morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-14 16:34:18 +09:00
Code Issues Packages Projects Releases Wiki Activity

[winpr,sspi] fix av pair checks

Browse Source 
* check value range of av pair value
* cast to proper type when calling ntlm_av_pair_add
This commit is contained in:
akallabeth
2026-01-09 09:11:38 +01:00
parent 778276caff
commit 91cd43ea7c
1 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c
View File

@@ -283,6 +283,27 @@ static BOOL ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList, NTL
return ntlm_av_pair_list_init(pAvPair, cbAvPair);
}
static BOOL ntlm_av_pair_valid(UINT16 pair)
{
switch (pair)
{
case MsvAvEOL:
case MsvAvNbComputerName:
case MsvAvNbDomainName:
case MsvAvDnsComputerName:
case MsvAvDnsDomainName:
case MsvAvDnsTreeName:
case MsvAvFlags:
case MsvAvTimestamp:
case MsvAvSingleHost:
case MsvAvTargetName:
case MsvAvChannelBindings:
return TRUE;
default:
return FALSE;
}
}
static BOOL ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList,
NTLM_AV_PAIR* pAvPair, size_t cbAvPair)
{
@@ -298,8 +319,11 @@ static BOOL ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList
if (!ntlm_av_pair_get_len(pAvPair, cbAvPair, &avLen))
return FALSE;
if (!ntlm_av_pair_valid(pair))
return FALSE;
WINPR_ASSERT(avLen <= UINT16_MAX);
return ntlm_av_pair_add(pAvPairList, cbAvPairList, pair,
return ntlm_av_pair_add(pAvPairList, cbAvPairList, WINPR_ASSERTING_INT_CAST(NTLM_AV_ID, pair),
ntlm_av_pair_get_value_pointer(pAvPair), (UINT16)avLen);
}