[ros-diffs] [sserapion] 51812: Fix some small bugs that lead to corruption and correct reference/dereference broken in previous commit(gotta love peer review!). Tests go much further now!

Tue, 17 May 2011 11:55:11 -0700 

Author: sserapion
Date: Tue May 17 18:54:59 2011
New Revision: 51812

URL: http://svn.reactos.org/svn/reactos?rev=51812&view=rev
Log:
Fix some small bugs that lead to corruption and correct reference/dereference 
broken in previous commit(gotta love peer review!). Tests go much further now!

Modified:
    branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
    branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c

Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
URL: 
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c?rev=51812&r1=51811&r2=51812&view=diff
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] 
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] Tue 
May 17 18:54:59 2011
@@ -81,8 +81,11 @@
     TRACE("%p refcount %lu\n",context, context->RefCount);
     ASSERT(context->RefCount >= 1);
 
-    /* decrement and check for delete */
-    if (context->RefCount-- == 0)
+    /* decrement reference */
+    context->RefCount--;
+
+    /* check for object rundown */
+    if (context->RefCount == 0)
     {
         TRACE("Deleting context %p\n",context);
 
@@ -467,7 +470,8 @@
                                     &sessionKey,
                                     &NegotiateFlags);
 
-        phNewContext = (PCtxtHandle)newContext;
+        phCredential->dwUpper = NegotiateFlags;
+        phNewContext->dwLower = newContext;
 
         if(!newContext || !NT_SUCCESS(ret))
         {
@@ -502,7 +506,7 @@
     else        /* challenge! */
     {
         ERR("challenge message unimplemented!!!\n");
-        
+        ERR("phNewContext %p phContext %x!!!\n",phNewContext, *phContext);
         *phNewContext = *phContext;
         if (fContextReq & ISC_REQ_USE_SUPPLIED_CREDS)
         {
@@ -692,7 +696,7 @@
         return SEC_E_INVALID_HANDLE;
     }
 
-    NtlmDereferenceContext((ULONG_PTR)phContext);
+    NtlmDereferenceContext((ULONG_PTR)phContext->dwLower);
     phContext = NULL;
     return SEC_E_OK;
 }
@@ -740,7 +744,7 @@
 SEC_ENTRY
 FreeContextBuffer(PVOID pv)
 {
-    HeapFree(GetProcessHeap(), 0, pv);
+    NtlmFree(pv);
     return SEC_E_OK;
 }
 

Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
URL: 
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c?rev=51812&r1=51811&r2=51812&view=diff
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1] 
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1] 
Tue May 17 18:54:59 2011
@@ -76,8 +76,11 @@
     TRACE("%p refcount %d\n",cred, cred->RefCount);
     ASSERT(cred->RefCount >= 1);
 
-    /* decrement and check for delete */
-    if (cred->RefCount-- == 0 )
+    /* decrement reference */
+    cred->RefCount--;
+
+    /* check for object rundown */
+    if (cred->RefCount == 0)
     {
         TRACE("Deleting credential %p\n",cred);
 
@@ -289,7 +292,7 @@
 
         if(password.Buffer != NULL)
         {
-            NtlmProtectMemory(password.Buffer, password.Length);
+            NtlmProtectMemory(password.Buffer, password.Length * 
sizeof(WCHAR));
             cred->Password = password;
         }

Reply via email to