From f4be57149917ad66920ffd18c24a44921a623bfd Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Fri, 5 Aug 2016 11:38:43 +0200
Subject: [PATCH] Pre-shared credentials moved to heap

---
 lib/EAPBase/include/Config.h    | 27 +++++++++++++++------------
 lib/EAPBase_UI/include/EAP_UI.h |  4 ++--
 lib/TTLS/src/Module.cpp         |  2 +-
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/lib/EAPBase/include/Config.h b/lib/EAPBase/include/Config.h
index 6a541da..10d7b41 100644
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@@ -257,6 +257,9 @@ namespace eap
     };
 
 
+    class credentials;
+
+
     template <class _Tcred>
     class config_method_with_cred : public config_method
     {
@@ -269,7 +272,7 @@ namespace eap
         config_method_with_cred(_In_ module *mod) :
             m_allow_save(true),
             m_use_preshared(false),
-            m_preshared(mod),
+            m_preshared(new _Tcred(mod)),
             config_method(mod)
         {
         }
@@ -283,7 +286,7 @@ namespace eap
         config_method_with_cred(_In_ const config_method_with_cred<_Tcred> &other) :
             m_allow_save(other.m_allow_save),
             m_use_preshared(other.m_use_preshared),
-            m_preshared(other.m_preshared),
+            m_preshared((_Tcred*)other.m_preshared->clone()),
             config_method(other)
         {
         }
@@ -316,7 +319,7 @@ namespace eap
                 (config_method&)*this = other;
                 m_allow_save          = other.m_allow_save;
                 m_use_preshared       = other.m_use_preshared;
-                m_preshared           = other.m_preshared;
+                m_preshared.reset((_Tcred*)other.m_preshared->clone());
             }
 
             return *this;
@@ -379,7 +382,7 @@ namespace eap
                 return false;
             }
 
-            if (m_use_preshared && !m_preshared.save(pDoc, pXmlElClientSideCredential, ppEapError))
+            if (m_use_preshared && !m_preshared->save(pDoc, pXmlElClientSideCredential, ppEapError))
                 return false;
 
             return true;
@@ -402,7 +405,7 @@ namespace eap
 
             m_allow_save    = true;
             m_use_preshared = false;
-            m_preshared.clear();
+            m_preshared->clear();
 
             // <ClientSideCredential>
             winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
@@ -416,7 +419,7 @@ namespace eap
                 _Tcred preshared(m_module);
                 if (preshared.load(pXmlElClientSideCredential, ppEapError)) {
                     m_use_preshared = true;
-                    m_preshared = std::move(preshared);
+                    *m_preshared = std::move(preshared);
                 } else {
                     // This is not really an error - merely an indication pre-shared credentials are unavailable.
                     if (*ppEapError) {
@@ -444,7 +447,7 @@ namespace eap
             config_method::operator<<(cursor);
             cursor << m_allow_save;
             cursor << m_use_preshared;
-            cursor << m_preshared;
+            cursor << *m_preshared;
         }
 
 
@@ -459,7 +462,7 @@ namespace eap
                 config_method::get_pk_size() +
                 pksizeof(m_allow_save   ) +
                 pksizeof(m_use_preshared) +
-                pksizeof(m_preshared    );
+                pksizeof(*m_preshared   );
         }
 
 
@@ -473,15 +476,15 @@ namespace eap
             config_method::operator>>(cursor);
             cursor >> m_allow_save;
             cursor >> m_use_preshared;
-            cursor >> m_preshared;
+            cursor >> *m_preshared;
         }
 
         /// @}
 
     public:
-        bool m_allow_save;      ///< Are credentials allowed to be saved to Windows Credential Manager?
-        bool m_use_preshared;   ///< Use pre-shared credentials
-        _Tcred m_preshared;     ///< Pre-shared credentials
+        bool m_allow_save;                     ///< Are credentials allowed to be saved to Windows Credential Manager?
+        bool m_use_preshared;                  ///< Use pre-shared credentials
+        std::unique_ptr<_Tcred> m_preshared;   ///< Pre-shared credentials
     };
 
 
diff --git a/lib/EAPBase_UI/include/EAP_UI.h b/lib/EAPBase_UI/include/EAP_UI.h
index b8a9ac4..56e79ad 100644
--- a/lib/EAPBase_UI/include/EAP_UI.h
+++ b/lib/EAPBase_UI/include/EAP_UI.h
@@ -253,7 +253,7 @@ protected:
         else
             m_preshared->SetValue(true);
 
-        m_cred = m_cfg.m_preshared;
+        m_cred = *m_cfg.m_preshared;
 
         return wxEAPCredentialsConfigPanelBase::TransferDataToWindow();
     }
@@ -266,7 +266,7 @@ protected:
         if (!m_prov.m_read_only) {
             // This is not a provider-locked configuration. Save the data.
             m_cfg.m_use_preshared = !m_own->GetValue();
-            m_cfg.m_preshared     = m_cred;
+            *m_cfg.m_preshared    = m_cred;
         }
 
         return true;
diff --git a/lib/TTLS/src/Module.cpp b/lib/TTLS/src/Module.cpp
index 4b9fd60..f46bd04 100644
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -121,7 +121,7 @@ bool eap::peer_ttls::get_identity(
             target_inner = L"PAP";
             if (cfg_inner_pap->m_use_preshared) {
                 // Inner PAP: Using preshared credentials.
-                cred_out.m_inner.reset((credentials*)cfg_inner_pap->m_preshared.clone());
+                cred_out.m_inner.reset((credentials*)cfg_inner_pap->m_preshared->clone());
                 log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED, event_data(target_inner), event_data(cred_out.m_inner->get_name()), event_data::blank);
                 is_inner_set = true;
             }