Hans Leidekker : secur32: Simplify nego_AcquireCredentialsHandleA() and fix an invalid free.
Alexandre Julliard
julliard at winehq.org
Wed Jul 13 16:54:55 CDT 2022
Module: wine
Branch: master
Commit: 4c9d30a12150679bbfecd2fbfe6dff83eff5512a
URL: https://gitlab.winehq.org/wine/wine/-/commit/4c9d30a12150679bbfecd2fbfe6dff83eff5512a
Author: Hans Leidekker <hans at codeweavers.com>
Date: Tue Jul 12 16:58:21 2022 +0200
secur32: Simplify nego_AcquireCredentialsHandleA() and fix an invalid free.
---
dlls/secur32/negotiate.c | 69 +++++++++++++-----------------------------------
1 file changed, 19 insertions(+), 50 deletions(-)
diff --git a/dlls/secur32/negotiate.c b/dlls/secur32/negotiate.c
index d01419ce9c7..a63e458750f 100644
--- a/dlls/secur32/negotiate.c
+++ b/dlls/secur32/negotiate.c
@@ -117,8 +117,9 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
{
SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
- SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
- SEC_WINNT_AUTH_IDENTITY_W *identityW = NULL;
+ SEC_WCHAR *package = NULL;
+ SEC_WINNT_AUTH_IDENTITY_A *id = pAuthData;
+ SEC_WINNT_AUTH_IDENTITY_W idW = {};
TRACE("%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p\n",
debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
@@ -130,60 +131,28 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
if (!(package = malloc( package_len * sizeof(SEC_WCHAR) ))) return SEC_E_INSUFFICIENT_MEMORY;
MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, package, package_len );
}
- if (pAuthData)
+ if (id && id->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
{
- SEC_WINNT_AUTH_IDENTITY_A *identity = pAuthData;
- int user_len, domain_len, passwd_len;
+ idW.UserLength = MultiByteToWideChar( CP_ACP, 0, (const char *)id->User, id->UserLength, NULL, 0 );
+ if (!(idW.User = malloc( idW.UserLength * sizeof(SEC_WCHAR) ))) goto done;
+ MultiByteToWideChar( CP_ACP, 0, (const char *)id->User, id->UserLength, idW.User, idW.UserLength );
- if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
- {
- if (!(identityW = malloc( sizeof(*identityW) ))) goto done;
-
- if (!identity->UserLength) user_len = 0;
- else
- {
- user_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User,
- identity->UserLength, NULL, 0 );
- if (!(user = malloc( user_len * sizeof(SEC_WCHAR) ))) goto done;
- MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User, identity->UserLength,
- user, user_len );
- }
- if (!identity->DomainLength) domain_len = 0;
- else
- {
- domain_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain,
- identity->DomainLength, NULL, 0 );
- if (!(domain = malloc( domain_len * sizeof(SEC_WCHAR) ))) goto done;
- MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain, identity->DomainLength,
- domain, domain_len );
- }
- if (!identity->PasswordLength) passwd_len = 0;
- else
- {
- passwd_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password,
- identity->PasswordLength, NULL, 0 );
- if (!(passwd = malloc( passwd_len * sizeof(SEC_WCHAR) ))) goto done;
- MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password, identity->PasswordLength,
- passwd, passwd_len );
- }
- identityW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
- identityW->User = user;
- identityW->UserLength = user_len;
- identityW->Domain = domain;
- identityW->DomainLength = domain_len;
- identityW->Password = passwd;
- identityW->PasswordLength = passwd_len;
- }
- else identityW = (SEC_WINNT_AUTH_IDENTITY_W *)identity;
+ idW.DomainLength = MultiByteToWideChar( CP_ACP, 0, (const char *)id->Domain, id->DomainLength, NULL, 0 );
+ if (!(idW.Domain = malloc( idW.DomainLength * sizeof(SEC_WCHAR) ))) goto done;
+ MultiByteToWideChar( CP_ACP, 0, (const char *)id->Domain, id->DomainLength, idW.Domain, idW.DomainLength );
+
+ idW.PasswordLength = MultiByteToWideChar( CP_ACP, 0, (const char *)id->Password, id->PasswordLength, NULL, 0 );
+ if (!(idW.Password = malloc( idW.PasswordLength * sizeof(SEC_WCHAR) ))) goto done;
+ MultiByteToWideChar( CP_ACP, 0, (const char *)id->Password, id->PasswordLength, idW.Password, idW.PasswordLength );
+
+ idW.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
+ pAuthData = &idW;
}
- ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, identityW,
+
+ ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, pAuthData,
pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry );
done:
free( package );
- free( user );
- free( domain );
- free( passwd );
- free( identityW );
return ret;
}
More information about the wine-cvs
mailing list