lgcosta/go-ntlm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add some basic ntlm challenge validation (#2)

Browse Source 
* add some basic ntlm challenge validation

* add some unit tests
This commit is contained in:
Vadim 2021-05-03 21:48:19 -04:00 committed by GitHub
parent ec337d51d2
commit ad847b4c56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ntlm/message_challenge.go
View File

@ -1,4 +1,4 @@
//Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information // Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information
package ntlm package ntlm
@ -54,6 +54,10 @@ type ChallengeMessage struct {
} }
func ParseChallengeMessage(body []byte) (*ChallengeMessage, error) { func ParseChallengeMessage(body []byte) (*ChallengeMessage, error) {
if len(body) < 32 {
return nil, errors.New("invalid NTLM challenge")
}
challenge := new(ChallengeMessage) challenge := new(ChallengeMessage)
challenge.Signature = body[0:8] challenge.Signature = body[0:8]
@ -79,6 +83,10 @@ func ParseChallengeMessage(body []byte) (*ChallengeMessage, error) {
offset := 32 offset := 32
if NTLMSSP_NEGOTIATE_TARGET_INFO.IsSet(challenge.NegotiateFlags) { if NTLMSSP_NEGOTIATE_TARGET_INFO.IsSet(challenge.NegotiateFlags) {
if len(body) < 48 {
return nil, errors.New("invalid NTLMSSP_NEGOTIATE_TARGET_INFO")
}
challenge.Reserved = body[32:40] challenge.Reserved = body[32:40]
challenge.TargetInfoPayloadStruct, err = ReadBytePayload(40, body) challenge.TargetInfoPayloadStruct, err = ReadBytePayload(40, body)

24
ntlm/message_challenge_test.go
View File

@ -1,4 +1,4 @@
//Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information // Copyright 2013 Thomson Reuters Global Resources. BSD License please see License file for more information
package ntlm package ntlm
@ -13,7 +13,6 @@ import (
func TestDecodeChallenge(t *testing.T) { func TestDecodeChallenge(t *testing.T) {
challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAADzgpjiuaopAbx9ejQAAAAAAAAAAKIAogA4AAAABQLODgAAAA8CAA4AUgBFAFUAVABFAFIAUwABABwAVQBLAEIAUAAtAEMAQgBUAFIATQBGAEUAMAA2AAQAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAwA0AHUAawBiAHAALQBjAGIAdAByAG0AZgBlADAANgAuAFIAZQB1AHQAZQByAHMALgBuAGUAdAAFABYAUgBlAHUAdABlAHIAcwAuAG4AZQB0AAAAAAA=" challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAADzgpjiuaopAbx9ejQAAAAAAAAAAKIAogA4AAAABQLODgAAAA8CAA4AUgBFAFUAVABFAFIAUwABABwAVQBLAEIAUAAtAEMAQgBUAFIATQBGAEUAMAA2AAQAFgBSAGUAdQB0AGUAcgBzAC4AbgBlAHQAAwA0AHUAawBiAHAALQBjAGIAdAByAG0AZgBlADAANgAuAFIAZQB1AHQAZQByAHMALgBuAGUAdAAFABYAUgBlAHUAdABlAHIAcwAuAG4AZQB0AAAAAAA="
challengeData, err := base64.StdEncoding.DecodeString(challengeMessage) challengeData, err := base64.StdEncoding.DecodeString(challengeMessage)
if err != nil { if err != nil {
t.Error("Could not base64 decode message data") t.Error("Could not base64 decode message data")
} }
@ -63,3 +62,24 @@ func TestDecodeChallenge(t *testing.T) {
t.Error("Invalid challenge messsage bytes") t.Error("Invalid challenge messsage bytes")
} }
} }
func TestParseChallengeEmptyMessage(t *testing.T) {
_, err := ParseChallengeMessage(nil)
if err == nil {
t.Error("expected error, got nil")
}
}
func TestParseChallengeInvalidNegotiateTargetInfo(t *testing.T) {
challengeMessage := "TlRMTVNTUAACAAAAAAAAADgAAADzgpjiuaopAbx9ejQA"
challengeData, err := base64.StdEncoding.DecodeString(challengeMessage)
if err != nil {
t.Error("Could not base64 decode message data")
}
_, err = ParseChallengeMessage(challengeData)
if err == nil {
t.Error("expected error, got nil")
}
}