diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-02-20 08:40:34 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2015-03-10 13:01:42 +0000 |
commit | 5a1b32b7695e8a5f885bce05f95b512815263544 (patch) | |
tree | 319def51e37e86c057d85b2b5d8ef1e478740801 /asn1/spnego | |
parent | ea0e4892e98056cff33fa64c53f9763c0322f86a (diff) |
packet-spnego: fix krb5_cfx_wrap without encryption
We need to use rrc, as the checksum is likely to be
rotated before the plaintext payload.
For now we only handle the two common cases
rrc == 0 and rrc == ec...
Ping-Bug: 9398
Change-Id: I548f2f0650716294b6aeb361021be6e44ae8f1b3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/7271
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'asn1/spnego')
-rw-r--r-- | asn1/spnego/packet-spnego-template.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c index e6caf1af44..edce351c9e 100644 --- a/asn1/spnego/packet-spnego-template.c +++ b/asn1/spnego/packet-spnego-template.c @@ -1017,6 +1017,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo offset += checksum_size; } else { + int returned_offset; int inner_token_len = 0; /* @@ -1027,23 +1028,39 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo checksum_size = ec; - inner_token_len = tvb_reported_length_remaining(tvb, offset) - - ec; + inner_token_len = tvb_reported_length_remaining(tvb, offset); + if (inner_token_len > ec) { + inner_token_len -= ec; + } + + /* + * We handle only the two common cases for now + * (rrc == 0 and rrc == ec) + */ + if (rrc == ec) { + proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, + tvb, offset, checksum_size, ENC_NA); + offset += checksum_size; + } + returned_offset = offset; pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset, inner_token_len); offset += inner_token_len; - proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset, - checksum_size, ENC_NA); + if (rrc == 0) { + proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, + tvb, offset, checksum_size, ENC_NA); + offset += checksum_size; + } /* * Return an offset that puts our caller before the inner * token. This is better than before, but we still see the * checksum included in the LDAP query at times. */ - return offset - inner_token_len; + return returned_offset; } if(pinfo->decrypt_gssapi_tvb){ |