diff options
author | Peter Wu <peter@lekensteyn.nl> | 2019-11-26 14:05:45 +0000 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2019-11-27 07:02:31 +0000 |
commit | 12d72be15b90cc76f7709fd944682224257ec236 (patch) | |
tree | 287a4dbb636d7330bf9e7424bdb321539a4858de | |
parent | 07a1753d447bf46d8f197c837983602258191529 (diff) |
WireGuard: fix MAC1 computation for non-zero reserved case
Peer identification failed because the MAC1 value did not check out.
Fix the computation in case the reserved bytes are overwritten after the
original protocol has run.
Change-Id: I4be65806bed96d7236103ebb369c1affcadebd5f
Reviewed-on: https://code.wireshark.org/review/35219
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
-rw-r--r-- | epan/dissectors/packet-wireguard.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/epan/dissectors/packet-wireguard.c b/epan/dissectors/packet-wireguard.c index 527dadc6ae..e6b9a1e0bd 100644 --- a/epan/dissectors/packet-wireguard.c +++ b/epan/dissectors/packet-wireguard.c @@ -1145,8 +1145,12 @@ wg_mac1_key_probe(tvbuff_t *tvb, gboolean is_initiation) return NULL; } - const guint8 *mac1_msgdata = tvb_get_ptr(tvb, 0, mac1_offset); + guint8 *mac1_msgdata = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, 0, mac1_offset); const guint8 *mac1_output = tvb_get_ptr(tvb, mac1_offset, 16); + + // MAC1 is computed over a message with three reserved bytes set to zero. + mac1_msgdata[1] = mac1_msgdata[2] = mac1_msgdata[3] = 0; + // Find public key that matches the 16-byte MAC1 field. GHashTableIter iter; gpointer value; |