diff options
author | Isaac Boukris <iboukris@gmail.com> | 2021-05-29 20:35:56 +0300 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-06-08 17:36:44 +0000 |
commit | 9147201351d591aa1f12d8fcbe319c117d0c5801 (patch) | |
tree | 8d69af278456c46d3a078405cd29b85740baeb5f /epan/dissectors/asn1 | |
parent | 5363626d5a9c4ab275aca0ae2e992e5e41c7cf67 (diff) |
credssp: fix dissection in RDP stream
When there are more packets on the stream after credssp, like tpkt-rpd
data, the credssp heuristics fails when invoked by tls and then even the
packets for which the credssp heuristics succeeded do not get dissected
as credssp but as tpkt-continuation data.
To work around that, call the credssp heuristic dissector directly from
the rdp dissector before trying fastpath.
Leave the credssp heursitics in TLS for other protocols such as HTTP
where it may work.
Diffstat (limited to 'epan/dissectors/asn1')
-rw-r--r-- | epan/dissectors/asn1/credssp/packet-credssp-template.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/credssp/packet-credssp-template.c b/epan/dissectors/asn1/credssp/packet-credssp-template.c index aef949af62..450a07a1f8 100644 --- a/epan/dissectors/asn1/credssp/packet-credssp-template.c +++ b/epan/dissectors/asn1/credssp/packet-credssp-template.c @@ -159,6 +159,7 @@ void proto_register_credssp(void) { void proto_reg_handoff_credssp(void) { heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE); + heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE); exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7); } |