Changeset 66260 in vbox for trunk/src/VBox/Additions

Timestamp:

Mar 27, 2017 9:58:43 AM (8 years ago)

Author:

vboxsync

Message:

Windows Additions/VBoxCredProv: Zero KERB_INTERACTIVE_UNLOCK_LOGON and check for string lengths in kerberosLogonSerialize().

File:

• trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredProvCredential.cpp (modified) (2 diffs)

trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredProvCredential.cpp

@@ -318 +318 @@
      */
     DWORD cbLogon = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON)
-                  + pLogonIn->LogonDomainName.Length +
-                  + pLogonIn->UserName.Length +
+                  + pLogonIn->LogonDomainName.Length
+                  + pLogonIn->UserName.Length
                   + pLogonIn->Password.Length;
 
-#ifdef DEBUG
-    VBoxCredProvVerbose(3, "VBoxCredProvCredential::AllocateLogonPackage: Allocating %ld bytes (%d bytes credentials)\n",
+    VBoxCredProvVerbose(3, "VBoxCredProvCredential::AllocateLogonPackage: Allocating %ld bytes (%zu bytes credentials)\n",
                         cbLogon, cbLogon - sizeof(KERB_INTERACTIVE_UNLOCK_LOGON));
-#endif
 
     KERB_INTERACTIVE_UNLOCK_LOGON *pLogon = (KERB_INTERACTIVE_UNLOCK_LOGON*)CoTaskMemAlloc(cbLogon);
     if (!pLogon)
         return E_OUTOFMEMORY;
+
+    /* Make sure to zero everything first. */
+    RT_BZERO(pLogon, cbLogon);
 
     /* Let our byte buffer point to the end of our allocated structure so that it can
@@ -339 +340 @@
      * string content but a relative offset starting at the given
      * KERB_INTERACTIVE_UNLOCK_LOGON structure. */
-#define KERB_CRED_INIT_PACKED(StringDst, StringSrc, LogonOffset)         \
-    StringDst.Length         = StringSrc.Length;                         \
-    StringDst.MaximumLength  = StringSrc.Length;                         \
-    StringDst.Buffer         = (PWSTR)pbBuffer;                          \
-    memcpy(StringDst.Buffer, StringSrc.Buffer, StringDst.Length);        \
-    StringDst.Buffer         = (PWSTR)(pbBuffer - (PBYTE)LogonOffset);   \
-    pbBuffer                += StringDst.Length;
-
-    RT_BZERO(&pLogon->LogonId, sizeof(LUID));
+#define KERB_CRED_INIT_PACKED(StringDst, StringSrc, LogonOffset)             \
+    StringDst.Length         = StringSrc.Length;                             \
+    StringDst.MaximumLength  = StringSrc.Length;                             \
+    if (StringDst.Length)                                                    \
+    {                                                                        \
+        StringDst.Buffer         = (PWSTR)pbBuffer;                          \
+        memcpy(StringDst.Buffer, StringSrc.Buffer, StringDst.Length);        \
+        StringDst.Buffer         = (PWSTR)(pbBuffer - (PBYTE)LogonOffset);   \
+        pbBuffer                += StringDst.Length;                         \
+    }
 
     KERB_INTERACTIVE_LOGON *pLogonOut = &pLogon->Logon;
+
     pLogonOut->MessageType = pLogonIn->MessageType;