winpr/ntlm: Fix endianness in ntlm_av_pair_list

Data in ntlm_av_pair_list are accessed directly, which doesn't work on
big endian machines currently. The recieved data are stored as little
endian. Use conversion macros from endian.h to load and store the data
properly.

https://github.com/FreeRDP/FreeRDP/issues/2520
This commit is contained in:
Ondrej Holy 2016-04-22 14:43:40 +02:00
parent 8d468ea6b5
commit 95a1b53940
3 changed files with 48 additions and 27 deletions

View File

@ -57,8 +57,8 @@ const char* const AV_PAIR_STRINGS[] =
void ntlm_av_pair_list_init(NTLM_AV_PAIR* pAvPairList) void ntlm_av_pair_list_init(NTLM_AV_PAIR* pAvPairList)
{ {
NTLM_AV_PAIR* pAvPair = pAvPairList; NTLM_AV_PAIR* pAvPair = pAvPairList;
pAvPair->AvId = MsvAvEOL; ntlm_av_pair_set_id(pAvPair, MsvAvEOL);
pAvPair->AvLen = 0; ntlm_av_pair_set_len(pAvPair, 0);
} }
ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList) ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList)
@ -69,7 +69,7 @@ ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList)
if (!pAvPair) if (!pAvPair)
return 0; return 0;
while (pAvPair->AvId != MsvAvEOL) while (ntlm_av_pair_get_id(pAvPair) != MsvAvEOL)
{ {
pAvPair = ntlm_av_pair_get_next_pointer(pAvPair); pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
} }
@ -87,12 +87,14 @@ void ntlm_print_av_pair_list(NTLM_AV_PAIR* pAvPairList)
WLog_INFO(TAG, "AV_PAIRs ="); WLog_INFO(TAG, "AV_PAIRs =");
while (pAvPair->AvId != MsvAvEOL) while (ntlm_av_pair_get_id(pAvPair) != MsvAvEOL)
{ {
WLog_INFO(TAG, "\t%s AvId: %d AvLen: %d", WLog_INFO(TAG, "\t%s AvId: %d AvLen: %d",
AV_PAIR_STRINGS[pAvPair->AvId], AV_PAIR_STRINGS[ntlm_av_pair_get_id(pAvPair)],
pAvPair->AvId, pAvPair->AvLen); ntlm_av_pair_get_id(pAvPair),
winpr_HexDump(TAG, WLOG_INFO, ntlm_av_pair_get_value_pointer(pAvPair), pAvPair->AvLen); ntlm_av_pair_get_len(pAvPair));
winpr_HexDump(TAG, WLOG_INFO, ntlm_av_pair_get_value_pointer(pAvPair),
ntlm_av_pair_get_len(pAvPair));
pAvPair = ntlm_av_pair_get_next_pointer(pAvPair); pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
} }
} }
@ -110,7 +112,7 @@ PBYTE ntlm_av_pair_get_value_pointer(NTLM_AV_PAIR* pAvPair)
int ntlm_av_pair_get_next_offset(NTLM_AV_PAIR* pAvPair) int ntlm_av_pair_get_next_offset(NTLM_AV_PAIR* pAvPair)
{ {
return pAvPair->AvLen + sizeof(NTLM_AV_PAIR); return ntlm_av_pair_get_len(pAvPair) + sizeof(NTLM_AV_PAIR);
} }
NTLM_AV_PAIR* ntlm_av_pair_get_next_pointer(NTLM_AV_PAIR* pAvPair) NTLM_AV_PAIR* ntlm_av_pair_get_next_pointer(NTLM_AV_PAIR* pAvPair)
@ -127,10 +129,10 @@ NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId)
while (1) while (1)
{ {
if (pAvPair->AvId == AvId) if (ntlm_av_pair_get_id(pAvPair) == AvId)
return pAvPair; return pAvPair;
if (pAvPair->AvId == MsvAvEOL) if (ntlm_av_pair_get_id(pAvPair) == MsvAvEOL)
return NULL; return NULL;
pAvPair = ntlm_av_pair_get_next_pointer(pAvPair); pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
@ -148,8 +150,8 @@ NTLM_AV_PAIR* ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId, PBYTE
return NULL; return NULL;
assert(Value != NULL); assert(Value != NULL);
pAvPair->AvId = AvId; ntlm_av_pair_set_id(pAvPair, AvId);
pAvPair->AvLen = AvLen; ntlm_av_pair_set_len(pAvPair, AvLen);
CopyMemory(ntlm_av_pair_get_value_pointer(pAvPair), Value, AvLen); CopyMemory(ntlm_av_pair_get_value_pointer(pAvPair), Value, AvLen);
return pAvPair; return pAvPair;
} }
@ -162,10 +164,11 @@ NTLM_AV_PAIR* ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, NTLM_AV_PAIR* pAv
if (!pAvPairCopy) if (!pAvPairCopy)
return NULL; return NULL;
pAvPairCopy->AvId = pAvPair->AvId; CopyMemory(&pAvPairCopy->AvId, &pAvPair->AvId, 2);
pAvPairCopy->AvLen = pAvPair->AvLen; CopyMemory(&pAvPairCopy->AvLen, &pAvPair->AvLen, 2);
CopyMemory(ntlm_av_pair_get_value_pointer(pAvPairCopy), CopyMemory(ntlm_av_pair_get_value_pointer(pAvPairCopy),
ntlm_av_pair_get_value_pointer(pAvPair), pAvPair->AvLen); ntlm_av_pair_get_value_pointer(pAvPair),
ntlm_av_pair_get_len (pAvPair));
return pAvPairCopy; return pAvPairCopy;
} }
@ -288,10 +291,10 @@ void ntlm_compute_single_host_data(NTLM_CONTEXT* context)
* different or if they are on different hosts, then the information MUST be ignored. * different or if they are on different hosts, then the information MUST be ignored.
* Any fields after the MachineID field MUST be ignored on receipt. * Any fields after the MachineID field MUST be ignored on receipt.
*/ */
context->SingleHostData.Size = 48; Data_Write_UINT32(&context->SingleHostData.Size, 48);
context->SingleHostData.Z4 = 0; Data_Write_UINT32(&context->SingleHostData.Z4, 0);
context->SingleHostData.DataPresent = 1; Data_Write_UINT32(&context->SingleHostData.DataPresent, 1);
context->SingleHostData.CustomData = SECURITY_MANDATORY_MEDIUM_RID; Data_Write_UINT32(&context->SingleHostData.CustomData, SECURITY_MANDATORY_MEDIUM_RID);
FillMemory(context->SingleHostData.MachineID, 32, 0xAA); FillMemory(context->SingleHostData.MachineID, 32, 0xAA);
} }
@ -375,31 +378,31 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
if (AvNbDomainName) if (AvNbDomainName)
{ {
AvPairsCount++; /* MsvAvNbDomainName */ AvPairsCount++; /* MsvAvNbDomainName */
AvPairsValueLength += AvNbDomainName->AvLen; AvPairsValueLength += ntlm_av_pair_get_len(AvNbDomainName);
} }
if (AvNbComputerName) if (AvNbComputerName)
{ {
AvPairsCount++; /* MsvAvNbComputerName */ AvPairsCount++; /* MsvAvNbComputerName */
AvPairsValueLength += AvNbComputerName->AvLen; AvPairsValueLength += ntlm_av_pair_get_len(AvNbComputerName);
} }
if (AvDnsDomainName) if (AvDnsDomainName)
{ {
AvPairsCount++; /* MsvAvDnsDomainName */ AvPairsCount++; /* MsvAvDnsDomainName */
AvPairsValueLength += AvDnsDomainName->AvLen; AvPairsValueLength += ntlm_av_pair_get_len(AvDnsDomainName);
} }
if (AvDnsComputerName) if (AvDnsComputerName)
{ {
AvPairsCount++; /* MsvAvDnsComputerName */ AvPairsCount++; /* MsvAvDnsComputerName */
AvPairsValueLength += AvDnsComputerName->AvLen; AvPairsValueLength += ntlm_av_pair_get_len(AvDnsComputerName);
} }
if (AvDnsTreeName) if (AvDnsTreeName)
{ {
AvPairsCount++; /* MsvAvDnsTreeName */ AvPairsCount++; /* MsvAvDnsTreeName */
AvPairsValueLength += AvDnsTreeName->AvLen; AvPairsValueLength += ntlm_av_pair_get_len(AvDnsTreeName);
} }
AvPairsCount++; /* MsvAvTimestamp */ AvPairsCount++; /* MsvAvTimestamp */
@ -470,7 +473,8 @@ int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
if (context->UseMIC) if (context->UseMIC)
{ {
UINT32 flags = MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK; UINT32 flags;
Data_Write_UINT32(&flags, MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK);
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4); ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
} }

