FreeRDP/winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.h

43 lines
1.4 KiB
C
Raw Normal View History

/**
* WinPR: Windows Portable Runtime
* NTLM Security Package (AV_PAIRs)
*
* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef WINPR_SSPI_NTLM_AV_PAIRS_H
#define WINPR_SSPI_NTLM_AV_PAIRS_H
2022-02-16 12:08:00 +03:00
#include <winpr/config.h>
2022-01-13 18:21:51 +03:00
#include "ntlm.h"
#include <winpr/stream.h>
Fix NTLM AvPair lists There were two main issues here: First, the `ntlm_av_pair_add` and `ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of the list to replace the one they overwrote. This caused the second call to one of those functions to fail (since it couldn't find the terminator), which was the source of the test failure. It also caused `ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of bounds until they happened to find the right word. Second, several bounds checks were wrong or missing. For example, `ntlm_av_pair_add` does not ensure that the value fits inside the list. And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can return error codes or NULL, but those error returns were ignored, and the values used anyway (such as in `ntlm_av_pair_add_copy`). This fixes the list handling code to have the invariant that all functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire returned `AvPair` is within bounds. This removes the need for the length parameter in functions that only operate on a single `AvPair`. This check is performed by the new `ntlm_av_pair_check` helper, which is added in some new places and used to simplify the code in others. Other issues fixed along the way include: - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was returning the number of `NTLM_AV_PAIR`-sized chunks (which was possibly not even an integer) instead of the number of bytes - I removed an impossible check for `offset <= 0` in `ntlm_av_pair_get_next_pointer` - The assertion that `Value != NULL` and the call to `CopyMemory` are only necessary if `AvLen` is nonzero - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`) could be declared `static` With this commit, TestNTLM now passes on powerpc64. ``` $ ./Testing/TestSspi TestNTLM NTLM_NEGOTIATE (length = 40): NTLM_CHALLENGE (length = 168): NTLM_AUTHENTICATE (length = 352): $ echo $? 0 ``` Fixes #5250
2019-03-18 04:20:10 +03:00
ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList);
2022-01-13 18:21:51 +03:00
#ifdef WITH_DEBUG_NTLM
void ntlm_print_av_pair_list(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList);
2022-01-13 18:21:51 +03:00
#endif
Fix NTLM AvPair lists There were two main issues here: First, the `ntlm_av_pair_add` and `ntlm_av_pair_add_copy` were not adding a new `MsvAvEOL` to the end of the list to replace the one they overwrote. This caused the second call to one of those functions to fail (since it couldn't find the terminator), which was the source of the test failure. It also caused `ntlm_av_pair_list_length` and `ntlm_print_av_pair_list` to read out of bounds until they happened to find the right word. Second, several bounds checks were wrong or missing. For example, `ntlm_av_pair_add` does not ensure that the value fits inside the list. And `ntlm_av_pair_get_len` and `ntlm_av_pair_get_value_pointer` can return error codes or NULL, but those error returns were ignored, and the values used anyway (such as in `ntlm_av_pair_add_copy`). This fixes the list handling code to have the invariant that all functions returning `NTLM_AV_PAIR*` only return non-`NULL` if the entire returned `AvPair` is within bounds. This removes the need for the length parameter in functions that only operate on a single `AvPair`. This check is performed by the new `ntlm_av_pair_check` helper, which is added in some new places and used to simplify the code in others. Other issues fixed along the way include: - `ntlm_av_pair_list_length` did not cast to `PBYTE`, so it was returning the number of `NTLM_AV_PAIR`-sized chunks (which was possibly not even an integer) instead of the number of bytes - I removed an impossible check for `offset <= 0` in `ntlm_av_pair_get_next_pointer` - The assertion that `Value != NULL` and the call to `CopyMemory` are only necessary if `AvLen` is nonzero - `ntlm_av_pair_get_next_pointer` (renamed to `ntlm_av_pair_next`) could be declared `static` With this commit, TestNTLM now passes on powerpc64. ``` $ ./Testing/TestSspi TestNTLM NTLM_NEGOTIATE (length = 40): NTLM_CHALLENGE (length = 168): NTLM_AUTHENTICATE (length = 352): $ echo $? 0 ``` Fixes #5250
2019-03-18 04:20:10 +03:00
PBYTE ntlm_av_pair_get_value_pointer(NTLM_AV_PAIR* pAvPair);
2019-11-06 17:24:51 +03:00
NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList, NTLM_AV_ID AvId,
size_t* pcbAvPairListRemaining);
BOOL ntlm_construct_challenge_target_info(NTLM_CONTEXT* context);
BOOL ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context);
#endif /* WINPR_SSPI_NTLM_AV_PAIRS_H */