From 6720a129f3a77a280e589660828855a06ccdd5e0 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Wed, 8 Nov 2006 12:10:05 +0100 Subject: [PATCH] secur32: Delete session key and arc4 context when the session based security context is deleted. --- dlls/secur32/dispatcher.c | 1 - dlls/secur32/ntlm.c | 32 ++++++++++++++++---------------- dlls/secur32/secur32_priv.h | 1 + 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/dlls/secur32/dispatcher.c b/dlls/secur32/dispatcher.c index b7b9f9d23f9..c150a142ca8 100644 --- a/dlls/secur32/dispatcher.c +++ b/dlls/secur32/dispatcher.c @@ -258,7 +258,6 @@ void cleanup_helper(PNegoHelper helper) return; HeapFree(GetProcessHeap(), 0, helper->com_buf); - HeapFree(GetProcessHeap(), 0, helper->session_key); /* closing stdin will terminate ntlm_auth */ close(helper->pipe_out); diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c index 8cc206df8c4..2b3c02d00f0 100644 --- a/dlls/secur32/ntlm.c +++ b/dlls/secur32/ntlm.c @@ -690,8 +690,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( } TRACE("Session key is %s\n", debugstr_a(buffer+3)); helper->valid_session_key = TRUE; - if(!helper->session_key) - helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len); + helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len); if(!helper->session_key) { TRACE("Failed to allocate memory for session key\n"); @@ -1036,8 +1035,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext( } TRACE("Session key is %s\n", debugstr_a(buffer+3)); helper->valid_session_key = TRUE; - if(!helper->session_key) - helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16); + helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16); if(!helper->session_key) { TRACE("Failed to allocate memory for session key\n"); @@ -1081,20 +1079,22 @@ static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext, */ static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext) { - SECURITY_STATUS ret; + PNegoHelper helper; TRACE("%p\n", phContext); - if (phContext) - { - phContext->dwUpper = 0; - phContext->dwLower = 0; - ret = SEC_E_OK; - } - else - { - ret = SEC_E_INVALID_HANDLE; - } - return ret; + if (!phContext) + return SEC_E_INVALID_HANDLE; + + helper = (PNegoHelper)phContext->dwLower; + + phContext->dwUpper = 0; + phContext->dwLower = 0; + + SECUR32_arc4Cleanup(helper->crypt.ntlm.a4i); + HeapFree(GetProcessHeap(), 0, helper->session_key); + helper->valid_session_key = FALSE; + + return SEC_E_OK; } /*********************************************************************** diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h index d2002fdf268..8a6a290cc22 100644 --- a/dlls/secur32/secur32_priv.h +++ b/dlls/secur32/secur32_priv.h @@ -139,6 +139,7 @@ SECURITY_STATUS SECUR32_CreateNTLMv1SessionKey(PBYTE password, int len, PBYTE se arc4_info *SECUR32_arc4Alloc(void); void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen); void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length); +void SECUR32_arc4Cleanup(arc4_info *a4i); /* NTLMSSP flags indicating the negotiated features */ #define NTLMSSP_NEGOTIATE_UNICODE 0x00000001