diff --git a/winpr/libwinpr/path/path.c b/winpr/libwinpr/path/path.c index 1fdf64aa1..00548ce96 100644 --- a/winpr/libwinpr/path/path.c +++ b/winpr/libwinpr/path/path.c @@ -727,7 +727,9 @@ HRESULT PathCchStripPrefixA(PSTR pszPath, size_t cchPath) if (IsCharAlpha(pszPath[4]) && (pszPath[5] == ':')) /* like C: */ { - memmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4); + if (memmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4) < 0) + return HRESULT_FROM_WIN32(ERROR_INVALID_DATA); + /* since the passed pszPath must not necessarily be null terminated * and we always have enough space after the strip we can always * ensure the null termination of the stripped result @@ -764,7 +766,8 @@ HRESULT PathCchStripPrefixW(PWSTR pszPath, size_t cchPath) if (IsCharAlphaW(pszPath[4]) && (pszPath[5] == L':')) /* like C: */ { - wmemmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4); + if (wmemmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4) < 0) + return HRESULT_FROM_WIN32(ERROR_INVALID_DATA); /* since the passed pszPath must not necessarily be null terminated * and we always have enough space after the strip we can always * ensure the null termination of the stripped result diff --git a/winpr/libwinpr/sspi/NTLM/ntlm.c b/winpr/libwinpr/sspi/NTLM/ntlm.c index 0bebe7468..759712c92 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm.c @@ -1122,18 +1122,29 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */ WINPR_HMAC_CTX* hmac = winpr_HMAC_New(); - if (hmac && - winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH)) + BOOL success = FALSE; { + if (!hmac) + goto hmac_fail; + if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH)) + goto hmac_fail; + winpr_Data_Write_UINT32(&value, SeqNo); - winpr_HMAC_Update(hmac, (void*)&value, 4); - winpr_HMAC_Update(hmac, data, length); - winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH); - winpr_HMAC_Free(hmac); + + if (!winpr_HMAC_Update(hmac, (void*)&value, 4)) + goto hmac_fail; + if (!winpr_HMAC_Update(hmac, data, length)) + goto hmac_fail; + if (!winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH)) + goto hmac_fail; } - else + + success = TRUE; + +hmac_fail: + winpr_HMAC_Free(hmac); + if (!success) { - winpr_HMAC_Free(hmac); free(data); return SEC_E_INSUFFICIENT_MEMORY; } @@ -1142,8 +1153,14 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, if ((data_buffer->BufferType & SECBUFFER_READONLY) == 0) { if (context->confidentiality) - winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*)data, - (BYTE*)data_buffer->pvBuffer); + { + if (!winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*)data, + (BYTE*)data_buffer->pvBuffer)) + { + free(data); + return SEC_E_INSUFFICIENT_MEMORY; + } + } else CopyMemory(data_buffer->pvBuffer, data, length); } @@ -1156,7 +1173,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, #endif free(data); /* RC4-encrypt first 8 bytes of digest */ - winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum); + if (!winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum)) + return SEC_E_INSUFFICIENT_MEMORY; if ((signature_buffer->BufferType & SECBUFFER_READONLY) == 0) { BYTE* signature = signature_buffer->pvBuffer; @@ -1222,18 +1240,29 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSec /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */ WINPR_HMAC_CTX* hmac = winpr_HMAC_New(); - if (hmac && - winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH)) + BOOL success = FALSE; { + if (!hmac) + goto hmac_fail; + + if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH)) + goto hmac_fail; + winpr_Data_Write_UINT32(&value, SeqNo); - winpr_HMAC_Update(hmac, (void*)&value, 4); - winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer); - winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH); - winpr_HMAC_Free(hmac); + + if (!winpr_HMAC_Update(hmac, (void*)&value, 4)) + goto hmac_fail; + if (!winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer)) + goto hmac_fail; + if (!winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH)) + goto hmac_fail; + + success = TRUE; } - else +hmac_fail: + winpr_HMAC_Free(hmac); + if (!success) { - winpr_HMAC_Free(hmac); free(data); return SEC_E_INSUFFICIENT_MEMORY; } @@ -1246,7 +1275,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSec #endif free(data); /* RC4-encrypt first 8 bytes of digest */ - winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum); + if (!winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum)) + return SEC_E_MESSAGE_ALTERED; + /* Concatenate version, ciphertext and sequence number to build signature */ winpr_Data_Write_UINT32(expected_signature, version); CopyMemory(&expected_signature[4], (void*)checksum, 8); @@ -1308,7 +1339,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, if (!winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH)) goto fail; - winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum); + if (!winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum)) + goto fail; BYTE* signature = sig_buffer->pvBuffer; winpr_Data_Write_UINT32(signature, 1L); diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c index 527adc0f6..f36386d1c 100644 --- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c +++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c @@ -530,8 +530,10 @@ SECURITY_STATUS ntlm_compute_lm_v2_response(NTLM_CONTEXT* context) response = (BYTE*)context->LmChallengeResponse.pvBuffer; /* Compute the HMAC-MD5 hash of the resulting value using the NTLMv2 hash as the key */ - winpr_HMAC(WINPR_MD_MD5, (void*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, (BYTE*)value, - WINPR_MD5_DIGEST_LENGTH, response, WINPR_MD5_DIGEST_LENGTH); + if (!winpr_HMAC(WINPR_MD_MD5, (void*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, (BYTE*)value, + WINPR_MD5_DIGEST_LENGTH, response, WINPR_MD5_DIGEST_LENGTH)) + return SEC_E_ALGORITHM_MISMATCH; + /* Concatenate the resulting HMAC-MD5 hash and the client challenge, giving us the LMv2 response * (24 bytes) */ CopyMemory(&response[16], context->ClientChallenge, 8); @@ -593,9 +595,10 @@ SECURITY_STATUS ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context) BYTE* blob = (BYTE*)ntlm_v2_temp_chal.pvBuffer; CopyMemory(blob, context->ServerChallenge, 8); CopyMemory(&blob[8], ntlm_v2_temp.pvBuffer, ntlm_v2_temp.cbBuffer); - winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, - (BYTE*)ntlm_v2_temp_chal.pvBuffer, ntlm_v2_temp_chal.cbBuffer, - context->NtProofString, WINPR_MD5_DIGEST_LENGTH); + if (!winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, + (BYTE*)ntlm_v2_temp_chal.pvBuffer, ntlm_v2_temp_chal.cbBuffer, + context->NtProofString, WINPR_MD5_DIGEST_LENGTH)) + goto exit; } /* NtChallengeResponse, Concatenate NTProofStr with temp */ @@ -609,9 +612,10 @@ SECURITY_STATUS ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context) CopyMemory(&blob[16], ntlm_v2_temp.pvBuffer, ntlm_v2_temp.cbBuffer); } /* Compute SessionBaseKey, the HMAC-MD5 hash of NTProofStr using the NTLMv2 hash as the key */ - winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, - context->NtProofString, WINPR_MD5_DIGEST_LENGTH, context->SessionBaseKey, - WINPR_MD5_DIGEST_LENGTH); + if (!winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, + context->NtProofString, WINPR_MD5_DIGEST_LENGTH, context->SessionBaseKey, + WINPR_MD5_DIGEST_LENGTH)) + goto exit; ret = SEC_E_OK; exit: sspi_SecBufferFree(&ntlm_v2_temp); diff --git a/winpr/libwinpr/utils/collections/ArrayList.c b/winpr/libwinpr/utils/collections/ArrayList.c index a3e1e978e..98b8d55ec 100644 --- a/winpr/libwinpr/utils/collections/ArrayList.c +++ b/winpr/libwinpr/utils/collections/ArrayList.c @@ -350,7 +350,7 @@ BOOL ArrayList_Insert(wArrayList* arrayList, size_t index, const void* obj) } else { - ArrayList_SetItem(arrayList, index, obj); + ret = ArrayList_SetItem(arrayList, index, obj); } } diff --git a/winpr/libwinpr/utils/collections/MessageQueue.c b/winpr/libwinpr/utils/collections/MessageQueue.c index 5f16f93c1..299fa1f49 100644 --- a/winpr/libwinpr/utils/collections/MessageQueue.c +++ b/winpr/libwinpr/utils/collections/MessageQueue.c @@ -103,6 +103,7 @@ BOOL MessageQueue_Wait(wMessageQueue* queue) static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count) { + BOOL res = TRUE; const size_t increment = 128; WINPR_ASSERT(queue); @@ -147,8 +148,8 @@ static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count) { const size_t remain = queue->tail - batch; const size_t movesize = remain * sizeof(wMessage); - memmove_s(queue->array, queue->tail * sizeof(wMessage), &queue->array[batch], - movesize); + res = memmove_s(queue->array, queue->tail * sizeof(wMessage), &queue->array[batch], + movesize) >= 0; const size_t zerooffset = remain; const size_t zerosize = (queue->tail - remain) * sizeof(wMessage); @@ -158,7 +159,7 @@ static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count) } } - return TRUE; + return res; } BOOL MessageQueue_Dispatch(wMessageQueue* queue, const wMessage* message) diff --git a/winpr/libwinpr/utils/collections/Queue.c b/winpr/libwinpr/utils/collections/Queue.c index 50c08e5a0..a0d7f503e 100644 --- a/winpr/libwinpr/utils/collections/Queue.c +++ b/winpr/libwinpr/utils/collections/Queue.c @@ -188,6 +188,7 @@ BOOL Queue_Contains(wQueue* queue, const void* obj) static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count) { + BOOL res = TRUE; const size_t blocksize = 32ull; WINPR_ASSERT(queue); @@ -239,8 +240,8 @@ static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count) { const size_t remain = queue->tail - batch; const size_t movesize = remain * sizeof(uintptr_t); - memmove_s(queue->array, queue->tail * sizeof(uintptr_t), &queue->array[batch], - movesize); + res = memmove_s(queue->array, queue->tail * sizeof(uintptr_t), &queue->array[batch], + movesize) >= 0; const size_t zerooffset = remain; const size_t zerosize = (queue->tail - remain) * sizeof(uintptr_t); @@ -249,7 +250,7 @@ static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count) } } } - return TRUE; + return res; } /**