Bug in IsKerberosLogon ? - Kerberos

This is a discussion on Bug in IsKerberosLogon ? - Kerberos ; In 2.6.5 and 3.0, there IsKerberosLogon function appears in two formats, one which appears to be broken. In several source files, the IsKerberosLogon function appears as: IsKerberosLogon(VOID) { PSECURITY_LOGON_SESSION_DATA pSessionData = NULL; BOOL Success = FALSE; if ( GetSecurityLogonSessionData(&pSessionData) ) ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Bug in IsKerberosLogon ?

  1. Bug in IsKerberosLogon ?

    In 2.6.5 and 3.0, there IsKerberosLogon function appears in two formats,
    one which appears to be broken.

    In several source files, the IsKerberosLogon function appears as:

    IsKerberosLogon(VOID)
    {
    PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
    BOOL Success = FALSE;

    if ( GetSecurityLogonSessionData(&pSessionData) ) {
    if ( pSessionData->AuthenticationPackage.Buffer ) {
    WCHAR buffer[256];
    WCHAR *usBuffer;
    int usLength;

    Success = FALSE;
    usBuffer = (pSessionData->AuthenticationPackage).Buffer;
    usLength = (pSessionData->AuthenticationPackage).Length;
    if (usLength < 256)
    {
    lstrcpyn (buffer, usBuffer, usLength);
    lstrcat (buffer,L"");
    if ( !lstrcmp(L"Kerberos",buffer) )
    Success = TRUE;
    }
    }
    LsaFreeReturnBuffer(pSessionData);
    }
    return Success;
    }

    However, in krb5funcs.c, the source appears as:

    IsKerberosLogon(VOID)
    {
    PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
    BOOL Success = FALSE;

    if ( GetSecurityLogonSessionData(&pSessionData) ) {
    if ( pSessionData->AuthenticationPackage.Buffer ) {
    WCHAR buffer[256];
    WCHAR *usBuffer;
    int usLength;

    Success = FALSE;
    usBuffer = (pSessionData->AuthenticationPackage).Buffer;
    usLength = (pSessionData->AuthenticationPackage).Length;
    if (usLength < 256)
    {
    lstrcpynW (buffer, usBuffer, usLength);
    StringCbCatW (buffer, sizeof(buffer), L"");
    if ( !lstrcmpW(L"Kerberos",buffer) )
    Success = TRUE;
    }
    }
    pLsaFreeReturnBuffer(pSessionData);
    }
    return Success;
    }

    The important difference is highlighted in red. The problem is that the
    authentication package returned by LsaGetLogonSessionData returns an
    LSA_UNICODE_STRING where the contents of the buffer is a wide-string.

    But, in several instances, the code as highlighted in red, uses
    single-byte functions which results in the string "K" being copied and
    then compared to "Kerberos".

    Altough lstrcmp( "Kerberos", "K" ) will return 0, this could also return
    0 if the string was another word starting with "K".

    Is this a bug which should be fixed?

    Thanks,

    Pierre

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Bug in IsKerberosLogon ?

    Pierre Goyette wrote:
    > In 2.6.5 and 3.0, there IsKerberosLogon function appears in two formats,
    > one which appears to be broken.


    I believe that you are overlooking the definition of UNICODE and
    _UNICODE which causes the wide version of the functions in question
    to be used.

    Jeffrey Altman

+ Reply to Thread