diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2009-07-28 13:01:41 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2009-07-28 13:01:41 +0000 |
| commit | f8cf2d2c838b8fa318dce0f47a0b79c314c16783 (patch) | |
| tree | 7c455fd89194a0abe748be117c6fb2a6ed66d7ea /epan/dissectors/packet-kink.c | |
| parent | e464a9bef912e7ca4cf6dbe2d0004e9a738d940c (diff) | |
When we passed the crytobuffer to krb5_c_decrypt() we never actually
verified that we did have enough data in the buffer/tvb, which could
lead to a SEGV.
(for example if we enable KRB5 decryption but we do NOT use TCP
reassembly, and the encrypted data goes beyong the end of the current
segment)
Change the signature to decrypt_krb5_data() to take a TVB instead of a
buffer+length.
Actually check that we do have the entire encrypted PDU before calling
out to the kerberos libraries.
svn path=/trunk/; revision=29213
Diffstat (limited to 'epan/dissectors/packet-kink.c')
| -rw-r--r-- | epan/dissectors/packet-kink.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/epan/dissectors/packet-kink.c b/epan/dissectors/packet-kink.c index 4c108d7482..440fa2ff0b 100644 --- a/epan/dissectors/packet-kink.c +++ b/epan/dissectors/packet-kink.c @@ -703,16 +703,12 @@ dissect_payload_kink_encrypt(packet_info *pinfo, tvbuff_t *tvb, int offset, prot proto_item *ti; guint8 next_payload; guint8 reserved; - guint payload_length,encrypt_length; + guint payload_length; + gint encrypt_length; guint8 inner_next_pload; guint32 reserved2; guint16 inner_payload_length; int start_payload_offset = 0; /* Keep the begining of the payload offset */ - const guint8 *data_value; -#ifdef HAVE_KERBEROS - tvbuff_t *next_tvb; - guint8 *plaintext=NULL; -#endif payload_length = tvb_get_ntohs(tvb,offset + TO_PAYLOAD_LENGTH); start_payload_offset = offset; @@ -739,13 +735,15 @@ dissect_payload_kink_encrypt(packet_info *pinfo, tvbuff_t *tvb, int offset, prot } offset += 2; - data_value = tvb_get_ptr(tvb, offset, encrypt_length); - /* decrypt kink encrypt */ if(keytype != 0){ #ifdef HAVE_KERBEROS - plaintext=decrypt_krb5_data(tree, pinfo, 0, encrypt_length, data_value, keytype, NULL); + tvbuff_t *next_tvb; + guint8 *plaintext=NULL; + + next_tvb=tvb_new_subset(tvb, offset, MIN(tvb_length_remaining(tvb, offset), encrypt_length), encrypt_length); + plaintext=decrypt_krb5_data(tree, pinfo, 0, next_tvb, keytype, NULL); if(plaintext){ next_tvb=tvb_new_child_real_data(tvb, plaintext, encrypt_length, encrypt_length); add_new_data_source(pinfo, next_tvb, "decrypted kink encrypt"); |