From ddd885aa8c51a7738c63a970ebc2f8d5bc32a672 Mon Sep 17 00:00:00 2001 From: igerasim Date: Sat, 6 Oct 2018 12:27:18 -0700 Subject: [PATCH] 8210610: Improved LSA authentication Reviewed-by: valeriep, mschoene, rhalade --- .../native/sun/security/krb5/NativeCreds.c | 32 ++++++++++++++++--- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/src/windows/native/sun/security/krb5/NativeCreds.c b/src/windows/native/sun/security/krb5/NativeCreds.c index 554eb63c1..b7f81d2f0 100644 --- a/src/windows/native/sun/security/krb5/NativeCreds.c +++ b/src/windows/native/sun/security/krb5/NativeCreds.c @@ -76,7 +76,8 @@ BOOL native_debug = 0; BOOL PackageConnectLookup(PHANDLE,PULONG); -NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName, +NTSTATUS ConstructTicketRequest(JNIEnv *env, + UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize); @@ -102,6 +103,8 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey); jobject BuildTicketFlags(JNIEnv *env, PULONG flags); jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); +void ThrowOOME(JNIEnv *env, const char *szMessage); + /* * Class: sun_security_krb5_KrbCreds * Method: JNI_OnLoad @@ -495,7 +498,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ } // use domain to request Ticket - Status = ConstructTicketRequest(msticket->TargetDomainName, + Status = ConstructTicketRequest(env, msticket->TargetDomainName, &pTicketRequest, &requestSize); if (!LSA_SUCCESS(Status)) { ShowNTError("ConstructTicketRequest status", Status); @@ -689,7 +692,7 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ } static NTSTATUS -ConstructTicketRequest(UNICODE_STRING DomainName, +ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) { NTSTATUS Status; @@ -736,8 +739,10 @@ ConstructTicketRequest(UNICODE_STRING DomainName, pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pTicketRequest) + if (!pTicketRequest) { + ThrowOOME(env, "Can't allocate memory for ticket"); return GetLastError(); + } // // Concatenate the target prefix with the previous response's @@ -894,7 +899,7 @@ jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) jbyteArray ary; ary = (*env)->NewByteArray(env,encodedTicketSize); - if ((*env)->ExceptionOccurred(env)) { + if (ary == NULL) { return (jobject) NULL; } @@ -940,6 +945,10 @@ jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); + if (realm == NULL) { + ThrowOOME(env, "Can't allocate memory for realm"); + return NULL; + } wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); if (native_debug) { @@ -1014,6 +1023,9 @@ jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) { } ary = (*env)->NewByteArray(env,cryptoKey->Length); + if (ary == NULL) { + return (jobject) NULL; + } (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, (jbyte *)cryptoKey->Value); if ((*env)->ExceptionOccurred(env)) { @@ -1036,6 +1048,9 @@ jobject BuildTicketFlags(JNIEnv *env, PULONG flags) { ULONG nlflags = htonl(*flags); ary = (*env)->NewByteArray(env, sizeof(*flags)); + if (ary == NULL) { + return (jobject) NULL; + } (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), (jbyte *)&nlflags); if ((*env)->ExceptionOccurred(env)) { @@ -1088,3 +1103,10 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) { } return kerberosTime; } + +void ThrowOOME(JNIEnv *env, const char *szMessage) { + jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError"); + if (exceptionClazz != NULL) { + (*env)->ThrowNew(env, exceptionClazz, szMessage); + } +} -- GitLab