You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
http.sys: Fix definition of HTTP_SERVER_AUTHENTICATION_INFO
Previous definition of this structure had improper declarations
for the `ReceiveMutualAuth`, `ReceiveContextHandle`,
DisableNTLMCredentialCaching` and `ExFlags` fields.
In the native version of the structure, these fields are byte-sized
(they are either BOOLEAN or UCHAR, and BOOLEAN is defined as
"typedef BYTE BOOLEAN" in winnt.h). The previous version of the
interop structure declared them as `bool` or `ulong`. In turn, that
was causing improper structure marshalling and an invalid (larger)
structure size passed to HttpSetUrlGroupProperty().
Perhaps, this hasn't been noticed so far because the actual code only
fills in the `AuthSchemes` field that occurs earlier in the struct
layout. And perhaps the HttpSetUrlGroupProperty() function currently
can accept the larger structure sizes (for future compatibility), so
it hasn't been returning an error.
Fix this issue by redeclaring all those fields as `byte`. Note that we
don't anything fancier like `[MarshalAs(UnmanagedType.U1)] bool` to be
consistent with other existing declarations of BOOLEAN fields, for
example in the existing definition of HTTP_SSL_CLIENT_CERT_INFO.
For reference, this is the definition of the structure in http.h:
```
typedef struct _HTTP_SERVER_AUTHENTICATION_INFO
{
HTTP_PROPERTY_FLAGS Flags;
ULONG AuthSchemes;
BOOLEAN ReceiveMutualAuth;
BOOLEAN ReceiveContextHandle;
BOOLEAN DisableNTLMCredentialCaching;
UCHAR ExFlags;
HTTP_SERVER_AUTHENTICATION_DIGEST_PARAMS DigestParams;
HTTP_SERVER_AUTHENTICATION_BASIC_PARAMS BasicParams;
} HTTP_SERVER_AUTHENTICATION_INFO;
```
0 commit comments