2004-05-15 Jeffrey Altman <jaltman@mit.edu>

author Jeffrey Altman <jaltman@secure-endpoints.com>

Sat, 15 May 2004 04:08:08 +0000 (04:08 +0000)

committer Jeffrey Altman <jaltman@secure-endpoints.com>

Sat, 15 May 2004 04:08:08 +0000 (04:08 +0000)
author Jeffrey Altman <jaltman@secure-endpoints.com>
Sat, 15 May 2004 04:08:08 +0000 (04:08 +0000)
committer Jeffrey Altman <jaltman@secure-endpoints.com>
Sat, 15 May 2004 04:08:08 +0000 (04:08 +0000)
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog

index aacadc5ae5da9a8d4a9d7105909d07008cf0fce4..aabd2f29a65c4b3d8dd8f0d49a6e5d99652a486b 100644 (file)
--- a/src/lib/krb5/ccache/ChangeLog
+++ b/src/lib/krb5/ccache/ChangeLog
@@ -1,3 +1,10 @@
+2004-05-15  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c:  The FAILED() macro only considered an error 
+      to be a failure if the value is negative.  ConstructTicketRequest()
+      returns positive errors.  Do not use FAILED() to test the result.
+      Also, fix a potential leak of LSA allocated memory.
+
  2004-04-24  Ken Raeburn  <raeburn@mit.edu>
  
         * ccbase.c: Include ctype.h.
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c

index 9d06753590c66a50d9ac43fffd1ec3f847b5ef17..73d6b7096d7cb6d35b82aabd76030cc58daeb21b 100644 (file)
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -491,10 +491,10 @@ IsKerberosLogon(VOID)
      return Success;
  }
  
-static NTSTATUS
+static DWORD
  ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * outRequest, ULONG * outSize)
  {
-    NTSTATUS Status;
+    DWORD Error;
      UNICODE_STRING TargetPrefix;
      USHORT TargetSize;
      ULONG RequestSize;
@@ -546,12 +546,12 @@ ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * o
      pTicketRequest->TargetName.Length = 0;
      pTicketRequest->TargetName.MaximumLength = TargetSize;
      pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
-    Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
+    Error = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
                                          TargetPrefix,
                                          DomainName);
      *outRequest = pTicketRequest;
      *outSize    = RequestSize;
-    return Status;
+    return Error;
  }
  
  static BOOL
@@ -604,6 +604,7 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
      BOOL bIsLsaError = FALSE;
      NTSTATUS Status = 0;
      NTSTATUS SubStatus = 0;
+    DWORD   Error;
  
      KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
      PKERB_RETRIEVE_TKT_REQUEST pTicketRequest;
@@ -662,16 +663,16 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
          // the required fields are not supported on Windows 2000.  :(
          if ( supported && GetSecurityLogonSessionData(&pSessionData) ) {
              if ( pSessionData->DnsDomainName.Buffer ) {
-                Status = ConstructTicketRequest(pSessionData->DnsDomainName,
+                Error = ConstructTicketRequest(pSessionData->DnsDomainName,
                                                  &pTicketRequest, &RequestSize);
-                if ( FAILED(Status) ) {
+                LsaFreeReturnBuffer(pSessionData);
+                if ( Error )
                      goto cleanup;
-                }
              } else {
+                LsaFreeReturnBuffer(pSessionData);
                  bIsLsaError = TRUE;
                  goto cleanup;
              }
-            LsaFreeReturnBuffer(pSessionData);
          } else {
              CHAR  UserDnsDomain[256];
              WCHAR UnicodeUserDnsDomain[256];
@@ -691,11 +692,10 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
              wrapper.Length = wcslen(UnicodeUserDnsDomain) * sizeof(WCHAR);
              wrapper.MaximumLength = 256;
  
-            Status = ConstructTicketRequest(wrapper,
+            Error = ConstructTicketRequest(wrapper,
                                               &pTicketRequest, &RequestSize);
-            if ( FAILED(Status) ) {
+            if ( Error )
                  goto cleanup;
-            }
          }
      } else {
  #ifdef PURGE_ALL
@@ -744,9 +744,9 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
          }
  #endif /* PURGE_ALL */
  
-        Status = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName,
+        Error = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName,
                                          &pTicketRequest, &RequestSize);
-        if ( FAILED(Status) ) {
+        if ( Error ) {
              goto cleanup;
          }
author	Jeffrey Altman <jaltman@secure-endpoints.com>
	Sat, 15 May 2004 04:08:08 +0000 (04:08 +0000)
committer	Jeffrey Altman <jaltman@secure-endpoints.com>
	Sat, 15 May 2004 04:08:08 +0000 (04:08 +0000)
src/lib/krb5/ccache/ChangeLog		patch \| blob \| history
src/lib/krb5/ccache/cc_mslsa.c		patch \| blob \| history