diff options
author | Simo Sorce <simo@redhat.com> | 2014-08-07 10:24:38 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-08-07 10:58:55 -0400 |
commit | 1f495acc0b3ff4e5a18e86153d848c5fc68b8718 (patch) | |
tree | 69b94587736caa0c4c6bccf0cbca5777f76a5430 | |
parent | 9183a98c62ca9669937b6e4c61ed58c81b4eead6 (diff) | |
download | gss-ntlmssp-1f495acc0b3ff4e5a18e86153d848c5fc68b8718.tar.gz gss-ntlmssp-1f495acc0b3ff4e5a18e86153d848c5fc68b8718.tar.xz gss-ntlmssp-1f495acc0b3ff4e5a18e86153d848c5fc68b8718.zip |
Fix order of signature vs payload
The code was dead wrong and putting the cart before the horses.
The correct framing is to put the signature first an then the encrypted
payload. we were doing the opposite ... how embarrassing.
A milliong thanks to David Woodhouse for his persistence in testing and
assisting in finding out the issue.
-rw-r--r-- | src/gss_signseal.c | 12 | ||||
-rw-r--r-- | src/ntlm_crypto.c | 6 |
2 files changed, 7 insertions, 11 deletions
diff --git a/src/gss_signseal.c b/src/gss_signseal.c index 7a7a673..aaf8218 100644 --- a/src/gss_signseal.c +++ b/src/gss_signseal.c @@ -160,10 +160,10 @@ uint32_t gssntlm_wrap(uint32_t *minor_status, message.data = input_message_buffer->value; message.length = input_message_buffer->length; - output.data = output_message_buffer->value; - output.length = input_message_buffer->length; - signature.data = &output.data[input_message_buffer->length]; + signature.data = output_message_buffer->value; signature.length = NTLM_SIGNATURE_SIZE; + output.data = (uint8_t *)output_message_buffer->value + NTLM_SIGNATURE_SIZE; + output.length = input_message_buffer->length; retmin = ntlm_seal(ctx->neg_flags, &ctx->crypto_state, &message, &output, &signature); if (retmin) { @@ -214,8 +214,8 @@ uint32_t gssntlm_unwrap(uint32_t *minor_status, return GSS_S_FAILURE; } - message.data = input_message_buffer->value; - message.length = input_message_buffer->length; + message.data = (uint8_t *)input_message_buffer->value + NTLM_SIGNATURE_SIZE; + message.length = input_message_buffer->length - NTLM_SIGNATURE_SIZE; output.data = output_message_buffer->value; output.length = output_message_buffer->length; retmin = ntlm_unseal(ctx->neg_flags, &ctx->crypto_state, @@ -226,7 +226,7 @@ uint32_t gssntlm_unwrap(uint32_t *minor_status, return GSS_S_FAILURE; } - if (memcmp(&message.data[output.length], + if (memcmp(input_message_buffer->value, signature.data, NTLM_SIGNATURE_SIZE) != 0) { safefree(output_message_buffer->value); return GSS_S_BAD_SIG; diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index 00ae561..0b72084 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -822,7 +822,6 @@ int ntlm_unseal(uint32_t flags, struct ntlm_buffer *signature) { struct ntlm_signseal_handle *h; - struct ntlm_buffer msg_buffer; int ret; if (!(flags & NTLMSSP_NEGOTIATE_SEAL)) { @@ -835,10 +834,7 @@ int ntlm_unseal(uint32_t flags, h = &state->recv; } - msg_buffer = *message; - msg_buffer.length -= NTLM_SIGNATURE_SIZE; - - ret = RC4_UPDATE(h->seal_handle, &msg_buffer, output); + ret = RC4_UPDATE(h->seal_handle, message, output); if (ret) return ret; if (state->ext_sec) { |