File freerdp-CVE-2022-24883.patch of Package freerdp.27686

From e6d662f00edc1cee6735db6807975991440a79ba Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Fri, 22 Apr 2022 14:42:11 +0200
Subject: [PATCH] Cleaned up ntlm_fetch_ntlm_v2_hash

---
 winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 63 +++++++++++--------------
 1 file changed, 27 insertions(+), 36 deletions(-)

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
index dbd7f7fb0..caaf3fbb9 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@@ -206,59 +206,50 @@ void ntlm_generate_timestamp(NTLM_CONTEXT* context)
 		ntlm_current_time(context->Timestamp);
 }
 
-static int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
+static BOOL ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
 {
-	WINPR_SAM* sam;
-	WINPR_SAM_ENTRY* entry;
-	SSPI_CREDENTIALS* credentials = context->credentials;
+	BOOL rc = FALSE;
+	WINPR_SAM* sam = NULL;
+	WINPR_SAM_ENTRY* entry = NULL;
+	SSPI_CREDENTIALS* credentials;
+
+	credentials = context->credentials;
 	sam = SamOpen(context->SamFile, TRUE);
 
 	if (!sam)
-		return -1;
+		goto fail;
 
 	entry = SamLookupUserW(
-	    sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * 2,
-	    (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * 2);
+	    sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * sizeof(WCHAR),
+	    (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * sizeof(WCHAR));
 
-	if (entry)
+	if (!entry)
 	{
-#ifdef WITH_DEBUG_NTLM
-		WLog_DBG(TAG, "NTLM Hash:");
-		winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
-#endif
-		NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
-		                 credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
-		                 credentials->identity.DomainLength * 2, (BYTE*)hash);
-		SamFreeEntry(sam, entry);
-		SamClose(sam);
-		return 1;
+		entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
+		                       credentials->identity.UserLength * sizeof(WCHAR), NULL, 0);
 	}
 
-	entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
-	                       credentials->identity.UserLength * 2, NULL, 0);
+	if (!entry)
+		goto fail;
 
-	if (entry)
-	{
 #ifdef WITH_DEBUG_NTLM
 		WLog_DBG(TAG, "NTLM Hash:");
 		winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
 #endif
-		NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
-		                 credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
-		                 credentials->identity.DomainLength * 2, (BYTE*)hash);
-		SamFreeEntry(sam, entry);
-		SamClose(sam);
-		return 1;
-	}
-	else
-	{
-		SamClose(sam);
-		WLog_ERR(TAG, "Error: Could not find user in SAM database");
-		return 0;
-	}
+	    NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
+	                     credentials->identity.UserLength * sizeof(WCHAR),
+	                     (LPWSTR)credentials->identity.Domain,
+	                     credentials->identity.DomainLength * sizeof(WCHAR), (BYTE*)hash);
+
+	    rc = TRUE;
 
+fail:
+	SamFreeEntry(sam, entry);
 	SamClose(sam);
-	return 1;
+	if (!rc)
+		WLog_ERR(TAG, "Error: Could not find user in SAM database");
+
+	return rc;
 }
 
 static int ntlm_convert_password_hash(NTLM_CONTEXT* context, BYTE* hash)
-- 
2.26.2

openSUSE Build Service is sponsored by