WireGuard: fix MAC1 computation for non-zero reserved case

Peer identification failed because the MAC1 value did not check out. Fix the computation in case the reserved bytes are overwritten after the original protocol has run. Change-Id: I4be65806bed96d7236103ebb369c1affcadebd5f Reviewed-on: https://code.wireshark.org/review/35219 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2019-11-26 14:05:45 +0000
committer: Alexis La Goutte <alexis.lagoutte@gmail.com> 2019-11-27 07:02:31 +0000
commit: 12d72be15b90cc76f7709fd944682224257ec236 (patch)
tree: 287a4dbb636d7330bf9e7424bdb321539a4858de
parent: 07a1753d447bf46d8f197c837983602258191529 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/epan/dissectors/packet-wireguard.c b/epan/dissectors/packet-wireguard.c
index 527dadc6ae..e6b9a1e0bd 100644
--- a/epan/dissectors/packet-wireguard.c
+++ b/epan/dissectors/packet-wireguard.c
@@ -1145,8 +1145,12 @@ wg_mac1_key_probe(tvbuff_t *tvb, gboolean is_initiation)
         return NULL;
     }
 
-    const guint8 *mac1_msgdata = tvb_get_ptr(tvb, 0, mac1_offset);
+    guint8 *mac1_msgdata = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, 0, mac1_offset);
     const guint8 *mac1_output = tvb_get_ptr(tvb, mac1_offset, 16);
+
+    // MAC1 is computed over a message with three reserved bytes set to zero.
+    mac1_msgdata[1] = mac1_msgdata[2] = mac1_msgdata[3] = 0;
+
     // Find public key that matches the 16-byte MAC1 field.
     GHashTableIter iter;
     gpointer value;
author	Peter Wu <peter@lekensteyn.nl>	2019-11-26 14:05:45 +0000
committer	Alexis La Goutte <alexis.lagoutte@gmail.com>	2019-11-27 07:02:31 +0000
commit	12d72be15b90cc76f7709fd944682224257ec236 (patch)
tree	287a4dbb636d7330bf9e7424bdb321539a4858de
parent	07a1753d447bf46d8f197c837983602258191529 (diff)