Add a buffer reader/writer for NTLM.

net/http/ntlm_buffer_reader.cc

Index: net/http/ntlm_buffer_reader.cc
diff --git a/net/http/ntlm_buffer_reader.cc b/net/http/ntlm_buffer_reader.cc
new file mode 100644
index 0000000000000000000000000000000000000000..4d7da581709d065c68b3f493e7dddfba447c3f7e
--- /dev/null
+++ b/net/http/ntlm_buffer_reader.cc
@@ -0,0 +1,304 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/http/ntlm_buffer_reader.h"
+
+#include <string.h>
+
+#include "base/logging.h"
+
+namespace net {

[asanka, 2017/06/16 03:21:29]

Curious. Why aren't these in namespace ntlm {} ?

[zentaro, 2017/06/21 00:38:46]

Oversight. Done.

+
+#if defined(ARCH_CPU_LITTLE_ENDIAN)
+#define IS_LITTLE_ENDIAN 1
+#undef IS_BIG_ENDIAN
+#elif defined(ARCH_CPU_BIG_ENDIAN)
+#define IS_BIG_ENDIAN 1
+#undef IS_LITTLE_ENDIAN
+#else
+#error "Unknown endianness"
+#endif
+
+NtlmBufferReader::NtlmBufferReader(base::StringPiece buffer)
+    : buffer_(buffer), cursor_(0) {
+  DCHECK(buffer.data());
+}
+
+NtlmBufferReader::NtlmBufferReader(const uint8_t* ptr, size_t len)
+    : NtlmBufferReader(
+          base::StringPiece(reinterpret_cast<const char*>(ptr), len)) {}
+
+NtlmBufferReader::~NtlmBufferReader() {}
+
+bool NtlmBufferReader::CanRead(size_t len) const {
+  return CanReadFrom(GetCursor(), len);
+}
+
+bool NtlmBufferReader::CanReadFrom(size_t offset, size_t len) const {
+  if (len == 0)
+    return true;
+
+  return (len <= GetLength() && offset <= GetLength() - len);
+}
+
+void NtlmBufferReader::SetCursor(size_t cursor) {
+  DCHECK(cursor <= GetLength());

[asanka, 2017/06/16 03:21:28]

DCHECK_LE

[zentaro, 2017/06/21 00:38:46]

Done.

+
+  cursor_ = cursor;
+}
+
+bool NtlmBufferReader::ReadUInt16(uint16_t* value) {
+  return ReadUInt<uint16_t>(value);
+}
+
+bool NtlmBufferReader::ReadUInt32(uint32_t* value) {
+  return ReadUInt<uint32_t>(value);
+}
+
+bool NtlmBufferReader::ReadUInt64(uint64_t* value) {
+  return ReadUInt<uint64_t>(value);
+}
+
+bool NtlmBufferReader::ReadFlags(ntlm::NegotiateFlags* flags) {
+  uint32_t raw;
+  if (!ReadUInt32(&raw))
+    return false;
+
+  *flags = static_cast<ntlm::NegotiateFlags>(raw);
+  return true;
+}
+
+template <typename T>
+bool NtlmBufferReader::ReadUInt(T* value) {
+  size_t int_size = sizeof(T);
+  if (!CanRead(int_size))
+    return false;
+
+  *value = 0;
+  for (size_t i = 0; i < int_size; i++) {
+    *value += static_cast<T>(GetByteAtCursor()) << (i * 8);
+    AdvanceCursor(1);
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::ReadBytes(uint8_t* buffer, size_t len) {
+  if (!CanRead(len))
+    return false;
+
+  memcpy(reinterpret_cast<void*>(buffer),
+         reinterpret_cast<const void*>(GetBufferAtCursor()), len);
+
+  AdvanceCursor(len);
+  return true;
+}
+
+bool NtlmBufferReader::ReadSecurityBuffer(ntlm::SecurityBuffer* sec_buf) {
+  if (!CanRead(ntlm::SECURITY_BUFFER_LEN))
+    return false;
+
+  bool result = ReadUInt16(&sec_buf->length) && SkipBytes(sizeof(uint16_t)) &&
+                ReadUInt32(&sec_buf->offset);
+
+  DCHECK(result);
+  return result;
+}
+
+bool NtlmBufferReader::ReadUtf8String(std::string* value, size_t num_bytes) {
+  if (!CanRead(num_bytes))
+    return false;
+
+  value->assign(reinterpret_cast<const char*>(GetBufferAtCursor()), num_bytes);
+  AdvanceCursor(num_bytes);
+  return true;
+}
+
+bool NtlmBufferReader::ReadUtf16String(base::string16* value,
+                                       size_t num_bytes) {
+  if (!CanRead(num_bytes) || (num_bytes % 2 != 0))
+    return false;
+
+  value->assign(reinterpret_cast<const base::char16*>(GetBufferAtCursor()),
+                num_bytes / 2);
+#if IS_BIG_ENDIAN
+  // The NTLM buffer is always little-endian. So when it was assigned to the
+  // string above all the chars will be in little-endian order.
+  // Now swap them all so that the resulting string |value| is big-endian.
+  uint8_t* ptr = reinterpret_cast<uint8_t*>(value->c_str());
+  for (int i = 0; i < num_bytes; i += 2) {
+    std::swap(ptr[i], ptr[i + 1]);
+  }
+#endif
+  AdvanceCursor(num_bytes);
+  return true;
+}
+
+bool NtlmBufferReader::ReadUtf16Payload(base::string16* value) {
+  size_t old_cursor = GetCursor();
+
+  // First read the security buffer.
+  ntlm::SecurityBuffer sec_buf;
+  if (!ReadSecurityBuffer(&sec_buf))
+    return false;
+
+  if (!CanReadFrom(sec_buf)) {
+    SetCursor(old_cursor);
+    return false;
+  }
+
+  old_cursor = GetCursor();
+  SetCursor(sec_buf.offset);
+  bool result = ReadUtf16String(value, sec_buf.length);
+  DCHECK(result);
+  SetCursor(old_cursor);
+
+  return result;
+}
+
+bool NtlmBufferReader::ReadBytesPayload(uint8_t* buffer, size_t buffer_len) {
+  size_t old_cursor = GetCursor();
+
+  // First read the security buffer.
+  ntlm::SecurityBuffer sec_buf;
+  if (!ReadSecurityBuffer(&sec_buf))
+    return false;
+
+  if (!CanReadFrom(sec_buf) || sec_buf.length > buffer_len) {
+    SetCursor(old_cursor);
+    return false;
+  }
+
+  old_cursor = GetCursor();
+  SetCursor(sec_buf.offset);
+  bool result = ReadBytes(buffer, sec_buf.length);

