Add a buffer reader/writer for NTLM.

net/http/ntlm_buffer_reader.cc

Index: net/http/ntlm_buffer_reader.cc
diff --git a/net/http/ntlm_buffer_reader.cc b/net/http/ntlm_buffer_reader.cc
new file mode 100644
index 0000000000000000000000000000000000000000..b37664e5ea0e4b87c58215e68387eda630fca613
--- /dev/null
+++ b/net/http/ntlm_buffer_reader.cc
@@ -0,0 +1,285 @@
+// Copyright (c) 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/http/ntlm_buffer_reader.h"
+
+#include <string.h>
+
+#include "base/logging.h"
+
+namespace net {
+
+#if defined(ARCH_CPU_LITTLE_ENDIAN)
+#define IS_LITTLE_ENDIAN 1
+#undef IS_BIG_ENDIAN
+#elif defined(ARCH_CPU_BIG_ENDIAN)
+#define IS_BIG_ENDIAN 1
+#undef IS_LITTLE_ENDIAN
+#else
+#error "Unknown endianness"
+#endif
+
+NtlmBufferReader::NtlmBufferReader(const base::StringPiece buffer)
+    : buffer_(buffer), cursor_(0) {
+  DCHECK(buffer.data() != nullptr);
+}
+
+NtlmBufferReader::NtlmBufferReader(const uint8_t* ptr, size_t len)
+    : NtlmBufferReader(
+          base::StringPiece(reinterpret_cast<const char*>(ptr), len)) {}
+
+NtlmBufferReader::~NtlmBufferReader() {}
+
+bool NtlmBufferReader::CanRead(size_t len) const {
+  return CanReadFrom(cursor_, len);
+}
+
+bool NtlmBufferReader::CanReadFrom(size_t offset, size_t len) const {
+  if (len == 0)
+    return true;
+
+  return (offset + len > offset) && (offset + len <= GetLength());
+}
+
+bool NtlmBufferReader::SetCursor(size_t cursor) {
+  if (cursor > GetLength())
+    return false;
+
+  cursor_ = cursor;
+  return true;
+}
+
+bool NtlmBufferReader::ReadUInt16(uint16_t* value) {
+  return ReadUInt<uint16_t>(value);
+}
+
+bool NtlmBufferReader::ReadUInt32(uint32_t* value) {
+  return ReadUInt<uint32_t>(value);
+}
+
+bool NtlmBufferReader::ReadUInt64(uint64_t* value) {
+  return ReadUInt<uint64_t>(value);
+}
+
+template <typename T>
+bool NtlmBufferReader::ReadUInt(T* value) {
+  size_t int_size = sizeof(T);
+  if (!CanRead(int_size))
+    return false;
+
+  *value = 0;
+  for (size_t i = 0; i < int_size; i++) {
+    *value += static_cast<T>(GetByteAtCursor()) << (i * 8);
+    cursor_++;
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::ReadBytes(uint8_t* buffer, size_t len) {
+  if (!CanRead(len))
+    return false;
+
+  memcpy(reinterpret_cast<void*>(buffer),
+         reinterpret_cast<const void*>(GetBufferAtCursor()), len);
+
+  cursor_ += len;
+  return true;
+}
+
+bool NtlmBufferReader::ReadSecurityBuffer(uint16_t* length, uint32_t* offset) {
+  if (!CanRead(NtlmMessage::SECURITY_BUFFER_LEN))
+    return false;
+
+  uint16_t ignored;
+
+  if (ReadUInt16(length) && ReadUInt16(&ignored) && ReadUInt32(offset))
+    return true;
+
+  NOTREACHED();
+  return false;
+}
+
+bool NtlmBufferReader::ReadAsciiString(std::string* value, size_t num_bytes) {
+  if (!CanRead(num_bytes))
+    return false;
+
+  value->assign(reinterpret_cast<const char*>(GetBufferAtCursor()), num_bytes);
+  cursor_ += num_bytes;
+  return true;
+}
+
+bool NtlmBufferReader::ReadUnicodeString(base::string16* value,
+                                         size_t num_bytes) {
+  if (!CanRead(num_bytes) || (num_bytes % 2 != 0))
+    return false;
+
+  value->assign(reinterpret_cast<const base::char16*>(GetBufferAtCursor()),
+                num_bytes / 2);
+#if IS_BIG_ENDIAN

[Ryan Sleevi, 2017/05/30 19:02:22]

Is this right? That you swap the string based on the client encoding?

[zentaro, 2017/06/05 17:28:44]

I think so. I added a comment. Do we ever run unit tests on anything big endian?

+  uint8_t* ptr = reinterpret_cast<uint8_t*>(value->c_str());
+  for (int i = 0; i < num_bytes; i += 2) {
+    std::swap(ptr[i], ptr[i + 1]);
+  }
+#endif
+  cursor_ += num_bytes;
+  return true;
+}
+
+bool NtlmBufferReader::ReadUnicodePayload(base::string16* value) {
+  uint16_t length;
+  uint32_t offset;
+  // First read the security buffer.
+  if (!ReadSecurityBuffer(&length, &offset))
+    return false;
+
+  if (!CanReadFrom(offset, length)) {
+    cursor_ -= NtlmMessage::SECURITY_BUFFER_LEN;
+    return false;
+  }
+
+  size_t old_cursor = GetCursor();
+  DCHECK(SetCursor(offset));
+  DCHECK(ReadUnicodeString(value, length));
+  DCHECK(SetCursor(old_cursor));

[Ryan Sleevi, 2017/05/30 19:02:22]

Anything inside a DCHECK() can be optimized out - so it looks like 'nothing'
will be read in a non-DCHECK version.

