Subversion Repositories Aucun

Compare Revisions

Ignore whitespace Rev 204 → Rev 205

/branches/64bits/GinaDlg.c
131,9 → 131,39
if ((GetDlgItemText(hwndDlg, gDialogsAndControls[gCurrentDlgIndex].IDC_PASSWORD, password, nbpassword) > 0)
&& (GetDlgItemText(hwndDlg, gDialogsAndControls[gCurrentDlgIndex].IDC_USERNAME, username, nbusername) > 0))
{
HWND domainCombo;
int cursel;
 
result = TRUE; //That's enough to keep going. Let's try the domain nonetheless
 
domainCombo = GetDlgItem(hwndDlg, gDialogsAndControls[gCurrentDlgIndex].IDC_DOMAIN);
 
GetDlgItemText(hwndDlg, gDialogsAndControls[gCurrentDlgIndex].IDC_DOMAIN, domain, nbdomain);
 
cursel = ComboBox_GetCurSel(domainCombo);
 
if(cursel >= 0)
{
if(ComboBox_GetLBTextLen(domainCombo, cursel) < nbdomain)
{
ComboBox_GetLBText(domainCombo, cursel, domain);
}
 
cursel = ComboBox_GetCount(domainCombo);
 
while(cursel-- > 0)
{
wchar_t buf[256];
 
ComboBox_GetLBText(domainCombo, cursel, buf);
TRACE(L"Domain %d %s\n", cursel, buf);
}
}
else
{
*domain = 0;
}
}
}
 
399,7 → 429,7
if (*username && *password)
{
// Can you spot the buffer overflow vulnerability in this next line ?
TRACE(L"User %s has entered his password.\n", username);
TRACE(L"User %s\\%s has entered his password.\n", *domain?domain:L"", username);
// Don't worry, GetDomainUsernamePassword validated input length. We are safe.
 
switch (ShouldUnlockForUser(pgAucunContext->mLSA, pgAucunContext->mCurrentUser, domain, username, password))