changeset 13373:efdd31c24528

8210610: Improved LSA authentication Reviewed-by: valeriep, mschoene, rhalade
author igerasim
date Sat, 06 Oct 2018 12:27:18 -0700
parents 115ffd47a28d
children e2f366716adf
files src/windows/native/sun/security/krb5/NativeCreds.c
diffstat 1 files changed, 27 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/windows/native/sun/security/krb5/NativeCreds.c	Fri Oct 05 17:33:13 2018 -0700
+++ b/src/windows/native/sun/security/krb5/NativeCreds.c	Sat Oct 06 12:27:18 2018 -0700
@@ -76,7 +76,8 @@
 
 BOOL PackageConnectLookup(PHANDLE,PULONG);
 
-NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName,
+NTSTATUS ConstructTicketRequest(JNIEnv *env,
+                                UNICODE_STRING DomainName,
                                 PKERB_RETRIEVE_TKT_REQUEST *outRequest,
                                 ULONG *outSize);
 
@@ -102,6 +103,8 @@
 jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
 jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
 
+void ThrowOOME(JNIEnv *env, const char *szMessage);
+
 /*
  * Class:     sun_security_krb5_KrbCreds
  * Method:    JNI_OnLoad
@@ -495,7 +498,7 @@
             }
 
             // use domain to request Ticket
-            Status = ConstructTicketRequest(msticket->TargetDomainName,
+            Status = ConstructTicketRequest(env, msticket->TargetDomainName,
                                 &pTicketRequest, &requestSize);
             if (!LSA_SUCCESS(Status)) {
                 ShowNTError("ConstructTicketRequest status", Status);
@@ -689,7 +692,7 @@
 }
 
 static NTSTATUS
-ConstructTicketRequest(UNICODE_STRING DomainName,
+ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
                 PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
 {
     NTSTATUS Status;
@@ -736,8 +739,10 @@
 
     pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
                     LocalAlloc(LMEM_ZEROINIT, RequestSize);
-    if (!pTicketRequest)
+    if (!pTicketRequest) {
+        ThrowOOME(env, "Can't allocate memory for ticket");
         return GetLastError();
+    }
 
     //
     // Concatenate the target prefix with the previous response's
@@ -894,7 +899,7 @@
     jbyteArray ary;
 
     ary = (*env)->NewByteArray(env,encodedTicketSize);
-    if ((*env)->ExceptionOccurred(env)) {
+    if (ary == NULL) {
         return (jobject) NULL;
     }
 
@@ -940,6 +945,10 @@
 
     realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
             ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
+    if (realm == NULL) {
+        ThrowOOME(env, "Can't allocate memory for realm");
+        return NULL;
+    }
     wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
 
     if (native_debug) {
@@ -1014,6 +1023,9 @@
     }
 
     ary = (*env)->NewByteArray(env,cryptoKey->Length);
+    if (ary == NULL) {
+        return (jobject) NULL;
+    }
     (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
                                     (jbyte *)cryptoKey->Value);
     if ((*env)->ExceptionOccurred(env)) {
@@ -1036,6 +1048,9 @@
     ULONG nlflags = htonl(*flags);
 
     ary = (*env)->NewByteArray(env, sizeof(*flags));
+    if (ary == NULL) {
+        return (jobject) NULL;
+    }
     (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
                                     (jbyte *)&nlflags);
     if ((*env)->ExceptionOccurred(env)) {
@@ -1088,3 +1103,10 @@
     }
     return kerberosTime;
 }
+
+void ThrowOOME(JNIEnv *env, const char *szMessage) {
+    jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
+    if (exceptionClazz != NULL) {
+        (*env)->ThrowNew(env, exceptionClazz, szMessage);
+    }
+}