Kai Blin : secur32:
Copy helper buffer to output buffer before reusing helper buffer.
Alexandre Julliard
julliard at wine.codeweavers.com
Tue Aug 15 06:42:12 CDT 2006
Module: wine
Branch: master
Commit: fe43d5d4842e2f2a5ff130d0078a165a69110408
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=fe43d5d4842e2f2a5ff130d0078a165a69110408
Author: Kai Blin <kai.blin at gmail.com>
Date: Mon Aug 14 19:35:39 2006 +0200
secur32: Copy helper buffer to output buffer before reusing helper buffer.
---
dlls/secur32/ntlm.c | 73 +++++++++++++++++++++++++++------------------------
1 files changed, 38 insertions(+), 35 deletions(-)
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 5750386..44e8ac0 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -577,6 +577,44 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
goto isc_end;
}
+ phNewContext->dwUpper = ctxt_attr;
+ phNewContext->dwLower = (ULONG_PTR)helper;
+
+ ret = SEC_E_OK;
+ }
+
+ /* put the decoded client blob into the out buffer */
+
+ if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
+ {
+ if (pOutput)
+ {
+ pOutput->cBuffers = 1;
+ pOutput->pBuffers[0].pvBuffer = SECUR32_ALLOC(bin_len);
+ pOutput->pBuffers[0].cbBuffer = bin_len;
+ }
+ }
+
+ if (!pOutput || !pOutput->cBuffers || pOutput->pBuffers[0].cbBuffer < bin_len)
+ {
+ TRACE("out buffer is NULL or has not enough space\n");
+ ret = SEC_E_BUFFER_TOO_SMALL;
+ goto isc_end;
+ }
+
+ if (!pOutput->pBuffers[0].pvBuffer)
+ {
+ TRACE("out buffer is NULL\n");
+ ret = SEC_E_INTERNAL_ERROR;
+ goto isc_end;
+ }
+
+ pOutput->pBuffers[0].cbBuffer = bin_len;
+ pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
+ memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
+
+ if(ret == SEC_E_OK)
+ {
TRACE("Getting negotiated flags\n");
lstrcpynA(buffer, "GF", max_len - 1);
if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
@@ -630,43 +668,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_In
memcpy(helper->session_key, bin, bin_len);
}
}
-
- phNewContext->dwUpper = ctxt_attr;
- phNewContext->dwLower = (ULONG_PTR)helper;
-
- ret = SEC_E_OK;
- }
-
- /* put the decoded client blob into the out buffer */
-
- if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
- {
- if (pOutput)
- {
- pOutput->cBuffers = 1;
- pOutput->pBuffers[0].pvBuffer = SECUR32_ALLOC(bin_len);
- pOutput->pBuffers[0].cbBuffer = bin_len;
- }
}
- if (!pOutput || !pOutput->cBuffers || pOutput->pBuffers[0].cbBuffer < bin_len)
- {
- TRACE("out buffer is NULL or has not enough space\n");
- ret = SEC_E_BUFFER_TOO_SMALL;
- goto isc_end;
- }
-
- if (!pOutput->pBuffers[0].pvBuffer)
- {
- TRACE("out buffer is NULL\n");
- ret = SEC_E_INTERNAL_ERROR;
- goto isc_end;
- }
-
- pOutput->pBuffers[0].cbBuffer = bin_len;
- pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
- memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
-
if(ret != SEC_I_CONTINUE_NEEDED)
{
TRACE("Deleting password!\n");
More information about the wine-cvs
mailing list