From: Mariusz Zaborski <oshogbo@FreeBSD.org>
Date: Tue, 17 Apr 2018 13:03:27 +0000 (+0200)
Subject: Remove MessageIntegrityCheck from context.
X-Git-Tag: 2.0.0-rc3~65^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=509afe252d20dab3a30bcbfba605f3664161257f;p=platform%2Fupstream%2Ffreerdp.git

Remove MessageIntegrityCheck from context.
---

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm.h b/winpr/libwinpr/sspi/NTLM/ntlm.h
index f12d9d5..d4c2404 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm.h
@@ -250,6 +250,7 @@ struct _NTLM_CONTEXT
 	NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
 	NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
 	NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
+	UINT32 MessageIntegrityCheckOffset;
 	SecBuffer NegotiateMessage;
 	SecBuffer ChallengeMessage;
 	SecBuffer AuthenticateMessage;
@@ -272,8 +273,6 @@ struct _NTLM_CONTEXT
 	BYTE ClientSealingKey[16];
 	BYTE ServerSigningKey[16];
 	BYTE ServerSealingKey[16];
-	BYTE MessageIntegrityCheck[16];
-	UINT32 MessageIntegrityCheckOffset;
 	psPeerComputeNtlmHash HashCallback;
 	void* HashCallbackArg;
 };
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
index 4e046b3..018b0ad 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@@ -21,6 +21,8 @@
 #include "config.h"
 #endif
 
+#include <assert.h>
+
 #include "ntlm.h"
 #include "../sspi.h"
 
@@ -721,7 +723,7 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context)
 	}
 }
 
-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size)
 {
 	/*
 	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
@@ -729,6 +731,8 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
 	 */
 	WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
 
+	assert(size >= WINPR_MD5_DIGEST_LENGTH);
+
 	if (!hmac)
 		return;
 
@@ -740,7 +744,7 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context)
 		                  context->ChallengeMessage.cbBuffer);
 		winpr_HMAC_Update(hmac, (BYTE*) context->AuthenticateMessage.pvBuffer,
 		                  context->AuthenticateMessage.cbBuffer);
-		winpr_HMAC_Final(hmac, context->MessageIntegrityCheck, WINPR_MD5_DIGEST_LENGTH);
+		winpr_HMAC_Final(hmac, mic, WINPR_MD5_DIGEST_LENGTH);
 	}
 
 	winpr_HMAC_Free(hmac);
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.h b/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
index ba99c81..df06e37 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.h
@@ -57,6 +57,6 @@ void ntlm_generate_client_sealing_key(NTLM_CONTEXT* context);
 void ntlm_generate_server_sealing_key(NTLM_CONTEXT* context);
 void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context);
 
-void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context);
+void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context, BYTE *mic, UINT32 size);
 
 #endif /* WINPR_AUTH_NTLM_COMPUTE_H */
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_message.c b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
index b5d7fe3..23f77de 100644
--- a/winpr/libwinpr/sspi/NTLM/ntlm_message.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_message.c
@@ -917,9 +917,9 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
 	if (context->UseMIC)
 	{
 		/* Message Integrity Check */
-		ntlm_compute_message_integrity_check(context);
+		ntlm_compute_message_integrity_check(context, message->MessageIntegrityCheck, 16);
 		Stream_SetPosition(s, context->MessageIntegrityCheckOffset);
-		Stream_Write(s, context->MessageIntegrityCheck, 16);
+		Stream_Write(s, message->MessageIntegrityCheck, 16);
 		Stream_SetPosition(s, length);
 	}
 
@@ -947,7 +947,7 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
 	if (context->UseMIC)
 	{
 		WLog_DBG(TAG, "MessageIntegrityCheck (length = 16)");
-		winpr_HexDump(TAG, WLOG_DEBUG, context->MessageIntegrityCheck, 16);
+		winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16);
 	}
 
 #endif
@@ -961,6 +961,7 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
 	UINT32 flags = 0;
 	NTLM_AV_PAIR* AvFlags = NULL;
 	NTLM_AUTHENTICATE_MESSAGE* message;
+	BYTE messageIntegrityCheck[16];
 
 	if (context->state != NTLM_STATE_COMPLETION)
 		return SEC_E_OUT_OF_SEQUENCE;
@@ -988,15 +989,15 @@ SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
 	{
 		ZeroMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
 		           16);
-		ntlm_compute_message_integrity_check(context);
+		ntlm_compute_message_integrity_check(context, &messageIntegrityCheck, sizeof(messageIntegrityCheck));
 		CopyMemory(&((PBYTE) context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
 		           message->MessageIntegrityCheck, 16);
 
-		if (memcmp(context->MessageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
+		if (memcmp(messageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
 		{
 			WLog_ERR(TAG, "Message Integrity Check (MIC) verification failed!");
 			WLog_ERR(TAG, "Expected MIC:");
-			winpr_HexDump(TAG, WLOG_ERROR, context->MessageIntegrityCheck, 16);
+			winpr_HexDump(TAG, WLOG_ERROR, messageIntegrityCheck, 16);
 			WLog_ERR(TAG, "Actual MIC:");
 			winpr_HexDump(TAG, WLOG_ERROR, message->MessageIntegrityCheck, 16);
 			return SEC_E_MESSAGE_ALTERED;