[winpr] fix various return checks

winpr/libwinpr/path/path.c

@@ -727,7 +727,9 @@ HRESULT PathCchStripPrefixA(PSTR pszPath, size_t cchPath)
 
 		if (IsCharAlpha(pszPath[4]) && (pszPath[5] == ':')) /* like C: */
 		{
-			memmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4);
+			if (memmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4) < 0)
+				return HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
+
 			/* since the passed pszPath must not necessarily be null terminated
 			 * and we always have enough space after the strip we can always
 			 * ensure the null termination of the stripped result
@@ -764,7 +766,8 @@ HRESULT PathCchStripPrefixW(PWSTR pszPath, size_t cchPath)
 
 		if (IsCharAlphaW(pszPath[4]) && (pszPath[5] == L':')) /* like C: */
 		{
-			wmemmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4);
+			if (wmemmove_s(pszPath, cchPath, &pszPath[4], cchPath - 4) < 0)
+				return HRESULT_FROM_WIN32(ERROR_INVALID_DATA);
 			/* since the passed pszPath must not necessarily be null terminated
 			 * and we always have enough space after the strip we can always
 			 * ensure the null termination of the stripped result

winpr/libwinpr/sspi/NTLM/ntlm.c

@@ -1122,18 +1122,29 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
 
-	if (hmac &&
-	    winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
+	BOOL success = FALSE;
 	{
+		if (!hmac)
+			goto hmac_fail;
+		if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
+			goto hmac_fail;
+
 		winpr_Data_Write_UINT32(&value, SeqNo);
-		winpr_HMAC_Update(hmac, (void*)&value, 4);
-		winpr_HMAC_Update(hmac, data, length);
-		winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
-		winpr_HMAC_Free(hmac);
+
+		if (!winpr_HMAC_Update(hmac, (void*)&value, 4))
+			goto hmac_fail;
+		if (!winpr_HMAC_Update(hmac, data, length))
+			goto hmac_fail;
+		if (!winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH))
+			goto hmac_fail;
 	}
-	else
-	{
+
+	success = TRUE;
+
+hmac_fail:
 	winpr_HMAC_Free(hmac);
+	if (!success)
+	{
 		free(data);
 		return SEC_E_INSUFFICIENT_MEMORY;
 	}
@@ -1142,8 +1153,14 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
 	if ((data_buffer->BufferType & SECBUFFER_READONLY) == 0)
 	{
 		if (context->confidentiality)
-			winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*)data,
-			                 (BYTE*)data_buffer->pvBuffer);
+		{
+			if (!winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*)data,
+			                      (BYTE*)data_buffer->pvBuffer))
+			{
+				free(data);
+				return SEC_E_INSUFFICIENT_MEMORY;
+			}
+		}
 		else
 			CopyMemory(data_buffer->pvBuffer, data, length);
 	}
@@ -1156,7 +1173,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
 #endif
 	free(data);
 	/* RC4-encrypt first 8 bytes of digest */
-	winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
+	if (!winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum))
+		return SEC_E_INSUFFICIENT_MEMORY;
 	if ((signature_buffer->BufferType & SECBUFFER_READONLY) == 0)
 	{
 		BYTE* signature = signature_buffer->pvBuffer;
@@ -1222,18 +1240,29 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSec
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
 
-	if (hmac &&
-	    winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
+	BOOL success = FALSE;
 	{
+		if (!hmac)
+			goto hmac_fail;
+
+		if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
+			goto hmac_fail;
+
 		winpr_Data_Write_UINT32(&value, SeqNo);
-		winpr_HMAC_Update(hmac, (void*)&value, 4);
-		winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
-		winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
-		winpr_HMAC_Free(hmac);
+
+		if (!winpr_HMAC_Update(hmac, (void*)&value, 4))
+			goto hmac_fail;
+		if (!winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer))
+			goto hmac_fail;
+		if (!winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH))
+			goto hmac_fail;
+
+		success = TRUE;
 	}
-	else
-	{
+hmac_fail:
 	winpr_HMAC_Free(hmac);
+	if (!success)
+	{
 		free(data);
 		return SEC_E_INSUFFICIENT_MEMORY;
 	}
@@ -1246,7 +1275,9 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSec
 #endif
 	free(data);
 	/* RC4-encrypt first 8 bytes of digest */
-	winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum);
+	if (!winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum))
+		return SEC_E_MESSAGE_ALTERED;
+
 	/* Concatenate version, ciphertext and sequence number to build signature */
 	winpr_Data_Write_UINT32(expected_signature, version);
 	CopyMemory(&expected_signature[4], (void*)checksum, 8);
@@ -1308,7 +1339,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext,
 	if (!winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH))
 		goto fail;
 
-	winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
+	if (!winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum))
+		goto fail;
 
