packet-spnego: fix krb5_cfx_wrap without encryption

We need to use rrc, as the checksum is likely to be rotated before the plaintext payload. For now we only handle the two common cases rrc == 0 and rrc == ec... Ping-Bug: 9398 Change-Id: I548f2f0650716294b6aeb361021be6e44ae8f1b3 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://code.wireshark.org/review/7271 Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Stefan Metzmacher <metze@samba.org> 2015-02-20 08:40:34 +0100
committer: Michael Mann <mmann78@netscape.net> 2015-03-10 13:01:42 +0000
commit: 5a1b32b7695e8a5f885bce05f95b512815263544 (patch)
tree: 319def51e37e86c057d85b2b5d8ef1e478740801 /epan/dissectors/packet-spnego.c
parent: ea0e4892e98056cff33fa64c53f9763c0322f86a (diff)
1 files changed, 24 insertions, 7 deletions
diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index 3a64e07e10..7681475ef1 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -1469,6 +1469,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 		offset += checksum_size;
 
 	} else {
+		int returned_offset;
 		int inner_token_len = 0;
 
 		/*
@@ -1479,23 +1480,39 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 
 		checksum_size = ec;
 
-		inner_token_len = tvb_reported_length_remaining(tvb, offset) -
-					ec;
+		inner_token_len = tvb_reported_length_remaining(tvb, offset);
+		if (inner_token_len > ec) {
+			inner_token_len -= ec;
+		}
+
+		/*
+		 * We handle only the two common cases for now
+		 * (rrc == 0 and rrc == ec)
+		 */
+		if (rrc == ec) {
+			proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum,
+					    tvb, offset, checksum_size, ENC_NA);
+			offset += checksum_size;
+		}
 
+		returned_offset = offset;
 		pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
 						inner_token_len);
 
 		offset += inner_token_len;
 
-		proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
-				    checksum_size, ENC_NA);
+		if (rrc == 0) {
+			proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum,
+					    tvb, offset, checksum_size, ENC_NA);
+			offset += checksum_size;
+		}
 
 		/*
 		 * Return an offset that puts our caller before the inner
 		 * token. This is better than before, but we still see the
 		 * checksum included in the LDAP query at times.
 		 */
-		return offset - inner_token_len;
+		return returned_offset;
 	}
 
 	if(pinfo->decrypt_gssapi_tvb){
@@ -1938,7 +1955,7 @@ void proto_register_spnego(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1393 "../../asn1/spnego/packet-spnego-template.c"
+#line 1410 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	/* List of subtrees */
@@ -1961,7 +1978,7 @@ void proto_register_spnego(void) {
     &ett_spnego_InitialContextToken_U,
 
 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1403 "../../asn1/spnego/packet-spnego-template.c"
+#line 1420 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	static ei_register_info ei[] = {
author	Stefan Metzmacher <metze@samba.org>	2015-02-20 08:40:34 +0100
committer	Michael Mann <mmann78@netscape.net>	2015-03-10 13:01:42 +0000
commit	5a1b32b7695e8a5f885bce05f95b512815263544 (patch)
tree	319def51e37e86c057d85b2b5d8ef1e478740801 /epan/dissectors/packet-spnego.c
parent	ea0e4892e98056cff33fa64c53f9763c0322f86a (diff)