File freerdp-CVE-2022-24883.patch of Package freerdp.27686
From e6d662f00edc1cee6735db6807975991440a79ba Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Fri, 22 Apr 2022 14:42:11 +0200
Subject: [PATCH] Cleaned up ntlm_fetch_ntlm_v2_hash
---
winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 63 +++++++++++--------------
1 file changed, 27 insertions(+), 36 deletions(-)
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
index dbd7f7fb0..caaf3fbb9 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@@ -206,59 +206,50 @@ void ntlm_generate_timestamp(NTLM_CONTEXT* context)
ntlm_current_time(context->Timestamp);
}
-static int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
+static BOOL ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
{
- WINPR_SAM* sam;
- WINPR_SAM_ENTRY* entry;
- SSPI_CREDENTIALS* credentials = context->credentials;
+ BOOL rc = FALSE;
+ WINPR_SAM* sam = NULL;
+ WINPR_SAM_ENTRY* entry = NULL;
+ SSPI_CREDENTIALS* credentials;
+
+ credentials = context->credentials;
sam = SamOpen(context->SamFile, TRUE);
if (!sam)
- return -1;
+ goto fail;
entry = SamLookupUserW(
- sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * 2,
- (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * 2);
+ sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * sizeof(WCHAR),
+ (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * sizeof(WCHAR));
- if (entry)
+ if (!entry)
{
-#ifdef WITH_DEBUG_NTLM
- WLog_DBG(TAG, "NTLM Hash:");
- winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
-#endif
- NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
- credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
- credentials->identity.DomainLength * 2, (BYTE*)hash);
- SamFreeEntry(sam, entry);
- SamClose(sam);
- return 1;
+ entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
+ credentials->identity.UserLength * sizeof(WCHAR), NULL, 0);
}
- entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
- credentials->identity.UserLength * 2, NULL, 0);
+ if (!entry)
+ goto fail;
- if (entry)
- {
#ifdef WITH_DEBUG_NTLM
WLog_DBG(TAG, "NTLM Hash:");
winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
#endif
- NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
- credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
- credentials->identity.DomainLength * 2, (BYTE*)hash);
- SamFreeEntry(sam, entry);
- SamClose(sam);
- return 1;
- }
- else
- {
- SamClose(sam);
- WLog_ERR(TAG, "Error: Could not find user in SAM database");
- return 0;
- }
+ NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
+ credentials->identity.UserLength * sizeof(WCHAR),
+ (LPWSTR)credentials->identity.Domain,
+ credentials->identity.DomainLength * sizeof(WCHAR), (BYTE*)hash);
+
+ rc = TRUE;
+fail:
+ SamFreeEntry(sam, entry);
SamClose(sam);
- return 1;
+ if (!rc)
+ WLog_ERR(TAG, "Error: Could not find user in SAM database");
+
+ return rc;
}
static int ntlm_convert_password_hash(NTLM_CONTEXT* context, BYTE* hash)
--
2.26.2