When we passed the crytobuffer to krb5_c_decrypt() we never actually

verified that we did have enough data in the buffer/tvb, which could lead to a SEGV. (for example if we enable KRB5 decryption but we do NOT use TCP reassembly, and the encrypted data goes beyong the end of the current segment) Change the signature to decrypt_krb5_data() to take a TVB instead of a buffer+length. Actually check that we do have the entire encrypted PDU before calling out to the kerberos libraries. svn path=/trunk/; revision=29213
author: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2009-07-28 13:01:41 +0000
committer: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> 2009-07-28 13:01:41 +0000
commit: f8cf2d2c838b8fa318dce0f47a0b79c314c16783 (patch)
tree: 7c455fd89194a0abe748be117c6fb2a6ed66d7ea /epan/dissectors/packet-kerberos.h
parent: e464a9bef912e7ca4cf6dbe2d0004e9a738d940c (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/epan/dissectors/packet-kerberos.h b/epan/dissectors/packet-kerberos.h
index c9607bd7a6..7c61153679 100644
--- a/epan/dissectors/packet-kerberos.h
+++ b/epan/dissectors/packet-kerberos.h
@@ -77,8 +77,7 @@ extern enc_key_t *enc_key_list;
 guint8 *
 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
 			int usage,
-			int length,
-			const guint8 *cryptotext,
+			tvbuff_t *crypototvb,
 			int keytype,
 			int *datalen);
author	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2009-07-28 13:01:41 +0000
committer	Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>	2009-07-28 13:01:41 +0000
commit	f8cf2d2c838b8fa318dce0f47a0b79c314c16783 (patch)
tree	7c455fd89194a0abe748be117c6fb2a6ed66d7ea /epan/dissectors/packet-kerberos.h
parent	e464a9bef912e7ca4cf6dbe2d0004e9a738d940c (diff)