libfreerdp-core: fix decryption of encrypted error info PDU in license sequence

This commit is contained in:
Marc-André Moreau 2013-02-04 16:39:05 -05:00
parent bbcf081243
commit 1070931479
3 changed files with 64 additions and 47 deletions

View File

@ -179,12 +179,12 @@ BOOL license_send(rdpLicense* license, STREAM* s, BYTE type)
BOOL license_recv(rdpLicense* license, STREAM* s) BOOL license_recv(rdpLicense* license, STREAM* s)
{ {
UINT16 length;
UINT16 channelId;
UINT16 sec_flags;
BYTE flags; BYTE flags;
BYTE bMsgType; BYTE bMsgType;
UINT16 wMsgSize; UINT16 wMsgSize;
UINT16 length;
UINT16 channelId;
UINT16 securityFlags;
if (!rdp_read_header(license->rdp, s, &length, &channelId)) if (!rdp_read_header(license->rdp, s, &length, &channelId))
{ {
@ -192,17 +192,29 @@ BOOL license_recv(rdpLicense* license, STREAM* s)
return FALSE; return FALSE;
} }
if (!rdp_read_security_header(s, &sec_flags)) if (!rdp_read_security_header(s, &securityFlags))
return FALSE; return FALSE;
if (!(sec_flags & SEC_LICENSE_PKT)) if (securityFlags & SEC_ENCRYPT)
{ {
if (!rdp_decrypt(license->rdp, s, length - 4, securityFlags))
{
printf("rdp_decrypt failed\n");
return FALSE;
}
}
if (!(securityFlags & SEC_LICENSE_PKT))
{
if (!(securityFlags & SEC_ENCRYPT))
stream_rewind(s, RDP_SECURITY_HEADER_LENGTH); stream_rewind(s, RDP_SECURITY_HEADER_LENGTH);
if (rdp_recv_out_of_sequence_pdu(license->rdp, s) != TRUE) if (rdp_recv_out_of_sequence_pdu(license->rdp, s) != TRUE)
{ {
printf("Unexpected license packet.\n"); printf("Unexpected license packet.\n");
return FALSE; return FALSE;
} }
return TRUE; return TRUE;
} }
@ -686,8 +698,10 @@ BOOL license_read_license_request_packet(rdpLicense* license, STREAM* s)
BOOL license_read_platform_challenge_packet(rdpLicense* license, STREAM* s) BOOL license_read_platform_challenge_packet(rdpLicense* license, STREAM* s)
{ {
DEBUG_LICENSE("Receiving Platform Challenge Packet"); DEBUG_LICENSE("Receiving Platform Challenge Packet");
if(stream_get_left(s) < 4)
if (stream_get_left(s) < 4)
return FALSE; return FALSE;
stream_seek(s, 4); /* ConnectFlags, Reserved (4 bytes) */ stream_seek(s, 4); /* ConnectFlags, Reserved (4 bytes) */
/* EncryptedPlatformChallenge */ /* EncryptedPlatformChallenge */
@ -696,10 +710,11 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, STREAM* s)
license->encrypted_platform_challenge->type = BB_ENCRYPTED_DATA_BLOB; license->encrypted_platform_challenge->type = BB_ENCRYPTED_DATA_BLOB;
/* MACData (16 bytes) */ /* MACData (16 bytes) */
if(!stream_skip(s, 16)) if (!stream_skip(s, 16))
return FALSE; return FALSE;
license_decrypt_platform_challenge(license); license_decrypt_platform_challenge(license);
return TRUE; return TRUE;
} }
@ -741,11 +756,13 @@ BOOL license_read_error_alert_packet(rdpLicense* license, STREAM* s)
UINT32 dwErrorCode; UINT32 dwErrorCode;
UINT32 dwStateTransition; UINT32 dwStateTransition;
if(stream_get_left(s) < 8) if (stream_get_left(s) < 8)
return FALSE; return FALSE;
stream_read_UINT32(s, dwErrorCode); /* dwErrorCode (4 bytes) */ stream_read_UINT32(s, dwErrorCode); /* dwErrorCode (4 bytes) */
stream_read_UINT32(s, dwStateTransition); /* dwStateTransition (4 bytes) */ stream_read_UINT32(s, dwStateTransition); /* dwStateTransition (4 bytes) */
if(!license_read_binary_blob(s, license->error_info)) /* bbErrorInfo */
if (!license_read_binary_blob(s, license->error_info)) /* bbErrorInfo */
return FALSE; return FALSE;
#ifdef WITH_DEBUG_LICENSE #ifdef WITH_DEBUG_LICENSE
@ -779,6 +796,7 @@ BOOL license_read_error_alert_packet(rdpLicense* license, STREAM* s)
default: default:
break; break;
} }
return TRUE; return TRUE;
} }
@ -956,7 +974,6 @@ rdpLicense* license_new(rdpRdp* rdp)
license->rdp = rdp; license->rdp = rdp;
license->state = LICENSE_STATE_AWAIT; license->state = LICENSE_STATE_AWAIT;
//license->certificate = certificate_new(rdp);
license->certificate = certificate_new(); license->certificate = certificate_new();
license->product_info = license_new_product_info(); license->product_info = license_new_product_info();
license->error_info = license_new_binary_blob(BB_ERROR_BLOB); license->error_info = license_new_binary_blob(BB_ERROR_BLOB);

View File

@ -103,7 +103,7 @@ void rdp_write_security_header(STREAM* s, UINT16 flags)
BOOL rdp_read_share_control_header(STREAM* s, UINT16* length, UINT16* type, UINT16* channel_id) BOOL rdp_read_share_control_header(STREAM* s, UINT16* length, UINT16* type, UINT16* channel_id)
{ {
if(stream_get_left(s) < 2) if (stream_get_left(s) < 2)
return FALSE; return FALSE;
/* Share Control Header */ /* Share Control Header */
@ -117,8 +117,8 @@ BOOL rdp_read_share_control_header(STREAM* s, UINT16* length, UINT16* type, UINT
if (*length > 4) if (*length > 4)
stream_read_UINT16(s, *channel_id); /* pduSource */ stream_read_UINT16(s, *channel_id); /* pduSource */
else /* Windows XP can send such short DEACTIVATE_ALL PDUs. */ else
*channel_id = 0; *channel_id = 0; /* Windows XP can send such short DEACTIVATE_ALL PDUs. */
return TRUE; return TRUE;
} }
@ -645,7 +645,7 @@ BOOL rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, STREAM* s)
UINT16 length; UINT16 length;
UINT16 channelId; UINT16 channelId;
if(!rdp_read_share_control_header(s, &length, &type, &channelId)) if (!rdp_read_share_control_header(s, &length, &type, &channelId))
return FALSE; return FALSE;
if (type == PDU_TYPE_DATA) if (type == PDU_TYPE_DATA)