credssp: fix dissection in RDP stream

When there are more packets on the stream after credssp, like tpkt-rpd data, the credssp heuristics fails when invoked by tls and then even the packets for which the credssp heuristics succeeded do not get dissected as credssp but as tpkt-continuation data. To work around that, call the credssp heuristic dissector directly from the rdp dissector before trying fastpath. Leave the credssp heursitics in TLS for other protocols such as HTTP where it may work.
author: Isaac Boukris <iboukris@gmail.com> 2021-05-29 20:35:56 +0300
committer: Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> 2021-06-08 17:36:44 +0000
commit: 9147201351d591aa1f12d8fcbe319c117d0c5801 (patch)
tree: 8d69af278456c46d3a078405cd29b85740baeb5f /epan/dissectors/asn1
parent: 5363626d5a9c4ab275aca0ae2e992e5e41c7cf67 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/credssp/packet-credssp-template.c b/epan/dissectors/asn1/credssp/packet-credssp-template.c
index aef949af62..450a07a1f8 100644
--- a/epan/dissectors/asn1/credssp/packet-credssp-template.c
+++ b/epan/dissectors/asn1/credssp/packet-credssp-template.c
@@ -159,6 +159,7 @@ void proto_register_credssp(void) {
 void proto_reg_handoff_credssp(void) {
 
   heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE);
+  heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE);
   exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
 }
author	Isaac Boukris <iboukris@gmail.com>	2021-05-29 20:35:56 +0300
committer	Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org>	2021-06-08 17:36:44 +0000
commit	9147201351d591aa1f12d8fcbe319c117d0c5801 (patch)
tree	8d69af278456c46d3a078405cd29b85740baeb5f /epan/dissectors/asn1
parent	5363626d5a9c4ab275aca0ae2e992e5e41c7cf67 (diff)