 	BYTE* signature = sig_buffer->pvBuffer;
 	winpr_Data_Write_UINT32(signature, 1L);

winpr/libwinpr/sspi/NTLM/ntlm_compute.c

@@ -530,8 +530,10 @@ SECURITY_STATUS ntlm_compute_lm_v2_response(NTLM_CONTEXT* context)
 
 	response = (BYTE*)context->LmChallengeResponse.pvBuffer;
 	/* Compute the HMAC-MD5 hash of the resulting value using the NTLMv2 hash as the key */
-	winpr_HMAC(WINPR_MD_MD5, (void*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, (BYTE*)value,
-	           WINPR_MD5_DIGEST_LENGTH, response, WINPR_MD5_DIGEST_LENGTH);
+	if (!winpr_HMAC(WINPR_MD_MD5, (void*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH, (BYTE*)value,
+	                WINPR_MD5_DIGEST_LENGTH, response, WINPR_MD5_DIGEST_LENGTH))
+		return SEC_E_ALGORITHM_MISMATCH;
+
 	/* Concatenate the resulting HMAC-MD5 hash and the client challenge, giving us the LMv2 response
 	 * (24 bytes) */
 	CopyMemory(&response[16], context->ClientChallenge, 8);
@@ -593,9 +595,10 @@ SECURITY_STATUS ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context)
 		BYTE* blob = (BYTE*)ntlm_v2_temp_chal.pvBuffer;
 		CopyMemory(blob, context->ServerChallenge, 8);
 		CopyMemory(&blob[8], ntlm_v2_temp.pvBuffer, ntlm_v2_temp.cbBuffer);
-		winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
+		if (!winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
 		                (BYTE*)ntlm_v2_temp_chal.pvBuffer, ntlm_v2_temp_chal.cbBuffer,
-		           context->NtProofString, WINPR_MD5_DIGEST_LENGTH);
+		                context->NtProofString, WINPR_MD5_DIGEST_LENGTH))
+			goto exit;
 	}
 
 	/* NtChallengeResponse, Concatenate NTProofStr with temp */
@@ -609,9 +612,10 @@ SECURITY_STATUS ntlm_compute_ntlm_v2_response(NTLM_CONTEXT* context)
 		CopyMemory(&blob[16], ntlm_v2_temp.pvBuffer, ntlm_v2_temp.cbBuffer);
 	}
 	/* Compute SessionBaseKey, the HMAC-MD5 hash of NTProofStr using the NTLMv2 hash as the key */
-	winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
+	if (!winpr_HMAC(WINPR_MD_MD5, (BYTE*)context->NtlmV2Hash, WINPR_MD5_DIGEST_LENGTH,
 	                context->NtProofString, WINPR_MD5_DIGEST_LENGTH, context->SessionBaseKey,
-	           WINPR_MD5_DIGEST_LENGTH);
+	                WINPR_MD5_DIGEST_LENGTH))
+		goto exit;
 	ret = SEC_E_OK;
 exit:
 	sspi_SecBufferFree(&ntlm_v2_temp);

winpr/libwinpr/utils/collections/ArrayList.c

@@ -350,7 +350,7 @@ BOOL ArrayList_Insert(wArrayList* arrayList, size_t index, const void* obj)
 		}
 		else
 		{
-			ArrayList_SetItem(arrayList, index, obj);
+			ret = ArrayList_SetItem(arrayList, index, obj);
 		}
 	}
 

winpr/libwinpr/utils/collections/MessageQueue.c

@@ -103,6 +103,7 @@ BOOL MessageQueue_Wait(wMessageQueue* queue)
 
 static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count)
 {
+	BOOL res = TRUE;
 	const size_t increment = 128;
 	WINPR_ASSERT(queue);
 
@@ -147,8 +148,8 @@ static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count)
 			{
 				const size_t remain = queue->tail - batch;
 				const size_t movesize = remain * sizeof(wMessage);
-				memmove_s(queue->array, queue->tail * sizeof(wMessage), &queue->array[batch],
-				          movesize);
+				res = memmove_s(queue->array, queue->tail * sizeof(wMessage), &queue->array[batch],
+				                movesize) >= 0;
 
 				const size_t zerooffset = remain;
 				const size_t zerosize = (queue->tail - remain) * sizeof(wMessage);
@@ -158,7 +159,7 @@ static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count)
 		}
 	}
 
-	return TRUE;
+	return res;
 }
 
 BOOL MessageQueue_Dispatch(wMessageQueue* queue, const wMessage* message)

winpr/libwinpr/utils/collections/Queue.c

@@ -188,6 +188,7 @@ BOOL Queue_Contains(wQueue* queue, const void* obj)
 
 static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count)
 {
+	BOOL res = TRUE;
 	const size_t blocksize = 32ull;
 	WINPR_ASSERT(queue);
 
@@ -239,8 +240,8 @@ static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count)
 			{
 				const size_t remain = queue->tail - batch;
 				const size_t movesize = remain * sizeof(uintptr_t);
-				memmove_s(queue->array, queue->tail * sizeof(uintptr_t), &queue->array[batch],
-				          movesize);
+				res = memmove_s(queue->array, queue->tail * sizeof(uintptr_t), &queue->array[batch],
+				                movesize) >= 0;
 
 				const size_t zerooffset = remain;
 				const size_t zerosize = (queue->tail - remain) * sizeof(uintptr_t);
@@ -249,7 +250,7 @@ static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count)
 			}
 		}
 	}
-	return TRUE;
+	return res;
 }
 
 /**