libwinpr-sspi: fix SeqNo size

2024-11-27 11:54:44 +08:00 · 2012-06-29 08:55:03 -04:00 · 2012-06-29 08:55:03 -04:00 · 1ed7442db6
commit 1ed7442db6
parent a1355135c5
1 changed files with 8 additions and 4 deletions
--- a/winpr/sspi/NTLM/ntlm.c
+++ b/winpr/sspi/NTLM/ntlm.c
@ -500,6 +500,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	int index;
 	int length;
 	void* data;
+	UINT32 SeqNo;
 	HMAC_CTX hmac;
 	BYTE digest[16];
 	BYTE checksum[8];
@ -509,6 +510,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	PSecBuffer data_buffer = NULL;
 	PSecBuffer signature_buffer = NULL;

+	SeqNo = MessageSeqNo;
 	context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);

 	for (index = 0; index < (int) pMessage->cBuffers; index++)
@ -533,7 +535,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac, context->SendSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &(MessageSeqNo), 4);
+	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
 	HMAC_Update(&hmac, data, length);
 	HMAC_Final(&hmac, digest, NULL);
 	HMAC_CTX_cleanup(&hmac);
@ -565,7 +567,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
 	/* Concatenate version, ciphertext and sequence number to build signature */
 	CopyMemory(signature, (void*) &version, 4);
 	CopyMemory(&signature[4], (void*) checksum, 8);
-	CopyMemory(&signature[12], (void*) &(MessageSeqNo), 4);
+	CopyMemory(&signature[12], (void*) &(SeqNo), 4);
 	context->SendSeqNum++;

 #ifdef WITH_DEBUG_NTLM
@ -582,6 +584,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	int index;
 	int length;
 	void* data;
+	UINT32 SeqNo;
 	HMAC_CTX hmac;
 	BYTE digest[16];
 	BYTE checksum[8];
@ -591,6 +594,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	PSecBuffer data_buffer = NULL;
 	PSecBuffer signature_buffer = NULL;

+	SeqNo = (UINT32) MessageSeqNo;
 	context = sspi_SecureHandleGetLowerPointer(phContext);

 	for (index = 0; index < (int) pMessage->cBuffers; index++)
@ -622,7 +626,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
 	HMAC_CTX_init(&hmac);
 	HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac, (void*) &(MessageSeqNo), 4);
+	HMAC_Update(&hmac, (void*) &(SeqNo), 4);
 	HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
 	HMAC_Final(&hmac, digest, NULL);
 	HMAC_CTX_cleanup(&hmac);
@ -645,7 +649,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
 	/* Concatenate version, ciphertext and sequence number to build signature */
 	CopyMemory(expected_signature, (void*) &version, 4);
 	CopyMemory(&expected_signature[4], (void*) checksum, 8);
-	CopyMemory(&expected_signature[12], (void*) &(MessageSeqNo), 4);
+	CopyMemory(&expected_signature[12], (void*) &(SeqNo), 4);
 	context->RecvSeqNum++;

 	if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)