[PATCH 0/1] MR8246: msv1_0: Perform NULL check before looking for a buffer of particular type.
From: Dmitry Timoshkov <dmitry(a)baikal.ru> This is a regression introduced by 4069a4f58a6c268abf5a4f62c84fb6e90125d0ca. Signed-off-by: Dmitry Timoshkov <dmitry(a)baikal.ru> --- dlls/msv1_0/main.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/dlls/msv1_0/main.c b/dlls/msv1_0/main.c index b5aa4e8d445..37b564ae88e 100644 --- a/dlls/msv1_0/main.c +++ b/dlls/msv1_0/main.c @@ -1539,9 +1539,7 @@ static NTSTATUS NTAPI ntlm_SpSealMessage( LSA_SEC_HANDLE handle, ULONG qop, SecB static NTSTATUS NTAPI ntlm_SpUnsealMessage( LSA_SEC_HANDLE handle, SecBufferDesc *msg, ULONG msg_seq_no, ULONG *qop ) { - int data_idx = get_buffer_index( msg, SECBUFFER_DATA ); - int stream_idx = get_buffer_index( msg, SECBUFFER_STREAM ); - int token_idx = get_buffer_index( msg, SECBUFFER_TOKEN ); + int data_idx, stream_idx, token_idx; SecBuffer token_buf; struct ntlm_ctx *ctx; @@ -1550,8 +1548,14 @@ static NTSTATUS NTAPI ntlm_SpUnsealMessage( LSA_SEC_HANDLE handle, SecBufferDesc if (!handle) return SEC_E_INVALID_HANDLE; - if (!msg || !msg->pBuffers || msg->cBuffers < 2 || (token_idx == -1 && stream_idx == -1) || - (stream_idx != -1 && token_idx != -1) || data_idx == -1) return SEC_E_INVALID_TOKEN; + if (!msg || !msg->pBuffers || msg->cBuffers < 2) return SEC_E_INVALID_TOKEN; + + data_idx = get_buffer_index( msg, SECBUFFER_DATA ); + stream_idx = get_buffer_index( msg, SECBUFFER_STREAM ); + token_idx = get_buffer_index( msg, SECBUFFER_TOKEN ); + + if ((token_idx == -1 && stream_idx == -1) || (stream_idx != -1 && token_idx != -1) || data_idx == -1) + return SEC_E_INVALID_TOKEN; if (stream_idx != -1) { -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/8246
participants (2)
-
Dmitry Timoshkov -
Dmitry Timoshkov (@dmitry)