From a8ddaa77ffa681a1240847994f79e2a2899aaee5 Mon Sep 17 00:00:00 2001 From: speyrefitte Date: Thu, 5 Feb 2015 16:06:06 +0100 Subject: [PATCH] fix issue 14 on xp sp3 + server side effect for honeypot --- rdpy/core/type.py | 4 ++-- rdpy/protocol/rdp/lic.py | 28 ++++++++++++++-------------- rdpy/protocol/rdp/pdu/data.py | 7 +++++-- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/rdpy/core/type.py b/rdpy/core/type.py index 9e2ea9f..deff9e1 100644 --- a/rdpy/core/type.py +++ b/rdpy/core/type.py @@ -257,7 +257,7 @@ class SimpleType(Type, CallableValue): @raise InvalidSize: if there is not enough data in stream """ if s.dataLen() < self._typeSize: - raise InvalidSize("Stream is too small to read expected Simple") + raise InvalidSize("Stream is too small to read expected SimpleType") self.value = struct.unpack(self._structFormat, s.read(self._typeSize))[0] def mask(self): @@ -498,7 +498,7 @@ class CompositeType(Type): @summary: Call sizeof on each sub type @return: sum of sizeof of each Type attributes """ - if not self._readLen is None: + if self._is_readed and not self._readLen is None: return self._readLen.value size = 0 diff --git a/rdpy/protocol/rdp/lic.py b/rdpy/protocol/rdp/lic.py index 44aac63..7d6e70f 100644 --- a/rdpy/protocol/rdp/lic.py +++ b/rdpy/protocol/rdp/lic.py @@ -97,8 +97,8 @@ class LicenseBinaryBlob(CompositeType): @summary: Blob use by license manager to exchange security data @see: http://msdn.microsoft.com/en-us/library/cc240481.aspx """ - def __init__(self, blobType = BinaryBlobType.BB_ANY_BLOB): - CompositeType.__init__(self) + def __init__(self, blobType = BinaryBlobType.BB_ANY_BLOB, optional = False): + CompositeType.__init__(self, optional = optional) self.wBlobType = UInt16Le(blobType, constant = True if blobType != BinaryBlobType.BB_ANY_BLOB else False) self.wBlobLen = UInt16Le(lambda:sizeof(self.blobData)) self.blobData = String(readLen = self.wBlobLen) @@ -110,11 +110,11 @@ class LicensingErrorMessage(CompositeType): """ _MESSAGE_TYPE_ = MessageType.ERROR_ALERT - def __init__(self): - CompositeType.__init__(self) + def __init__(self, readLen = None): + CompositeType.__init__(self, readLen = readLen) self.dwErrorCode = UInt32Le() self.dwStateTransition = UInt32Le() - self.blob = LicenseBinaryBlob(BinaryBlobType.BB_ERROR_BLOB) + self.blob = LicenseBinaryBlob(BinaryBlobType.BB_ANY_BLOB) class ProductInformation(CompositeType): """ @@ -159,8 +159,8 @@ class ServerLicenseRequest(CompositeType): """ _MESSAGE_TYPE_ = MessageType.LICENSE_REQUEST - def __init__(self): - CompositeType.__init__(self) + def __init__(self, readLen = None): + CompositeType.__init__(self, readLen = readLen) self.serverRandom = String("\x00" * 32, readLen = UInt8(32)) self.productInfo = ProductInformation() self.keyExchangeList = LicenseBinaryBlob(BinaryBlobType.BB_KEY_EXCHG_ALG_BLOB) @@ -175,8 +175,8 @@ class ClientNewLicenseRequest(CompositeType): """ _MESSAGE_TYPE_ = MessageType.NEW_LICENSE_REQUEST - def __init__(self): - CompositeType.__init__(self) + def __init__(self, readLen = None): + CompositeType.__init__(self, readLen = readLen) #RSA and must be only RSA self.preferredKeyExchangeAlg = UInt32Le(0x00000001, constant = True) #pure microsoft client ;-) @@ -194,8 +194,8 @@ class ServerPlatformChallenge(CompositeType): """ _MESSAGE_TYPE_ = MessageType.PLATFORM_CHALLENGE - def __init__(self): - CompositeType.__init__(self) + def __init__(self, readLen = None): + CompositeType.__init__(self, readLen = readLen) self.connectFlags = UInt32Le() self.encryptedPlatformChallenge = LicenseBinaryBlob(BinaryBlobType.BB_ANY_BLOB) self.MACData = String(readLen = UInt8(16)) @@ -207,8 +207,8 @@ class ClientPLatformChallengeResponse(CompositeType): """ _MESSAGE_TYPE_ = MessageType.PLATFORM_CHALLENGE_RESPONSE - def __init__(self): - CompositeType.__init__(self) + def __init__(self, readLen = None): + CompositeType.__init__(self, readLen = readLen) self.encryptedPlatformChallengeResponse = LicenseBinaryBlob(BinaryBlobType.BB_DATA_BLOB) self.encryptedHWID = LicenseBinaryBlob(BinaryBlobType.BB_DATA_BLOB) self.MACData = String(readLen = UInt8(16)) @@ -231,7 +231,7 @@ class LicPacket(CompositeType): """ for c in [LicensingErrorMessage, ServerLicenseRequest, ClientNewLicenseRequest, ServerPlatformChallenge, ClientPLatformChallengeResponse]: if self.bMsgtype.value == c._MESSAGE_TYPE_: - return c() + return c(readLen = self.wMsgSize - 4) log.debug("unknown license message : %s"%self.bMsgtype.value) return String() diff --git a/rdpy/protocol/rdp/pdu/data.py b/rdpy/protocol/rdp/pdu/data.py index 885941d..81765c9 100644 --- a/rdpy/protocol/rdp/pdu/data.py +++ b/rdpy/protocol/rdp/pdu/data.py @@ -429,7 +429,8 @@ class ShareControlHeader(CompositeType): #share control header self.totalLength = UInt16Le(totalLength) self.pduType = UInt16Le(pduType) - self.PDUSource = UInt16Le(userId) + #for xp sp3 and deactiveallpdu PDUSource may not be present + self.PDUSource = UInt16Le(userId, optional = True) class ShareDataHeader(CompositeType): """ @@ -519,7 +520,9 @@ class DeactiveAllPDU(CompositeType): _PDUTYPE_ = PDUType.PDUTYPE_DEACTIVATEALLPDU def __init__(self): - CompositeType.__init__(self) + #in old version this packet is empty i don't know + #and not specified + CompositeType.__init__(self, optional = True) self.shareId = UInt32Le() self.lengthSourceDescriptor = UInt16Le(lambda:sizeof(self.sourceDescriptor)) self.sourceDescriptor = String("rdpy", readLen = self.lengthSourceDescriptor)