From 25d31015255cf1b80dae76a3654ba0d62c4d71d5 Mon Sep 17 00:00:00 2001

From: Ondrej Holy <oholy@redhat.com>

Date: Wed, 27 Sep 2017 15:56:35 +0200

Subject: [PATCH 1/2] Fix NTLM on big endian

Based on fixes from master:

https://github.com/FreeRDP/FreeRDP/pull/3284

---

 libfreerdp-core/ntlmssp.c | 39 +++++++++++++++++++++++++++++----------

 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/libfreerdp-core/ntlmssp.c b/libfreerdp-core/ntlmssp.c

index 84ad319c3..8f69878cf 100644

--- a/libfreerdp-core/ntlmssp.c

+++ b/libfreerdp-core/ntlmssp.c

@@ -126,6 +126,13 @@ static const char* const AV_PAIRS_STRINGS[] =

 	"MsvChannelBindings"

 };

+#define Data_Write_UINT32(_d, _v) do { \

+       *((uint8*) _d) = (_v) & 0xFF; \

+       *((uint8*) _d + 1) = ((_v) >> 8) & 0xFF; \

+       *((uint8*) _d + 2) = ((_v) >> 16) & 0xFF; \

+       *((uint8*) _d + 3) = ((_v) >> 24) & 0xFF; \

+} while (0)

+

 /**

  * Set NTLMSSP username.

  * @param ntlmssp

@@ -138,7 +145,9 @@ void ntlmssp_set_username(NTLMSSP* ntlmssp, char* username)

 	if (username != NULL)

 	{

-		ntlmssp->username.data = freerdp_uniconv_out(ntlmssp->uniconv, username, (size_t*) &(ntlmssp->username.length));

+		size_t length;

+		ntlmssp->username.data = freerdp_uniconv_out(ntlmssp->uniconv, username, &length);

+		ntlmssp->username.length = length;

 	}

 }

@@ -154,7 +163,9 @@ void ntlmssp_set_domain(NTLMSSP* ntlmssp, char* domain)

 	if (domain != NULL)

 	{

-		ntlmssp->domain.data = freerdp_uniconv_out(ntlmssp->uniconv, domain, (size_t*) &(ntlmssp->domain.length));

+		size_t length;

+		ntlmssp->domain.data = freerdp_uniconv_out(ntlmssp->uniconv, domain, &length);

+		ntlmssp->domain.length = length;

 	}

 }

@@ -170,7 +181,9 @@ void ntlmssp_set_password(NTLMSSP* ntlmssp, char* password)

 	if (password != NULL)

 	{

-		ntlmssp->password.data = freerdp_uniconv_out(ntlmssp->uniconv, password, (size_t*) &(ntlmssp->password.length));

+		size_t length;

+		ntlmssp->password.data = freerdp_uniconv_out(ntlmssp->uniconv, password, &length);

+		ntlmssp->password.length = length;

 	}

 }

@@ -186,7 +199,9 @@ void ntlmssp_set_workstation(NTLMSSP* ntlmssp, char* workstation)

 	if (workstation != NULL)

 	{

-		ntlmssp->workstation.data = freerdp_uniconv_out(ntlmssp->uniconv, workstation, (size_t*) &(ntlmssp->workstation.length));

+		size_t length;

+		ntlmssp->workstation.data = freerdp_uniconv_out(ntlmssp->uniconv, workstation, &length);

+		ntlmssp->workstation.length = length;

 	}

 }

@@ -1185,11 +1200,13 @@ void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_

 	uint8 digest[16];

 	uint8 checksum[8];

 	uint32 version = 1;

+	uint32 value;

 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */

 	HMAC_CTX_init(&hmac_ctx);

 	HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);

-	HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);

+	Data_Write_UINT32(&value, ntlmssp->send_seq_num);

+	HMAC_Update(&hmac_ctx, (void*) &value, 4);

 	HMAC_Update(&hmac_ctx, msg->data, msg->length);

 	HMAC_Final(&hmac_ctx, digest, NULL);

@@ -1203,9 +1220,9 @@ void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_

 	crypto_rc4(ntlmssp->send_rc4_seal, 8, digest, checksum);

 	/* Concatenate version, ciphertext and sequence number to build signature */

-	memcpy(signature, (void*) &version, 4);

+	Data_Write_UINT32(signature, version);

 	memcpy(&signature[4], (void*) checksum, 8);

-	memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4);

+	Data_Write_UINT32(&signature[12], ntlmssp->send_seq_num);

 	HMAC_CTX_cleanup(&hmac_ctx);

@@ -1230,6 +1247,7 @@ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* m

 	uint8 checksum[8];

 	uint32 version = 1;

 	uint8 expected_signature[16];

+	uint32 value;

 	/* Allocate space for encrypted message */

 	freerdp_blob_alloc(msg, encrypted_msg->length);

@@ -1240,7 +1258,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* m

 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */

 	HMAC_CTX_init(&hmac_ctx);

 	HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);

-	HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);

+	Data_Write_UINT32(&value, ntlmssp->recv_seq_num);

+	HMAC_Update(&hmac_ctx, (void*) &value, 4);

 	HMAC_Update(&hmac_ctx, msg->data, msg->length);

 	HMAC_Final(&hmac_ctx, digest, NULL);

@@ -1248,9 +1267,9 @@ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* m

 	crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum);

 	/* Concatenate version, ciphertext and sequence number to build signature */

-	memcpy(expected_signature, (void*) &version, 4);

+	Data_Write_UINT32(expected_signature, version);

 	memcpy(&expected_signature[4], (void*) checksum, 8);

-	memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4);

+	Data_Write_UINT32(&expected_signature[12], ntlmssp->recv_seq_num);

 	if (memcmp(signature, expected_signature, 16) != 0)

 	{

-- 

2.14.2