diff options
author | Gerald Combs <gerald@wireshark.org> | 2010-01-19 19:28:30 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2010-01-19 19:28:30 +0000 |
commit | 2efa26e0e1b9f75189b7a4f05abe3990870d6fe9 (patch) | |
tree | 56b4aa9c30bcc3396c879fad1a874f5427cae222 /epan/dissectors/packet-kerberos.c | |
parent | 982cfc5410f9d3bcfaadb6cced9733d941b5e948 (diff) |
Fix a double-free bug which was causing a crash. Our decryption buffer
length doesn't change, so allocate it just once. Add an expert item for
a successful decryption.
svn path=/trunk/; revision=31571
Diffstat (limited to 'epan/dissectors/packet-kerberos.c')
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index 13294ecb5e..6969887f6e 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -88,6 +88,7 @@ #include <epan/conversation.h> #include <epan/emem.h> #include <epan/asn1.h> +#include <epan/expert.h> #include <epan/dissectors/packet-kerberos.h> #include <epan/dissectors/packet-netbios.h> #include <epan/dissectors/packet-tcp.h> @@ -545,13 +546,13 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, { krb5_error_code ret; enc_key_t *ek; - static krb5_data data = {0,0,NULL}; + krb5_data data = {0,0,NULL}; krb5_keytab_entry key; int length = tvb_length(cryptotvb); const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length); /* don't do anything if we are not attempting to decrypt data */ - if(!krb_decrypt){ + if(!krb_decrypt || length < 1){ return NULL; } @@ -561,6 +562,8 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, } read_keytab_file_from_preferences(); + data.data = g_malloc(length); + data.length = length; for(ek=enc_key_list;ek;ek=ek->next){ krb5_enc_data input; @@ -574,21 +577,20 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, input.ciphertext.length = length; input.ciphertext.data = (guint8 *)cryptotext; - data.length = length; - g_free(data.data); - data.data = g_malloc(length); - key.key.enctype=ek->keytype; key.key.length=ek->keylength; key.key.contents=ek->keyvalue; ret = krb5_c_decrypt(krb5_ctx, &(key.key), usage, 0, &input, &data); - if((ret == 0) && (length>0)){ + if(ret == 0){ char *user_data; + + expert_add_info_format(pinfo, NULL, PI_SECURITY, PI_CHAT, + "Decrypted keytype %d in frame %u using %s", + ek->keytype, pinfo->fd->num, ek->key_origin); -printf("woohoo decrypted keytype:%d in frame:%u\n", ek->keytype, pinfo->fd->num); proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin); /* return a private g_malloced blob to the caller */ - user_data=g_memdup(data.data, data.length); + user_data=data.data; if (datalen) { *datalen = data.length; } |