From a3a4e9afa9e8abb6e70ba2e06c093d606181efef Mon Sep 17 00:00:00 2001 From: Norbert Federa Date: Wed, 1 Feb 2012 17:58:06 +0100 Subject: [PATCH] core: fixed segfault caused by double free of password_cookie blob --- libfreerdp-core/connection.c | 5 ++--- libfreerdp-core/info.c | 8 ++++++-- libfreerdp-core/redirection.c | 9 ++++----- libfreerdp-core/redirection.h | 2 +- libfreerdp-core/settings.c | 3 --- 5 files changed, 13 insertions(+), 14 deletions(-) diff --git a/libfreerdp-core/connection.c b/libfreerdp-core/connection.c index 5fd630730..0cf06dfc1 100644 --- a/libfreerdp-core/connection.c +++ b/libfreerdp-core/connection.c @@ -82,7 +82,7 @@ boolean rdp_client_connect(rdpRdp* rdp) if ((selectedProtocol & PROTOCOL_TLS) || (selectedProtocol == PROTOCOL_RDP)) { - if ((settings->username != NULL) && ((settings->password != NULL) || (settings->password_cookie->length > 0))) + if ((settings->username != NULL) && ((settings->password != NULL) || (settings->password_cookie != NULL && settings->password_cookie->length > 0))) settings->autologon = true; } @@ -177,8 +177,7 @@ boolean rdp_client_redirect(rdpRdp* rdp) if (redirection->flags & LB_PASSWORD) { - freerdp_blob_free(settings->password_cookie); - settings->password_cookie = redirection->password_cookie; + settings->password_cookie = &redirection->password_cookie; } return rdp_client_connect(rdp); diff --git a/libfreerdp-core/info.c b/libfreerdp-core/info.c index 0bce3d2c6..00f8c1906 100644 --- a/libfreerdp-core/info.c +++ b/libfreerdp-core/info.c @@ -477,6 +477,7 @@ void rdp_write_info_packet(STREAM* s, rdpSettings* settings) uint16 cbAlternateShell; uint8* workingDir; uint16 cbWorkingDir; + boolean usedPasswordCookie = false; flags = INFO_MOUSE | INFO_UNICODE | @@ -505,8 +506,9 @@ void rdp_write_info_packet(STREAM* s, rdpSettings* settings) userName = (uint8*)freerdp_uniconv_out(settings->uniconv, settings->username, &length); cbUserName = length; - if (settings->password_cookie->length > 0) + if (settings->password_cookie && settings->password_cookie->length > 0) { + usedPasswordCookie = true; password = (uint8*)settings->password_cookie->data; cbPassword = settings->password_cookie->length - 2; } @@ -553,10 +555,12 @@ void rdp_write_info_packet(STREAM* s, rdpSettings* settings) xfree(domain); xfree(userName); - xfree(password); xfree(alternateShell); xfree(workingDir); + if (!usedPasswordCookie) + xfree(password); + if (settings->rdp_version >= 5) rdp_write_extended_info_packet(s, settings); /* extraInfo */ } diff --git a/libfreerdp-core/redirection.c b/libfreerdp-core/redirection.c index 4a5ce4247..113c65a9e 100644 --- a/libfreerdp-core/redirection.c +++ b/libfreerdp-core/redirection.c @@ -106,13 +106,12 @@ boolean rdp_recv_server_redirection_pdu(rdpRdp* rdp, STREAM* s) { uint32 passwordLength; stream_read_uint32(s, passwordLength); - redirection->password_cookie = xnew(rdpBlob); - freerdp_blob_alloc(redirection->password_cookie, passwordLength); - stream_read(s, redirection->password_cookie->data, passwordLength); + freerdp_blob_alloc(&redirection->password_cookie, passwordLength); + stream_read(s, redirection->password_cookie.data, passwordLength); #ifdef WITH_DEBUG_REDIR DEBUG_REDIR("password_cookie:"); - freerdp_hexdump(redirection->password_cookie->data, redirection->password_cookie->length); + freerdp_hexdump(redirection->password_cookie.data, redirection->password_cookie.length); #endif } @@ -203,7 +202,7 @@ void redirection_free(rdpRedirection* redirection) freerdp_string_free(&redirection->tsvUrl); freerdp_string_free(&redirection->username); freerdp_string_free(&redirection->domain); - freerdp_blob_free(redirection->password_cookie); + freerdp_blob_free(&redirection->password_cookie); freerdp_string_free(&redirection->targetFQDN); freerdp_string_free(&redirection->targetNetBiosName); freerdp_string_free(&redirection->targetNetAddress); diff --git a/libfreerdp-core/redirection.h b/libfreerdp-core/redirection.h index 165a5ced7..efbb13d20 100644 --- a/libfreerdp-core/redirection.h +++ b/libfreerdp-core/redirection.h @@ -50,7 +50,7 @@ struct rdp_redirection rdpString tsvUrl; rdpString username; rdpString domain; - rdpBlob* password_cookie; + rdpBlob password_cookie; rdpString targetFQDN; rdpBlob loadBalanceInfo; rdpString targetNetBiosName; diff --git a/libfreerdp-core/settings.c b/libfreerdp-core/settings.c index 946940b91..fbac191b7 100644 --- a/libfreerdp-core/settings.c +++ b/libfreerdp-core/settings.c @@ -172,7 +172,6 @@ rdpSettings* settings_new(void* instance) settings->server_auto_reconnect_cookie = xnew(ARC_SC_PRIVATE_PACKET); settings->client_time_zone = xnew(TIME_ZONE_INFO); - settings->password_cookie = xnew(rdpBlob); settings->server_random = xnew(rdpBlob); settings->server_certificate = xnew(rdpBlob); @@ -190,8 +189,6 @@ void settings_free(rdpSettings* settings) xfree(settings->hostname); xfree(settings->username); xfree(settings->password); - freerdp_blob_free(settings->password_cookie); - xfree(settings->password_cookie); xfree(settings->domain); xfree(settings->shell); xfree(settings->directory);