From: Jeffrey Altman Date: Sat, 15 May 2004 04:08:08 +0000 (+0000) Subject: 2004-05-15 Jeffrey Altman X-Git-Tag: krb5-1.4-beta1~412 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=40ea20074a236fc123a3a6ee5fa03d20a2e5c7c0;p=krb5.git 2004-05-15 Jeffrey Altman * cc_mslsa.c: Do not use the FAILED() macro to test the result of ConstructTicketRequest(). ConstructTicketRequest() returns positive errors and FAILED() only considers negative values to be a failure condition. Also, close potential memory leak of LSA allocated memory. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16338 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index aacadc5ae..aabd2f29a 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,10 @@ +2004-05-15 Jeffrey Altman + + * cc_mslsa.c: The FAILED() macro only considered an error + to be a failure if the value is negative. ConstructTicketRequest() + returns positive errors. Do not use FAILED() to test the result. + Also, fix a potential leak of LSA allocated memory. + 2004-04-24 Ken Raeburn * ccbase.c: Include ctype.h. diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 9d0675359..73d6b7096 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -491,10 +491,10 @@ IsKerberosLogon(VOID) return Success; } -static NTSTATUS +static DWORD ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * outRequest, ULONG * outSize) { - NTSTATUS Status; + DWORD Error; UNICODE_STRING TargetPrefix; USHORT TargetSize; ULONG RequestSize; @@ -546,12 +546,12 @@ ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * o pTicketRequest->TargetName.Length = 0; pTicketRequest->TargetName.MaximumLength = TargetSize; pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); - Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), + Error = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), TargetPrefix, DomainName); *outRequest = pTicketRequest; *outSize = RequestSize; - return Status; + return Error; } static BOOL @@ -604,6 +604,7 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) BOOL bIsLsaError = FALSE; NTSTATUS Status = 0; NTSTATUS SubStatus = 0; + DWORD Error; KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; PKERB_RETRIEVE_TKT_REQUEST pTicketRequest; @@ -662,16 +663,16 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) // the required fields are not supported on Windows 2000. :( if ( supported && GetSecurityLogonSessionData(&pSessionData) ) { if ( pSessionData->DnsDomainName.Buffer ) { - Status = ConstructTicketRequest(pSessionData->DnsDomainName, + Error = ConstructTicketRequest(pSessionData->DnsDomainName, &pTicketRequest, &RequestSize); - if ( FAILED(Status) ) { + LsaFreeReturnBuffer(pSessionData); + if ( Error ) goto cleanup; - } } else { + LsaFreeReturnBuffer(pSessionData); bIsLsaError = TRUE; goto cleanup; } - LsaFreeReturnBuffer(pSessionData); } else { CHAR UserDnsDomain[256]; WCHAR UnicodeUserDnsDomain[256]; @@ -691,11 +692,10 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) wrapper.Length = wcslen(UnicodeUserDnsDomain) * sizeof(WCHAR); wrapper.MaximumLength = 256; - Status = ConstructTicketRequest(wrapper, + Error = ConstructTicketRequest(wrapper, &pTicketRequest, &RequestSize); - if ( FAILED(Status) ) { + if ( Error ) goto cleanup; - } } } else { #ifdef PURGE_ALL @@ -744,9 +744,9 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) } #endif /* PURGE_ALL */ - Status = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName, + Error = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName, &pTicketRequest, &RequestSize); - if ( FAILED(Status) ) { + if ( Error ) { goto cleanup; }