diff options
author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-12-25 11:43:47 +0000 |
---|---|---|
committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-12-25 11:43:47 +0000 |
commit | 2975ff835bc6c46a57161151f48394e68baea3e3 (patch) | |
tree | b0cf7883525d6d86e61abc30e1bbcafae7842801 | |
parent | cec07db2dad6c3e92246078c77cc63b8b103cf74 (diff) |
microsoft does not use a confounder for spnego when using DNS/TSIG
they use an additional confounder everywhere else (as it seems) but not for DNS/TSIG
svn path=/trunk/; revision=16894
-rw-r--r-- | asn1/spnego/packet-spnego-template.c | 14 | ||||
-rw-r--r-- | epan/dissectors/packet-spnego.c | 18 |
2 files changed, 22 insertions, 10 deletions
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c index 59f7851668..cf2dfd52c5 100644 --- a/asn1/spnego/packet-spnego-template.c +++ b/asn1/spnego/packet-spnego-template.c @@ -796,13 +796,19 @@ dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo _U * extra 8 bytes of "Random confounder" after the checksum. * It certainly confounds code expecting all Kerberos 5 * GSS_Wrap() tokens to look the same.... + * + * The exception is DNS/TSIG where there is no such confounder + * so we need to test here if there are more bytes in our tvb or not. + * -- ronnie */ - if (sgn_alg == KRB_SGN_ALG_HMAC) { - proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8, + if (tvb_length_remaining(tvb, offset)) { + if (sgn_alg == KRB_SGN_ALG_HMAC) { + proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8, TRUE); - offset += 8; - } + offset += 8; + } + } /* * Return the offset past the checksum, so that we know where diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c index 7cf1433553..58e87c4633 100644 --- a/epan/dissectors/packet-spnego.c +++ b/epan/dissectors/packet-spnego.c @@ -1296,13 +1296,19 @@ dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo _U * extra 8 bytes of "Random confounder" after the checksum. * It certainly confounds code expecting all Kerberos 5 * GSS_Wrap() tokens to look the same.... + * + * The exception is DNS/TSIG where there is no such confounder + * so we need to test here if there are more bytes in our tvb or not. + * -- ronnie */ - if (sgn_alg == KRB_SGN_ALG_HMAC) { - proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8, + if (tvb_length_remaining(tvb, offset)) { + if (sgn_alg == KRB_SGN_ALG_HMAC) { + proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8, TRUE); - offset += 8; - } + offset += 8; + } + } /* * Return the offset past the checksum, so that we know where @@ -1590,7 +1596,7 @@ void proto_register_spnego(void) { "", HFILL }}, /*--- End of included file: packet-spnego-hfarr.c ---*/ -#line 1005 "packet-spnego-template.c" +#line 1011 "packet-spnego-template.c" }; /* List of subtrees */ @@ -1611,7 +1617,7 @@ void proto_register_spnego(void) { &ett_spnego_InitialContextToken, /*--- End of included file: packet-spnego-ettarr.c ---*/ -#line 1014 "packet-spnego-template.c" +#line 1020 "packet-spnego-template.c" }; /* Register protocol */ |