diff options
| author | Guy Harris <guy@alum.mit.edu> | 2011-05-17 02:29:43 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2011-05-17 02:29:43 +0000 |
| commit | 96e2a4ffea51f9aa111c37f630a4371373592037 (patch) | |
| tree | 00d8f7ce6860c96e9f1330bf1d193a0fd73d51fa /epan/dissectors/packet-ntlmssp.c | |
| parent | 0f1503ef8a08102b1ad7f4b4efc3f207117e425d (diff) | |
According to MS-NLMP, the "version" field in the NTLMSSP blobs is
present only if the NTLMSSP_NEGOTIATE_VERSION flag is set in the flags
field, and that appears to be true in at least one capture I've seen.
svn path=/trunk/; revision=37197
Diffstat (limited to 'epan/dissectors/packet-ntlmssp.c')
| -rw-r--r-- | epan/dissectors/packet-ntlmssp.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c index 6d9e31df98..028e7db20d 100644 --- a/epan/dissectors/packet-ntlmssp.c +++ b/epan/dissectors/packet-ntlmssp.c @@ -1412,9 +1412,11 @@ dissect_ntlmssp_negotiate (tvbuff_t *tvb, int offset, proto_tree *ntlmssp_tree, data_start = MIN(data_start, item_start); data_end = MAX(data_end, item_end); - /* If there are more bytes before the data block dissect a version field */ + /* If there are more bytes before the data block dissect a version field + if NTLMSSP_NEGOTIATE_VERSION is set in the flags (see MS-NLMP) */ if (offset < data_start) { - offset = dissect_ntlmssp_version(tvb, offset, ntlmssp_tree); + if (negotiate_flags & NTLMSSP_NEGOTIATE_VERSION) + offset = dissect_ntlmssp_version(tvb, offset, ntlmssp_tree); } return data_end; } @@ -1593,9 +1595,11 @@ dissect_ntlmssp_challenge (tvbuff_t *tvb, packet_info *pinfo, int offset, data_end = MAX(data_end, item_end); } - /* If there are more bytes before the data block dissect a version field */ + /* If there are more bytes before the data block dissect a version field + if NTLMSSP_NEGOTIATE_VERSION is set in the flags (see MS-NLMP) */ if (offset < data_start) { - offset = dissect_ntlmssp_version(tvb, offset, ntlmssp_tree); + if (negotiate_flags & NTLMSSP_NEGOTIATE_VERSION) + offset = dissect_ntlmssp_version(tvb, offset, ntlmssp_tree); } return MAX(offset, data_end); @@ -1779,11 +1783,14 @@ dissect_ntlmssp_auth (tvbuff_t *tvb, packet_info *pinfo, int offset, if ((conv_ntlmssp_info != NULL) && (conv_ntlmssp_info->flags == 0)) { conv_ntlmssp_info->flags = negotiate_flags; } - } + } else + negotiate_flags = 0; - /* If there are more bytes before the data block dissect a version field */ + /* If there are more bytes before the data block dissect a version field + if NTLMSSP_NEGOTIATE_VERSION is set in the flags (see MS-NLMP) */ if (offset < data_start) { - offset = dissect_ntlmssp_version(tvb, offset, ntlmssp_tree); + if (negotiate_flags & NTLMSSP_NEGOTIATE_VERSION) + offset = dissect_ntlmssp_version(tvb, offset, ntlmssp_tree); } /* If there are still more bytes before the data block dissect an MIC (message integrity_code) field */ |