Skip to content

Commit 26b3b6b

Browse files
simo5simo5
committed
Fix segfault in sign/seal functions
Signed-off-by: Simo Sorce <[email protected]>
1 parent a14a996 commit 26b3b6b

File tree

2 files changed

+97
-59
lines changed

2 files changed

+97
-59
lines changed

src/ntlm_crypto.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -867,6 +867,11 @@ int ntlm_seal(uint32_t flags,
867867

868868
h = &state->send;
869869

870+
if (!(flags & NTLMSSP_NEGOTIATE_SEAL) ||
871+
(h->seal_handle == NULL)) {
872+
return ENOTSUP;
873+
}
874+
870875
ret = RC4_UPDATE(h->seal_handle, message, output);
871876
if (ret) return ret;
872877

@@ -904,6 +909,11 @@ int ntlm_unseal(uint32_t flags,
904909
h = &state->recv;
905910
}
906911

912+
if (!(flags & NTLMSSP_NEGOTIATE_SEAL) ||
913+
(h->seal_handle == NULL)) {
914+
return ENOTSUP;
915+
}
916+
907917
ret = RC4_UPDATE(h->seal_handle, message, output);
908918
if (ret) return ret;
909919

tests/ntlmssptest.c

Lines changed: 87 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -1721,71 +1721,99 @@ int test_gssapi_1(bool user_env_file, bool use_cb, bool no_seal)
17211721

17221722
gss_release_buffer(&retmin, &srv_token);
17231723

1724-
retmaj = gssntlm_wrap(&retmin, cli_ctx, 1, 0, &message, &conf_state,
1725-
&cli_token);
1726-
if (retmaj != GSS_S_COMPLETE) {
1727-
print_gss_error("gssntlm_wrap(cli) failed!",
1728-
retmaj, retmin);
1729-
ret = EINVAL;
1730-
goto done;
1731-
}
1732-
if (conf_state == 0) {
1733-
fprintf(stderr, "WARN: gssntlm_wrap(cli) returned 0 conf_state!\n");
1734-
fflush(stderr);
1735-
}
1724+
if (no_seal) {
1725+
retmaj = gssntlm_wrap(&retmin, cli_ctx, 1, 0, &message, NULL,
1726+
&cli_token);
1727+
if ((retmaj != GSS_S_FAILURE) && (retmin != ENOTSUP)) {
1728+
fprintf(stderr, "WARN: gssntlm_wrap(cli) did not fail!\n");
1729+
fflush(stderr);
1730+
ret = EINVAL;
1731+
goto done;
1732+
}
17361733

1737-
retmaj = gssntlm_unwrap(&retmin, srv_ctx,
1738-
&cli_token, &srv_token, &conf_state, NULL);
1739-
if (retmaj != GSS_S_COMPLETE) {
1740-
print_gss_error("gssntlm_unwrap(srv) failed!",
1741-
retmaj, retmin);
1742-
ret = EINVAL;
1743-
goto done;
1744-
}
1745-
if (conf_state == 0) {
1746-
fprintf(stderr, "WARN: gssntlm_wrap(srv) returned 0 conf_state!\n");
1747-
fflush(stderr);
1748-
}
1734+
retmaj = gssntlm_wrap(&retmin, srv_ctx, 1, 0, &message, NULL,
1735+
&srv_token);
1736+
if ((retmaj != GSS_S_FAILURE) && (retmin != ENOTSUP)) {
1737+
fprintf(stderr, "WARN: gssntlm_wrap(srv) did not fail!\n");
1738+
fflush(stderr);
1739+
ret = EINVAL;
1740+
goto done;
1741+
}
1742+
} else {
1743+
retmaj = gssntlm_wrap(&retmin, cli_ctx, 1, 0, &message, &conf_state,
1744+
&cli_token);
1745+
if (retmaj != GSS_S_COMPLETE) {
1746+
print_gss_error("gssntlm_wrap(cli) failed!",
1747+
retmaj, retmin);
1748+
ret = EINVAL;
1749+
goto done;
1750+
}
1751+
if (conf_state == 0) {
1752+
fprintf(stderr, "WARN: gssntlm_wrap(cli) gave 0 conf_state!\n");
1753+
fflush(stderr);
1754+
ret = EINVAL;
1755+
goto done;
1756+
}
17491757