The same applies throughout the rest of the file. Should they all be replaced
with

"return SetCursor(offset) && ReadUnicodeString(value, length) &&
SetCursor(old_cursor)" (or equivalent)

[zentaro, 2017/06/05 17:28:44]

Oops. Done.

+  return true;
+}
+
+bool NtlmBufferReader::ReadBytesPayload(uint8_t* buffer, size_t buffer_len) {
+  uint16_t length;
+  uint32_t offset;
+  // First read the security buffer.
+  if (!ReadSecurityBuffer(&length, &offset))
+    return false;
+
+  if (!CanReadFrom(offset, length) || length > buffer_len) {
+    cursor_ -= NtlmMessage::SECURITY_BUFFER_LEN;
+    return false;
+  }
+
+  size_t old_cursor = GetCursor();
+  DCHECK(SetCursor(offset));
+  DCHECK(ReadBytes(buffer, length));
+  DCHECK(SetCursor(old_cursor));
+  return true;
+}
+
+bool NtlmBufferReader::ReadAsciiPayload(std::string* value) {
+  uint16_t length;
+  uint32_t offset;
+  // First read the security buffer.
+  if (!ReadSecurityBuffer(&length, &offset))
+    return false;
+
+  if (!CanReadFrom(offset, length)) {
+    cursor_ -= NtlmMessage::SECURITY_BUFFER_LEN;
+    return false;
+  }
+
+  size_t old_cursor = GetCursor();
+  DCHECK(SetCursor(offset));
+  DCHECK(ReadAsciiString(value, length));
+  DCHECK(SetCursor(old_cursor));
+  return true;
+}
+
+bool NtlmBufferReader::ReadMessageType(NtlmMessage::MessageType* message_type) {
+  uint32_t temp;
+  if (!ReadUInt32(&temp))
+    return false;
+
+  if (temp != NtlmMessage::MESSAGE_NEGOTIATE &&
+      temp != NtlmMessage::MESSAGE_CHALLENGE &&
+      temp != NtlmMessage::MESSAGE_AUTHENTICATE) {
+    cursor_ -= sizeof(uint32_t);
+    return false;
+  }
+
+  *message_type = static_cast<NtlmMessage::MessageType>(temp);
+  return true;
+}
+
+bool NtlmBufferReader::SkipSecurityBuffer() {
+  return SkipBytes(NtlmMessage::SECURITY_BUFFER_LEN);
+}
+
+bool NtlmBufferReader::SkipSecurityBufferWithValidation() {
+  uint16_t length;
+  uint32_t offset;
+  if (!ReadSecurityBuffer(&length, &offset)) {
+    return false;
+  }
+
+  // If the security buffer indicates to read outside
+  // the message buffer then fail.
+  if (!CanReadFrom(offset, length)) {
+    cursor_ -= NtlmMessage::SECURITY_BUFFER_LEN;
+    return false;
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::SkipBytes(size_t count) {
+  if (!CanRead(count))
+    return false;
+
+  cursor_ += count;
+  return true;
+}
+
+bool NtlmBufferReader::MatchSignature() {
+  if (!CanRead(NtlmMessage::SIGNATURE_LEN))
+    return false;
+
+  if (memcmp(NtlmMessage::SIGNATURE, GetBufferAtCursor(),
+             NtlmMessage::SIGNATURE_LEN) != 0)
+    return false;
+
+  cursor_ += NtlmMessage::SIGNATURE_LEN;
+  return true;
+}
+
+bool NtlmBufferReader::MatchMessageType(NtlmMessage::MessageType message_type) {
+  size_t old_cursor = cursor_;
+  NtlmMessage::MessageType actual_message_type;
+  if (!ReadMessageType(&actual_message_type))
+    return false;
+
+  if (actual_message_type != message_type) {
+    cursor_ = old_cursor;
+    return false;
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::MatchMessageHeader(
+    NtlmMessage::MessageType message_type) {
+  size_t old_cursor = cursor_;
+  if (MatchSignature() && MatchMessageType(message_type))
+    return true;
+
+  cursor_ = old_cursor;
+  return false;
+}
+
+bool NtlmBufferReader::MatchZeros(size_t count) {
+  if (!CanRead(count))
+    return false;
+
+  for (size_t i = 0; i < count; i++) {
+    if (GetBufferAtCursor()[i] != 0)
+      return false;
+  }
+
+  cursor_ += count;
+  return true;
+}
+
+bool NtlmBufferReader::MatchEmptySecurityBuffer() {
+  return MatchZeros(NtlmMessage::SECURITY_BUFFER_LEN);
+}
+
+}  // namespace net