[asanka, 2017/06/16 03:21:28]

Seems unnecessary to invoke ReadBytes() since we are undoing or ignoring
everything it's doing other than the memcpy().

[zentaro, 2017/06/21 00:38:47]

Done. Was just trying to keep it consistent with the other Read*Payloads.

+  DCHECK(result);
+  SetCursor(old_cursor);
+
+  return result;
+}
+
+bool NtlmBufferReader::ReadUtf8Payload(std::string* value) {
+  size_t old_cursor = GetCursor();
+
+  // First read the security buffer.
+  ntlm::SecurityBuffer sec_buf;
+  if (!ReadSecurityBuffer(&sec_buf))
+    return false;
+
+  if (!CanReadFrom(sec_buf)) {
+    SetCursor(old_cursor);
+    return false;
+  }
+
+  old_cursor = GetCursor();
+  SetCursor(sec_buf.offset);
+  bool result = ReadUtf8String(value, sec_buf.length);
+  DCHECK(result);
+  SetCursor(old_cursor);
+
+  return result;
+}
+
+bool NtlmBufferReader::ReadMessageType(ntlm::MessageType* message_type) {
+  size_t old_cursor = GetCursor();
+
+  uint32_t raw_message_type;
+  if (!ReadUInt32(&raw_message_type))
+    return false;
+
+  *message_type = static_cast<ntlm::MessageType>(raw_message_type);
+
+  if (*message_type != ntlm::MessageType::NEGOTIATE &&
+      *message_type != ntlm::MessageType::CHALLENGE &&
+      *message_type != ntlm::MessageType::AUTHENTICATE) {
+    SetCursor(old_cursor);
+    return false;
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::SkipSecurityBuffer() {
+  return SkipBytes(ntlm::SECURITY_BUFFER_LEN);
+}
+
+bool NtlmBufferReader::SkipSecurityBufferWithValidation() {
+  size_t old_cursor = GetCursor();
+
+  ntlm::SecurityBuffer sec_buf;
+  if (!ReadSecurityBuffer(&sec_buf)) {
+    return false;
+  }
+
+  // If the security buffer indicates to read outside
+  // the message buffer then fail.
+  if (!CanReadFrom(sec_buf)) {
+    SetCursor(old_cursor);
+    return false;
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::SkipBytes(size_t count) {
+  if (!CanRead(count))
+    return false;
+
+  AdvanceCursor(count);
+  return true;
+}
+
+bool NtlmBufferReader::MatchSignature() {
+  if (!CanRead(ntlm::SIGNATURE_LEN))
+    return false;
+
+  if (memcmp(ntlm::SIGNATURE, GetBufferAtCursor(), ntlm::SIGNATURE_LEN) != 0)
+    return false;
+
+  AdvanceCursor(ntlm::SIGNATURE_LEN);
+  return true;
+}
+
+bool NtlmBufferReader::MatchMessageType(ntlm::MessageType message_type) {
+  size_t old_cursor = GetCursor();
+  ntlm::MessageType actual_message_type;
+  if (!ReadMessageType(&actual_message_type))
+    return false;
+
+  if (actual_message_type != message_type) {
+    SetCursor(old_cursor);

[asanka, 2017/06/16 03:21:28]

I'm guessing that in practice all of these failure cases would be "discard the
buffer and give up" cases and the recovery work that's being done here isn't
necessary. There's nothing to salvage if a received buffer is invalid, right?

If so, I think we can greatly simplify most of this code.

[zentaro, 2017/06/21 00:38:46]

I was just trying to leave things in a predictable state. But you're right in
all the actual uses you never continue in this case.

+    return false;
+  }
+
+  return true;
+}
+
+bool NtlmBufferReader::MatchMessageHeader(ntlm::MessageType message_type) {
+  size_t old_cursor = GetCursor();
+  if (MatchSignature() && MatchMessageType(message_type))
+    return true;
+
+  SetCursor(old_cursor);
+  return false;
+}
+
+bool NtlmBufferReader::MatchZeros(size_t count) {
+  if (!CanRead(count))
+    return false;
+
+  for (size_t i = 0; i < count; i++) {
+    if (GetBufferAtCursor()[i] != 0)
+      return false;
+  }
+
+  AdvanceCursor(count);
+  return true;
+}
+
+bool NtlmBufferReader::MatchEmptySecurityBuffer() {
+  return MatchZeros(ntlm::SECURITY_BUFFER_LEN);
+}
+
+}  // namespace net