Merge pull request #113 from Drawaes/FixHandleLeak

Fix handle leak in LASS
Drawaes · Oct 8, 2018 · f4eb42f · f4eb42f
2 parents 7ee03a0 + 162b2fd
commit f4eb42f
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 13 deletions.
diff --git a/CondenserDotNet.sln b/CondenserDotNet.sln
@@ -84,6 +84,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Release Notes", "Release No
 		releasenotes\4.0.2.props = releasenotes\4.0.2.props
 		releasenotes\4.0.3.props = releasenotes\4.0.3.props
 		releasenotes\4.1.0.props = releasenotes\4.1.0.props
+		releasenotes\4.1.1.props = releasenotes\4.1.1.props
 	EndProjectSection
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CondenserDotNet.Middleware", "src\CondenserDotNet.Middleware\CondenserDotNet.Middleware.csproj", "{5DC8FA9E-4CB9-4F80-8AA9-7F4ABF8375B3}"

diff --git a/releasenotes/4.1.1.props b/releasenotes/4.1.1.props
@@ -0,0 +1,7 @@
+<Project>
+  <PropertyGroup>
+    <PackageReleaseNotes>
+* Fixed Security Handle Leak in LASS
+</PackageReleaseNotes>
+  </PropertyGroup>
+</Project>
diff --git a/src/CondenserDotNet.Middleware/ProtocolSwitcher/ProtocolSwitchConnectionFilter.cs b/src/CondenserDotNet.Middleware/ProtocolSwitcher/ProtocolSwitchConnectionFilter.cs
@@ -11,10 +11,6 @@ public class ProtocolSwitchConnectionFilter : IConnectionAdapter
     {
         private bool _isHttp;
 
-        public ProtocolSwitchConnectionFilter()
-        {
-        }
-
         public bool IsHttps => _isHttp;
 
         public async Task<IAdaptedConnection> OnConnectionAsync(ConnectionAdapterContext context)
@@ -27,8 +23,11 @@ public async Task<IAdaptedConnection> OnConnectionAsync(ConnectionAdapterContext
             back2Back.FirstByte = firstByte[0];
             if (firstByte[0] == 0x16)
             {
+                context.Features.Set<ITlsConnectionFeature>(new TlsConnectionFeature());
                 _isHttp = true;
             }
+
+
             throw new NotImplementedException();
             //await _previous.OnConnectionAsync(context);
             //var previousRequest = context.PrepareRequest;

diff --git a/src/CondenserDotNet.Middleware/ProtocolSwitcher/ProtocolSwitcherExtensions.cs b/src/CondenserDotNet.Middleware/ProtocolSwitcher/ProtocolSwitcherExtensions.cs
@@ -1,14 +1,14 @@
 using Microsoft.AspNetCore.Server.Kestrel;
+using Microsoft.AspNetCore.Server.Kestrel.Core;
 
 namespace CondenserDotNet.Middleware.ProtocolSwitcher
 {
     public static class ProtocolSwitcherExtensions
     {
-        /*public static KestrelServerOptions Switcheroo(this KestrelServerOptions options)
+        public static ListenOptions Switcheroo(this ListenOptions options)
         {
-            var prevFilter = options.ConnectionFilter ?? new NoOpConnectionFilter();
-            options.ConnectionFilter = new ProtocolSwitchConnectionFilter(prevFilter);
+            options.ConnectionAdapters.Add(new ProtocolSwitchConnectionFilter());
             return options;
-        }*/
+        }
     }
 }
diff --git a/...Middleware/WindowsAuthentication/Interop/Windows/Secur32/Interop.DeleteSecurityContext.cs b/...Middleware/WindowsAuthentication/Interop/Windows/Secur32/Interop.DeleteSecurityContext.cs
@@ -0,0 +1,10 @@
+using System.Runtime.InteropServices;
+
+internal partial class Interop
+{
+    internal partial class Secur32
+    {
+        [DllImport(Libraries.Secur32, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern SEC_RESULT DeleteSecurityContext(SecurityHandle phCredential);
+    }
+}
diff --git a/src/CondenserDotNet.Middleware/WindowsAuthentication/WindowsAuthFeature.cs b/src/CondenserDotNet.Middleware/WindowsAuthentication/WindowsAuthFeature.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Security.Principal;
 using static Interop.Secur32;
 
@@ -12,7 +12,7 @@ public class WindowsAuthFeature : IDisposable, IWindowsAuthFeature
         static WindowsAuthFeature()
         {
             var result = AcquireCredentialsHandle(null, "Negotiate", CredentialsUse.SECPKG_CRED_INBOUND,
-                            IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, out _credentialsHandle, out SecurityInteger timeSpan);
+                            IntPtr.Zero, IntPtr.Zero, 0, IntPtr.Zero, out _credentialsHandle, out var timeSpan);
             if (result != SEC_RESULT.SEC_E_OK)
             {
                 throw new InvalidOperationException();

diff --git a/src/CondenserDotNet.Middleware/WindowsAuthentication/WindowsHandshake.cs b/src/CondenserDotNet.Middleware/WindowsAuthentication/WindowsHandshake.cs
@@ -1,7 +1,8 @@
-using System;
+using System;
 using System.Runtime.InteropServices;
 using System.Security.Principal;
 using static Interop.Secur32;
+using static Interop.Kernel32;
 
 namespace CondenserDotNet.Middleware.WindowsAuthentication
 {
@@ -77,7 +78,7 @@ public unsafe string AcceptSecurityToken(string returnTokenType, byte[] token)
                         Marshal.Copy((IntPtr)outBufferPtr, byteSpan, 0, byteSpan.Length);
                         returnToken = "Negotiate " + Convert.ToBase64String(byteSpan);
                     }
-                    QuerySecurityContextToken(ref _context, out IntPtr handle);
+                    QuerySecurityContextToken(ref _context, out var handle);
                     _identity = new WindowsIdentity(handle);
                     Interop.Kernel32.CloseHandle(handle);
                     return returnToken;
@@ -91,6 +92,7 @@ public void Dispose()
             if (_context.HighPart != IntPtr.Zero || _context.LowPart != IntPtr.Zero)
             {
                 FreeCredentialsHandle(_context);
+                DeleteSecurityContext(_context);
                 _context = default(SecurityHandle);
             }
             GC.SuppressFinalize(this);

diff --git a/version.props b/version.props
@@ -1,6 +1,6 @@
 <Project>
     <PropertyGroup>
-        <VersionPrefix>4.1.0</VersionPrefix>
+        <VersionPrefix>4.1.1</VersionPrefix>
         <VersionSuffix>beta</VersionSuffix>
     </PropertyGroup>
 </Project>