View File

@ -35,6 +35,23 @@ NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId);
NTLM_AV_PAIR* ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId, PBYTE Value, UINT16 AvLen); NTLM_AV_PAIR* ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId, PBYTE Value, UINT16 AvLen);
NTLM_AV_PAIR* ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, NTLM_AV_PAIR* pAvPair); NTLM_AV_PAIR* ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, NTLM_AV_PAIR* pAvPair);
static INLINE UINT16 ntlm_av_pair_get_id(NTLM_AV_PAIR* pAvPair)
{
UINT16 AvId;
Data_Read_UINT16(&pAvPair->AvId, AvId);
return AvId;
}
static INLINE UINT16 ntlm_av_pair_get_len(NTLM_AV_PAIR* pAvPair)
{
UINT16 AvLen;
Data_Read_UINT16(&pAvPair->AvLen, AvLen);
return AvLen;
}
#define ntlm_av_pair_set_id(pAvPair, id) Data_Write_UINT16(&pAvPair->AvId, id)
#define ntlm_av_pair_set_len(pAvPair, len) Data_Write_UINT16(&pAvPair->AvLen, len)
int ntlm_construct_challenge_target_info(NTLM_CONTEXT* context); int ntlm_construct_challenge_target_info(NTLM_CONTEXT* context);
int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context); int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context);

View File

@ -679,7 +679,7 @@ SECURITY_STATUS ntlm_read_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, MsvAvFlags); AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, MsvAvFlags);
if (AvFlags) if (AvFlags)
flags = *((UINT32*) ntlm_av_pair_get_value_pointer(AvFlags)); Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags);
} }
if (ntlm_read_message_fields_buffer(s, &(message->EncryptedRandomSessionKey)) < 0) /* EncryptedRandomSessionKey */ if (ntlm_read_message_fields_buffer(s, &(message->EncryptedRandomSessionKey)) < 0) /* EncryptedRandomSessionKey */
@ -952,7 +952,7 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, MsvAvFlags); AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs, MsvAvFlags);
if (AvFlags) if (AvFlags)
flags = *((UINT32*) ntlm_av_pair_get_value_pointer(AvFlags)); Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags);
if (ntlm_compute_lm_v2_response(context) < 0) /* LmChallengeResponse */ if (ntlm_compute_lm_v2_response(context) < 0) /* LmChallengeResponse */
return SEC_E_INTERNAL_ERROR; return SEC_E_INTERNAL_ERROR;