diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-05-24 16:36:29 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2020-05-26 12:38:16 +0000 |
commit | fd9ed550c3c7a677d47f2b750017d63ba88c982c (patch) | |
tree | 8e0443fbfa888dbfc8aa997a6556758ca5ad0586 /epan/dissectors/asn1 | |
parent | d89565e0c065f917b28988ce80bfc89d41c35cf2 (diff) |
packet-kerberos: avoid guessing the authorization_data keyusage
Change-Id: I28bdf176818401c1e4e6ef15cf808e502fcf4989
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/37300
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/asn1')
-rw-r--r-- | epan/dissectors/asn1/kerberos/packet-kerberos-template.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index 9566f08088..677605a360 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -2745,6 +2745,7 @@ static int dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) { + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); guint8 *plaintext; int length; tvbuff_t *next_tvb; @@ -2757,10 +2758,15 @@ dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int * Authenticators are encrypted with usage * == 5 or * == 4 + * + * 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with + * the TGS session key (section 5.4.1) + * 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with + * the TGS authenticator subkey (section 5.4.1) */ - plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, NULL); - - if(!plaintext){ + if (private_data->PA_TGS_REQ_subkey != NULL) { + plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, NULL); + } else { plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, NULL); } |