Basic RDP dissection, which can dissect the connection sequence.

A work in progress.
Can be used with the SSL dissector to decrypt Enhanced RDP Security SSL.
With Standard RDP Security (e.g those on Wiki), the PDUs are all encrypted 
after the SecurityExchange PDU.
Wiki to be updated with an example SSL protected capture and associated
key material.

svn path=/trunk/; revision=39066

1 files changed, 10 insertions, 1 deletions

diff --git a/epan/dissectors/packet-ses.c b/epan/dissectors/packet-ses.c
index 4f07705851..09115acf4b 100644
--- a/epan/dissectors/packet-ses.c
+++ b/epan/dissectors/packet-ses.c
@@ -1206,7 +1206,7 @@ dissect_ses(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	 * If so, dissect it as such (GIVE_TOKENS and DATA_TRANSFER have
 	 * the same SPDU type value).
 	 */
-	if (type == SES_PLEASE_TOKENS || type == SES_GIVE_TOKENS)
+	if ((type == SES_PLEASE_TOKENS) || (type == SES_GIVE_TOKENS))
 		offset = dissect_spdu(tvb, offset, pinfo, tree, TOKENS_SPDU, FALSE);
 
 
@@ -1992,6 +1992,15 @@ dissect_ses_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 	if (tvb_length(tvb) < len)
 		return FALSE;	/* no */
 
+	/* final check to see if the next SPDU, if present, is also valid */
+	if (tvb_length(tvb) > len) {
+	  type = tvb_get_guint8(tvb, offset + len + 1);
+	  /* check SPDU type */
+	  if (match_strval(type, ses_vals) == NULL) {
+	    return FALSE;  /* no, it isn't a session PDU */
+	  }
+	}
+
 	dissect_ses(tvb, pinfo, parent_tree);
 	return TRUE;
 }