Einzelnen Beitrag anzeigen

Kas Ob.

Registriert seit: 3. Sep 2023
229 Beiträge
 
#2

AW: CredIsProtected buffer-overflow?

  Alt 2. Mär 2024, 13:40
Hi,

Yesterday i looked and doubted myself, now i tried again to understand the subject at hand , using my ability to decryption of google translation, i am assuming the problem is with overflowing somewhere.
2024-03-02-15_26_02-delphi-credisprotected-buffer-overflow_-delphi-praxis.png

Anyway there is two problems, separated that caused this

1) Without defining enum size the to be compatible with Windows API's it will break
Code:
  {$MINENUMSIZE 4}
  CRED_PROTECTION_TYPE = (CredUnprotected, CredUserProtection, CredTrustedProtection, CredForSystemProtection);
2) The definition of both CredProtect and CredUnProtect is wrong in that demo, and they should looks like this:
Code:
BOOL CredProtectW(
  [in]     BOOL                fAsSelf,
  [in]     LPWSTR              pszCredentials,
  [in]     DWORD               cchCredentials,
  [out]    LPWSTR              pszProtectedCredentials,
  [in, out] DWORD               *pcchMaxChars,
  [out]    CRED_PROTECTION_TYPE *ProtectionType
);
BOOL CredUnprotectW(
  [in]     BOOL  fAsSelf,
  [in]     LPWSTR pszProtectedCredentials,
  [in]     DWORD cchProtectedCredentials,
  [out]    LPWSTR pszCredentials,
  [in, out] DWORD *pcchMaxChars
);

function CredProtect(fAsSelf: BOOL; pszCredentials: LPWSTR; cchCredentials: DWORD; out pszProtectedCredentials: LPWSTR; var pcchMaxChars: DWORD; out ProtectionType: CRED_PROTECTION_TYPE): BOOL; stdcall; external advapi32 name 'CredProtectW';
function CredUnprotect(fAsSelf: BOOL; pszProtectedCredentials: LPWSTR; cchProtectedCredentials: DWORD; out pszCredentials: LPWSTR; var pcchMaxChars: DWORD):  BOOL; stdcall; external advapi32 name 'CredUnprotectW';
and bonus (3), after checking the result of CredIsProtected, in this case or any similar, always set zero to buffer size for the first call, then call once, then check GetLastError for ERROR_INSUFFICIENT_BUFFER, there is no need to check for the result of the function itself in first call, and you have the needed in pcchMaxChars after the second, here again it is always as rule of thumb best to trim the buffer again.
  Mit Zitat antworten Zitat