From 1ed7442db6acad47888652d1845e00b0021249b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= <marcandre.moreau@gmail.com>
Date: Fri, 29 Jun 2012 08:55:03 -0400
Subject: [PATCH] libwinpr-sspi: fix SeqNo size

---
 winpr/sspi/NTLM/ntlm.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/winpr/sspi/NTLM/ntlm.c b/winpr/sspi/NTLM/ntlm.c
index 93e9c73bd..a74cb0e10 100644
--- a/winpr/sspi/NTLM/ntlm.c
+++ b/winpr/sspi/NTLM/ntlm.c
@@ -500,6 +500,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	int index;
 	int length;
 	void* data;
+	UINT32 SeqNo;
 	HMAC_CTX hmac;
 	BYTE digest[16];
 	BYTE checksum[8];
@@ -509,6 +510,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	PSecBuffer data_buffer = NULL;
 	PSecBuffer signature_buffer = NULL;
 
+	SeqNo = MessageSeqNo;
 	context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
 
 	for (index = 0; index < (int) pMessage->cBuffers; index++)
@@ -533,7 +535,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac, context->SendSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &(MessageSeqNo), 4);
+	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
 	HMAC_Update(&hmac, data, length);
 	HMAC_Final(&hmac, digest, NULL);
 	HMAC_CTX_cleanup(&hmac);
@@ -565,7 +567,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	/* Concatenate version, ciphertext and sequence number to build signature */
 	CopyMemory(signature, (void*) &version, 4);
 	CopyMemory(&signature[4], (void*) checksum, 8);
-	CopyMemory(&signature[12], (void*) &(MessageSeqNo), 4);
+	CopyMemory(&signature[12], (void*) &(SeqNo), 4);
 	context->SendSeqNum++;
 
 #ifdef WITH_DEBUG_NTLM
@@ -582,6 +584,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	int index;
 	int length;
 	void* data;
+	UINT32 SeqNo;
 	HMAC_CTX hmac;
 	BYTE digest[16];
 	BYTE checksum[8];
@@ -591,6 +594,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	PSecBuffer data_buffer = NULL;
 	PSecBuffer signature_buffer = NULL;
 
+	SeqNo = (UINT32) MessageSeqNo;
 	context = sspi_SecureHandleGetLowerPointer(phContext);
 
 	for (index = 0; index < (int) pMessage->cBuffers; index++)
@@ -622,7 +626,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &(MessageSeqNo), 4);
+	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
 	HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
 	HMAC_Final(&hmac, digest, NULL);
 	HMAC_CTX_cleanup(&hmac);
@@ -645,7 +649,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	/* Concatenate version, ciphertext and sequence number to build signature */
 	CopyMemory(expected_signature, (void*) &version, 4);
 	CopyMemory(&expected_signature[4], (void*) checksum, 8);
-	CopyMemory(&expected_signature[12], (void*) &(MessageSeqNo), 4);
+	CopyMemory(&expected_signature[12], (void*) &(SeqNo), 4);
 	context->RecvSeqNum++;
 
 	if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)