add some checking when trying to parse an NTLMv1 auth message as NTLMv1

2013-03-11 17:07:43 -04:00 · 2013-03-11 17:07:43 -04:00 · b6450042ef
commit b6450042ef
parent 7d7e8661ae
3 changed files with 29 additions and 6 deletions
--- a/src/ntlm/messages/authenticate.go
+++ b/src/ntlm/messages/authenticate.go
@ -84,9 +84,13 @@ func ParseAuthenticateMessage(body []byte, ntlmVersion int) (*Authenticate, erro

 	// Check to see if this is a v1 or v2 response
 	if ntlmVersion == 2 {
-		am.NtlmV2Response = ReadNtlmV2Response(am.NtChallengeResponseFields.Payload)
+		am.NtlmV2Response, err = ReadNtlmV2Response(am.NtChallengeResponseFields.Payload)
 	} else {
-		am.NtlmV1Response = ReadNtlmV1Response(am.NtChallengeResponseFields.Payload)
+		am.NtlmV1Response, err = ReadNtlmV1Response(am.NtChallengeResponseFields.Payload)
+	}
+
+	if err != nil {
+		return nil, err
 	}

 	am.DomainName, err = ReadStringPayload(28, body)
--- a/src/ntlm/messages/authenticate_test.go
+++ b/src/ntlm/messages/authenticate_test.go
@ -13,6 +13,19 @@ func checkPayloadStruct(t *testing.T, payloadStruct *PayloadStruct, len uint16,
 	}
 }

+func TestParseNTLMv1AsV2(t *testing.T) {
+	ntlmv1data := "TlRMTVNTUAADAAAAGAAYALYAAAAYABgAzgAAADQANABIAAAAIAAgAHwAAAAaABoAnAAAABAAEADmAAAAVYKQQgUCzg4AAAAPYQByAHIAYQB5ADEAMgAuAG0AcwBnAHQAcwB0AC4AcgBlAHUAdABlAHIAcwAuAGMAbwBtAHUAcwBlAHIAcwB0AHIAZQBzAHMAMQAwADAAMAAwADgATgBZAEMAVgBBADEAMgBTADIAQwBNAFMAQQDguXWdC2hLH+C5dZ0LaEsf4Ll1nQtoSx9nI+fkE73qtElnkDiSQbxfcDN9zbtO1qfyK3ZTI6CUhvjxmXnpZEjY"
+	authBytes, err := base64.StdEncoding.DecodeString(ntlmv1data)
+	_, err = ParseAuthenticateMessage(authBytes, 2)
+	if err == nil {
+		t.Error("Should have returned error when tring to parse an NTLMv1 authenticate message as NTLMv2")
+	}
+	_, err = ParseAuthenticateMessage(authBytes, 1)
+	if err != nil {
+		t.Error("Should not have returned error when tring to parse an NTLMv1 authenticate message")
+	}
+}
+
 func TestAuthenticateNtlmV1(t *testing.T) {
 	authenticateMessage := "TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAAAAAAABYAAAAIAAgAFgAAAAQABAAeAAAABAAEAC4AAAAVYKQYgYBsR0AAAAP2BgW++b14Dh6Z5B4Xs1DiHAAYQB1AGwAQABwAGEAdQBsAGQAaQB4AC4AbgBlAHQAVwBJAE4ANwBfAEkARQA4ACugxZFzvHB4P6LdKbbZpiYHo2ErZURLiSugxZFzvHB4P6LdKbbZpiYHo2ErZURLibmpCUlnbq2I4LAdEhLdg7I="
 	authenticateData, err := base64.StdEncoding.DecodeString(authenticateMessage)
--- a/src/ntlm/messages/challenge_responses.go
+++ b/src/ntlm/messages/challenge_responses.go
@ -3,6 +3,7 @@ package messages
 import (
 	"bytes"
 	"encoding/hex"
+	"errors"
 	"fmt"
 )

@ -17,10 +18,10 @@ func (n *NtlmV1Response) String() string {
 	return fmt.Sprintf("NtlmV1Response: %s", hex.EncodeToString(n.Response))
 }

-func ReadNtlmV1Response(bytes []byte) *NtlmV1Response {
+func ReadNtlmV1Response(bytes []byte) (*NtlmV1Response, error) {
 	r := new(NtlmV1Response)
 	r.Response = bytes[0:24]
-	return r
+	return r, nil
 }

 // *** NTLMv2
@ -80,13 +81,18 @@ func (n *NtlmV2Response) String() string {
 	return buffer.String()
 }

-func ReadNtlmV2Response(bytes []byte) *NtlmV2Response {
+func ReadNtlmV2Response(bytes []byte) (*NtlmV2Response, error) {
 	r := new(NtlmV2Response)
 	r.Response = bytes[0:16]
 	r.NtlmV2ClientChallenge = new(NtlmV2ClientChallenge)
 	c := r.NtlmV2ClientChallenge
 	c.RespType = bytes[16]
 	c.HiRespType = bytes[17]
+
+	if c.RespType != 1 || c.HiRespType != 1 {
+		return nil, errors.New("Does not contain a valid NTLM v2 client challenge - could be NTLMv1.")
+	}
+
 	// Ignoring - 2 bytes reserved
 	// c.Reserved1
 	// Ignoring - 4 bytes reserved
@ -96,7 +102,7 @@ func ReadNtlmV2Response(bytes []byte) *NtlmV2Response {
 	// Ignoring - 4 bytes reserved
 	// c.Reserved3
 	c.AvPairs = ReadAvPairs(bytes[44:])
-	return r
+	return r, nil
 }

 // LMv1