Fix tpkt header length checks for encrypted packets

If securityFlag SEC_ENCRYPT is set, remove the encryption headers from
the TPKT header length on comparison.
This commit is contained in:
Armin Novak 2020-03-09 21:54:34 +01:00 committed by akallabeth
parent c5998791df
commit c7187928e9
7 changed files with 15 additions and 11 deletions

View File

@ -3862,7 +3862,7 @@ BOOL rdp_recv_get_active_header(rdpRdp* rdp, wStream* s, UINT16* pChannelId, UIN
if (securityFlags & SEC_ENCRYPT)
{
if (!rdp_decrypt(rdp, s, *length, securityFlags))
if (!rdp_decrypt(rdp, s, length, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return FALSE;

View File

@ -991,7 +991,7 @@ BOOL rdp_client_connect_auto_detect(rdpRdp* rdp, wStream* s)
if (securityFlags & SEC_ENCRYPT)
{
if (!rdp_decrypt(rdp, s, length, securityFlags))
if (!rdp_decrypt(rdp, s, &length, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return FALSE;

View File

@ -991,7 +991,7 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s)
if (securityFlags & SEC_ENCRYPT)
{
if (!rdp_decrypt(rdp, s, length, securityFlags))
if (!rdp_decrypt(rdp, s, &length, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return FALSE;

View File

@ -467,7 +467,7 @@ int license_recv(rdpLicense* license, wStream* s)
if (securityFlags & SEC_ENCRYPT)
{
if (!rdp_decrypt(license->rdp, s, length, securityFlags))
if (!rdp_decrypt(license->rdp, s, &length, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return -1;

View File

@ -371,7 +371,7 @@ static int peer_recv_tpkt_pdu(freerdp_peer* client, wStream* s)
if (securityFlags & SEC_ENCRYPT)
{
if (!rdp_decrypt(rdp, s, length, securityFlags))
if (!rdp_decrypt(rdp, s, &length, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return -1;
@ -446,7 +446,7 @@ static int peer_recv_fastpath_pdu(freerdp_peer* client, wStream* s)
if (fastpath->encryptionFlags & FASTPATH_OUTPUT_ENCRYPTED)
{
if (!rdp_decrypt(rdp, s, length,
if (!rdp_decrypt(rdp, s, &length,
(fastpath->encryptionFlags & FASTPATH_OUTPUT_SECURE_CHECKSUM)
? SEC_SECURE_CHECKSUM
: 0))

View File

@ -1141,15 +1141,17 @@ void rdp_read_flow_control_pdu(wStream* s, UINT16* type)
* @param length int
*/
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags)
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags)
{
BYTE cmac[8];
BYTE wmac[8];
BOOL status;
INT32 length;
if (!rdp || !s || (length < 0))
if (!rdp || !s || !pLength)
return FALSE;
length = *pLength;
if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
{
UINT16 len;
@ -1184,6 +1186,7 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags)
}
Stream_SetLength(s, Stream_Length(s) - pad);
*pLength = padLength;
return TRUE;
}
@ -1220,6 +1223,7 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags)
// return FALSE;
}
*pLength = length;
return TRUE;
}
@ -1290,7 +1294,7 @@ static int rdp_recv_tpkt_pdu(rdpRdp* rdp, wStream* s)
if (securityFlags & (SEC_ENCRYPT | SEC_REDIRECTION_PKT))
{
if (!rdp_decrypt(rdp, s, length, securityFlags))
if (!rdp_decrypt(rdp, s, &length, securityFlags))
{
WLog_ERR(TAG, "rdp_decrypt failed");
return -1;
@ -1435,7 +1439,7 @@ static int rdp_recv_fastpath_pdu(rdpRdp* rdp, wStream* s)
UINT16 flags =
(fastpath->encryptionFlags & FASTPATH_OUTPUT_SECURE_CHECKSUM) ? SEC_SECURE_CHECKSUM : 0;
if (!rdp_decrypt(rdp, s, length, flags))
if (!rdp_decrypt(rdp, s, &length, flags))
{
WLog_ERR(TAG, "rdp_recv_fastpath_pdu: rdp_decrypt() fail");
return -1;

View File

@ -233,7 +233,7 @@ extern const char* DATA_PDU_TYPE_STRINGS[80];
} while (0)
#endif
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags);
BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, UINT16* pLength, UINT16 securityFlags);
BOOL rdp_set_error_info(rdpRdp* rdp, UINT32 errorInfo);
BOOL rdp_send_error_info(rdpRdp* rdp);