#664 Incorrect IPv6 address returned from win32ts.WTSQuerySessionInformation WTSClientAddress WTSInfoClass

v1.0 (example)
open
nobody
None
5
2014-08-22
2014-01-28
Marqo09
No

It appears that the WTSQuerySessionInformation function within the win32ts module fails to get the correct IPv6 Address value for WTS_INFO_CLASS WTSClientAddress.

When my client's IP was set to something like [fe80::b33f], the returned value of Address was set to (0, 0, 254, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0). Based on a quick glance at the source (win32tsmodule.cpp lines 408-414), it appears it may be a simple mishandling of the null terminator for IPv6 addresses (which should be represented by 16 raw byte values).

To reproduce, I installed Remote Desktop Services on Window 2008 server and RDP'd in from a Windows 8.1 client. While logged on, I attempted to grab the logged in client's IPv6 address with the attached POC.

Sources:
http://msdn.microsoft.com/en-us/library/aa383857(v=vs.85).aspx

1 Attachments

Discussion

  • Marqo09
    Marqo09
    2014-01-30

    After additional testing, I do not believe the win32ts module is at fault. winsta.dll returned the same incomplete IPv6 address on Windows Server 2008 and the RDS Manager also displays an incomplete IPv6 address in the GUI. Lastly, Server 2012 and 2012 R2 do not appear to have this issue, and the win32ts module properly returns this data.

    Based on this analysis, I believe the bug is actually a Microsoft issue which they appear to have corrected in at least NT6.2 and above. Ticket can be closed.

     
    Last edit: Marqo09 2014-01-30
  • Roger Upole
    Roger Upole
    2014-02-14

    I'll add a note in the docs about this