Hans Leidekker : kerberos: Allocate a buffer for the package info structure in kerberos_SpQueryContextAttributes. - wine-commits

8 Feb 2018

Module: wine
Branch: master
Commit: c6e607ff1f9219b9c3209e3490f6c954e40f9277
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=c6e607ff1f9219b9c3209e349...
Author: Hans Leidekker hans@codeweavers.com
Date:   Thu Feb  8 11:53:59 2018 +0100
kerberos: Allocate a buffer for the package info structure in kerberos_SpQueryContextAttributes.
Signed-off-by: Hans Leidekker hans@codeweavers.com
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/kerberos/krb5_ap.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index e4011ff..767a86e 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -46,6 +46,7 @@
 #include "wine/heap.h"
 #include "wine/library.h"
 #include "wine/debug.h"
+#include "wine/unicode.h"
WINE_DEFAULT_DEBUG_CHANNEL(kerberos);
@@ -1059,6 +1060,24 @@ static NTSTATUS NTAPI kerberos_SpDeleteContext( LSA_SEC_HANDLE context )
 #endif
 }
+static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )
+{
+    SecPkgInfoW *ret;
+    DWORD size_name = (strlenW(info->Name) + 1) * sizeof(WCHAR);
+    DWORD size_comment = (strlenW(info->Comment) + 1) * sizeof(WCHAR);
+
+    if (!(ret = heap_alloc( sizeof(*ret) + size_name + size_comment ))) return NULL;
+    ret->fCapabilities = info->fCapabilities;
+    ret->wVersion      = info->wVersion;
+    ret->wRPCID        = info->wRPCID;
+    ret->cbMaxToken    = info->cbMaxToken;
+    ret->Name          = (SEC_WCHAR *)(ret + 1);
+    memcpy( ret->Name, info->Name, size_name );
+    ret->Comment       = (SEC_WCHAR *)((char *)ret->Name + size_name);
+    memcpy( ret->Comment, info->Comment, size_comment );
+    return ret;
+}
+
 static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, ULONG attribute, void *buffer )
 {
     TRACE( "(%lx %u %p)\n", context, attribute, buffer );
@@ -1103,7 +1122,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
     case SECPKG_ATTR_NEGOTIATION_INFO:
     {
         SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)buffer;
-        info->PackageInfo      = (SecPkgInfoW *)&infoW;
+        if (!(info->PackageInfo = build_package_info( &infoW ))) return SEC_E_INSUFFICIENT_MEMORY;
         info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
         return SEC_E_OK;
     }

    