Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8210610: Improved LSA authentication
authorweijun
Sat, 29 Sep 2018 10:08:42 +0800
changeset 53326 0060e9d7c450
parent 53325 d1ebdef71c73
child 53327 620b31ed8807
8210610: Improved LSA authentication Reviewed-by: valeriep, mschoene, rhalade
src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c file | annotate | diff | comparison | revisions 
--- a/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c	Thu Sep 27 12:54:50 2018 -0700
+++ b/src/java.security.jgss/windows/native/libw2k_lsa_auth/NativeCreds.c	Sat Sep 29 10:08:42 2018 +0800
@@ -78,7 +78,8 @@
 
 BOOL PackageConnectLookup(PHANDLE,PULONG);
 
-NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName,
+NTSTATUS ConstructTicketRequest(JNIEnv *env,
+                                UNICODE_STRING DomainName,
                                 PKERB_RETRIEVE_TKT_REQUEST *outRequest,
                                 ULONG *outSize);
 
@@ -104,6 +105,8 @@
 jobject BuildTicketFlags(JNIEnv *env, PULONG flags);
 jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime);
 
+void ThrowOOME(JNIEnv *env, const char *szMessage);
+
 /*
  * Class:     sun_security_krb5_KrbCreds
  * Method:    JNI_OnLoad
@@ -497,7 +500,7 @@
             }
 
             // use domain to request Ticket
-            Status = ConstructTicketRequest(msticket->TargetDomainName,
+            Status = ConstructTicketRequest(env, msticket->TargetDomainName,
                                 &pTicketRequest, &requestSize);
             if (!LSA_SUCCESS(Status)) {
                 ShowNTError("ConstructTicketRequest status", Status);
@@ -691,7 +694,7 @@
 }
 
 static NTSTATUS
-ConstructTicketRequest(UNICODE_STRING DomainName,
+ConstructTicketRequest(JNIEnv *env, UNICODE_STRING DomainName,
                 PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize)
 {
     NTSTATUS Status;
@@ -738,8 +741,10 @@
 
     pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST)
                     LocalAlloc(LMEM_ZEROINIT, RequestSize);
-    if (!pTicketRequest)
+    if (!pTicketRequest) {
+        ThrowOOME(env, "Can't allocate memory for ticket");
         return GetLastError();
+    }
 
     //
     // Concatenate the target prefix with the previous response's
@@ -896,7 +901,7 @@
     jbyteArray ary;
 
     ary = (*env)->NewByteArray(env,encodedTicketSize);
-    if ((*env)->ExceptionOccurred(env)) {
+    if (ary == NULL) {
         return (jobject) NULL;
     }
 
@@ -942,6 +947,10 @@
 
     realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT,
             ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL)));
+    if (realm == NULL) {
+        ThrowOOME(env, "Can't allocate memory for realm");
+        return NULL;
+    }
     wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
 
     if (native_debug) {
@@ -1016,6 +1025,9 @@
     }
 
     ary = (*env)->NewByteArray(env,cryptoKey->Length);
+    if (ary == NULL) {
+        return (jobject) NULL;
+    }
     (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length,
                                     (jbyte *)cryptoKey->Value);
     if ((*env)->ExceptionOccurred(env)) {
@@ -1038,6 +1050,9 @@
     ULONG nlflags = htonl(*flags);
 
     ary = (*env)->NewByteArray(env, sizeof(*flags));
+    if (ary == NULL) {
+        return (jobject) NULL;
+    }
     (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags),
                                     (jbyte *)&nlflags);
     if ((*env)->ExceptionOccurred(env)) {
@@ -1090,3 +1105,10 @@
     }
     return kerberosTime;
 }
+
+void ThrowOOME(JNIEnv *env, const char *szMessage) {
+    jclass exceptionClazz = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
+    if (exceptionClazz != NULL) {
+        (*env)->ThrowNew(env, exceptionClazz, szMessage);
+    }
+}
jdk-sandbox