffer = 0;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buf = &buffers[1].pBuffers[0];
buf->cbBuffer = buf_size;
ret = receive_data(sock, buf);
if (ret == -1)
return;
buffers[1].pBuffers[0].cbBuffer = 4;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buffers[1].pBuffers[0].cbBuffer = 5;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
ok(status == SEC_E_INCOMPLETE_MESSAGE, "Got unexpected status %#x.\n", status);
ok(buffers[0].pBuffers[0].cbBuffer == buf_size, "Output buffer size changed.\n");
ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_TOKEN, "Output buffer type changed.\n");
buffers[1].pBuffers[0].cbBuffer = ret;
status = pInitializeSecurityContextA(&cred_handle, &context, (SEC_CHAR *)"localhost",
ISC_REQ_CONFIDENTIALITY|ISC_REQ_STREAM,
0, 0, &buffers[1], 0, NULL, &buffers[0], &attrs, NULL);
buffers[1].pBuffers[0].cbBuffer = buf_size;
while (status == SEC_I_CONTINUE_NEEDED) while (status == SEC_I_CONTINUE_NEEDED)
{ {
buf = &buffers[0].pBuffers[0]; buf = &buffers[0].pBuffers[0];