From f0e31781e50a45d6de4220ae14143d775f2ae43b Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sesse@samfundet.no>
Date: Sat, 5 Feb 2005 18:38:57 +0000
Subject: [PATCH] Include an (invalid) SEC_TAG_KEYSIG, and fix reading of VNC
 clipboard.

---
 mcs.c    | 23 ++++++++++++++++++-----
 rdpsrv.c |  2 +-
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/mcs.c b/mcs.c
index ce10a68..f586801 100644
--- a/mcs.c
+++ b/mcs.c
@@ -235,6 +235,13 @@ unsigned char my_private_exponent[] = {
 	0x2a, 0xc6, 0xac, 0x8d, 0x06, 0x06, 0x2c, 0xf6, 0x8d, 0x97, 0x58, 0x68, 0x86, 0xa4
 };
 
+// copied verbatim from the protocol...
+unsigned char my_signature[SEC_MODULUS_SIZE] = {
+	0x49, 0x54, 0x1b, 0xbe, 0x23, 0x8b, 0xbe, 0x1f, 0x77, 0xfa, 0x5d, 0xd0, 0x57, 0xee, 0x55, 0xd2,
+	0x9e, 0x38, 0x7b, 0x82, 0x82, 0x8d, 0x25, 0x2a, 0xaa, 0xa0, 0xe6, 0xbe, 0x1b, 0xa6, 0x4e, 0xe2,
+	0x9b, 0x55, 0x39, 0xb2, 0x38, 0xd2, 0x11, 0x64, 0x06, 0x64, 0x87, 0xb6, 0x3a, 0xce, 0xc6, 0x9a,
+	0xc7, 0x85, 0xbd, 0xc7, 0xe3, 0x2b, 0x10, 0x9f, 0xdc, 0x38, 0x5a, 0x05, 0x86, 0xb3, 0x5c, 0x1a
+};
  
 void
 mcs_send_connect_response()
@@ -245,7 +252,7 @@ mcs_send_connect_response()
 	s = iso_init(250);
 	printf("INITLEN: %u\n", s->p - s->iso_hdr);
 
-	ber_out_header(s, MCS_CONNECT_RESPONSE, 245);
+	ber_out_header(s, MCS_CONNECT_RESPONSE, 245 + 72);
 	ber_out_header(s, BER_TAG_RESULT, 1);
 	out_uint8(s, 0);
 
@@ -254,7 +261,7 @@ mcs_send_connect_response()
 	
 	mcs_out_domain_params(s, 34, 2, 0, 0xffff);  // dumdidum?
 
-	ber_out_header(s, BER_TAG_OCTET_STRING, 207);
+	ber_out_header(s, BER_TAG_OCTET_STRING, 207 + 72);
 
 	// some unknown header of sorts
 	out_uint8(s, 0x00);
@@ -279,7 +286,7 @@ mcs_send_connect_response()
 	out_uint8(s, 0x44);
 	out_uint8(s, 0x6e);
 
-	length = 184;
+	length = 184 + 72;
 	
 	// two bytes of length
 	out_uint8(s, 0x80 | (length >> 8));
@@ -303,12 +310,12 @@ mcs_send_connect_response()
 	
 	// crypto info
 	out_uint16_le(s, SEC_TAG_SRV_CRYPT);
-	out_uint16_le(s, 160); // length
+	out_uint16_le(s, 232); // length
 	out_uint32_le(s, 2); // 128-bit
 	out_uint32_le(s, 3); // high
 
 	out_uint32_le(s, SEC_RANDOM_SIZE); // random_len
-	out_uint32_le(s, 108);             // rsa_info_len
+	out_uint32_le(s, 180);             // rsa_info_len
 	out_uint8s(s, SEC_RANDOM_SIZE);    // server_random
 	out_uint32_le(s, 1);               // RDP4-style
 	// unknown
@@ -325,6 +332,12 @@ mcs_send_connect_response()
 	out_uint8p(s, my_modulus, SEC_MODULUS_SIZE);
 	out_uint8s(s, SEC_PADDING_SIZE);
 	
+	// just copied verbatim...
+	out_uint16_le(s, SEC_TAG_KEYSIG);
+	out_uint16_le(s, 72);
+	out_uint8p(s, my_signature, 64);                        // 512 bits
+	out_uint8s(s, 4);                                       // padding
+	
 	s_mark_end(s);
 	iso_send(s);
 
diff --git a/rdpsrv.c b/rdpsrv.c
index 0251a2a..9198987 100644
--- a/rdpsrv.c
+++ b/rdpsrv.c
@@ -389,7 +389,7 @@ int serve_client()
 					error("short read on vnc_sock\n");
 				if (read(vnc_sock, buf, 4) != 4)
 					error("short read on vnc_sock\n");
-				if (read(vnc_sock, (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3], 4) != 4)
+				if (read(vnc_sock, buf, (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]) != 4)
 					error("short read on vnc_sock\n");
 				
 			default:
-- 
2.39.2