sspi-rs icon indicating copy to clipboard operation
sspi-rs copied to clipboard
verified publisher icon Devolutions

Fix memory corruption in the `AcquireCredentialsHandleA/W` functions

Open TheBestTvarynka opened this issue 1 year ago • 2 comments

Hi, In this PR I've fixed the memory corruption error in the AcquireCredentialsHandleA/W functions. The user can safely pass the null/empty credentials strings. Also, I covered such cases with tests.

TheBestTvarynka avatar Oct 09 '24 13:10 TheBestTvarynka

Thank you for improving this! I’m waiting for @pauldumais to confirm the problem is fixed on his side (thread on Slack).

CBenoit avatar Oct 10 '24 10:10 CBenoit

Thank you for improving this! I’m waiting for @pauldumais to confirm the problem is fixed on his side (thread on Slack).

I'm still getting the memory corruption error when I pass a blank string as username. It seams to me that sending a blank string just like sending an invalid username like "a" should return the same failed authentication, instead of a memory exception. I agree that null should not be supported in sspi-rs.

pauldumais avatar Oct 10 '24 12:10 pauldumais

@TheBestTvarynka Is the PR ready? I saw on Slack that the problem was fixed.

CBenoit avatar Oct 15 '24 14:10 CBenoit

Is the PR ready?

Yes, we can merge it once CI is happy.

TheBestTvarynka avatar Oct 16 '24 09:10 TheBestTvarynka