1750-
gss_release_buffer(&retmin, &cli_token);
1751-
gss_release_buffer(&retmin, &srv_token);
1758+
retmaj = gssntlm_unwrap(&retmin, srv_ctx,
1759+
&cli_token, &srv_token, &conf_state, NULL);
1760+
if (retmaj != GSS_S_COMPLETE) {
1761+
print_gss_error("gssntlm_unwrap(srv) failed!",
1762+
retmaj, retmin);
1763+
ret = EINVAL;
1764+
goto done;
1765+
}
1766+
if (conf_state == 0) {
1767+
fprintf(stderr, "WARN: gssntlm_wrap(srv) gave 0 conf_state!\n");
1768+
fflush(stderr);
1769+
ret = EINVAL;
1770+
goto done;
1771+
}
17521772

1753-
retmaj = gssntlm_wrap(&retmin, srv_ctx, 1, 0, &message, &conf_state,
1754-
&srv_token);
1755-
if (retmaj != GSS_S_COMPLETE) {
1756-
print_gss_error("gssntlm_wrap(srv) failed!",
1757-
retmaj, retmin);
1758-
ret = EINVAL;
1759-
goto done;
1760-
}
1761-
if (conf_state == 0) {
1762-
fprintf(stderr, "WARN: gssntlm_wrap(srv) returned 0 conf_state!\n");
1763-
fflush(stderr);
1764-
}
1773+
gss_release_buffer(&retmin, &cli_token);
1774+
gss_release_buffer(&retmin, &srv_token);
17651775

1766-
retmaj = gssntlm_unwrap(&retmin, cli_ctx,
1767-
&srv_token, &cli_token, &conf_state, NULL);
1768-
if (retmaj != GSS_S_COMPLETE) {
1769-
print_gss_error("gssntlm_unwrap(cli) failed!",
1770-
retmaj, retmin);
1771-
ret = EINVAL;
1772-
goto done;
1773-
}
1774-
if (conf_state == 0) {
1775-
fprintf(stderr, "WARN: gssntlm_wrap(cli) returned 0 conf_state!\n");
1776-
fflush(stderr);
1777-
}
1776+
retmaj = gssntlm_wrap(&retmin, srv_ctx, 1, 0, &message, &conf_state,
1777+
&srv_token);
1778+
if (retmaj != GSS_S_COMPLETE) {
1779+
print_gss_error("gssntlm_wrap(srv) failed!",
1780+
retmaj, retmin);
1781+
ret = EINVAL;
1782+
goto done;
1783+
}
1784+
if (conf_state == 0) {
1785+
fprintf(stderr, "WARN: gssntlm_wrap(srv) gave 0 conf_state!\n");
1786+
fflush(stderr);
1787+
ret = EINVAL;
1788+
goto done;
1789+
}
17781790

1779-
if (memcmp(message.value, cli_token.value, cli_token.length) != 0) {
1780-
print_gss_error("sealing and unsealing failed to return the "
1781-
"same result",
1782-
retmaj, retmin);
1783-
ret = EINVAL;
1784-
goto done;
1785-
}
1791+
retmaj = gssntlm_unwrap(&retmin, cli_ctx,
1792+
&srv_token, &cli_token, &conf_state, NULL);
1793+
if (retmaj != GSS_S_COMPLETE) {
1794+
print_gss_error("gssntlm_unwrap(cli) failed!",
1795+
retmaj, retmin);
1796+
ret = EINVAL;
1797+
goto done;
1798+
}
1799+
if (conf_state == 0) {
1800+
fprintf(stderr, "WARN: gssntlm_wrap(cli) gave 0 conf_state!\n");
1801+
fflush(stderr);
1802+
ret = EINVAL;
1803+
goto done;
1804+
}
17861805

1787-
gss_release_buffer(&retmin, &cli_token);
1788-
gss_release_buffer(&retmin, &srv_token);
1806+
if (memcmp(message.value, cli_token.value, cli_token.length) != 0) {
1807+
print_gss_error("sealing and unsealing failed to return the "
1808+
"same result",
1809+
retmaj, retmin);
1810+
ret = EINVAL;
1811+
goto done;
1812+
}
1813+
1814+
gss_release_buffer(&retmin, &cli_token);
1815+
gss_release_buffer(&retmin, &srv_token);
1816+
}
17891817

17901818
gssntlm_release_name(&retmin, &gss_username);
17911819
gssntlm_release_name(&retmin, &gss_srvname);

0 commit comments

Comments
 (0)