diff options
author | Isaac Boukris <iboukris@gmail.com> | 2021-05-29 20:35:56 +0300 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-06-08 17:36:44 +0000 |
commit | 9147201351d591aa1f12d8fcbe319c117d0c5801 (patch) | |
tree | 8d69af278456c46d3a078405cd29b85740baeb5f /epan | |
parent | 5363626d5a9c4ab275aca0ae2e992e5e41c7cf67 (diff) |
credssp: fix dissection in RDP stream
When there are more packets on the stream after credssp, like tpkt-rpd
data, the credssp heuristics fails when invoked by tls and then even the
packets for which the credssp heuristics succeeded do not get dissected
as credssp but as tpkt-continuation data.
To work around that, call the credssp heuristic dissector directly from
the rdp dissector before trying fastpath.
Leave the credssp heursitics in TLS for other protocols such as HTTP
where it may work.
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/asn1/credssp/packet-credssp-template.c | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-credssp.c | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-rdp.c | 10 |
3 files changed, 12 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/credssp/packet-credssp-template.c b/epan/dissectors/asn1/credssp/packet-credssp-template.c index aef949af62..450a07a1f8 100644 --- a/epan/dissectors/asn1/credssp/packet-credssp-template.c +++ b/epan/dissectors/asn1/credssp/packet-credssp-template.c @@ -159,6 +159,7 @@ void proto_register_credssp(void) { void proto_reg_handoff_credssp(void) { heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE); + heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE); exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7); } diff --git a/epan/dissectors/packet-credssp.c b/epan/dissectors/packet-credssp.c index 83a6e6d951..d0c1398bce 100644 --- a/epan/dissectors/packet-credssp.c +++ b/epan/dissectors/packet-credssp.c @@ -535,6 +535,7 @@ void proto_register_credssp(void) { void proto_reg_handoff_credssp(void) { heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE); + heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE); exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7); } diff --git a/epan/dissectors/packet-rdp.c b/epan/dissectors/packet-rdp.c index 128476c871..e16a1bc36b 100644 --- a/epan/dissectors/packet-rdp.c +++ b/epan/dissectors/packet-rdp.c @@ -31,6 +31,8 @@ void proto_register_rdp(void); void proto_reg_handoff_rdp(void); +static heur_dissector_list_t rdp_heur_subdissector_list; + static int proto_rdp = -1; static int ett_rdp = -1; @@ -2352,6 +2354,12 @@ dissect_rdp_fastpath(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, static gboolean dissect_rdp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_) { + heur_dtbl_entry_t *hdtbl_entry; + + if (dissector_try_heuristic(rdp_heur_subdissector_list, tvb, pinfo, parent_tree, + &hdtbl_entry, NULL)) { + return TRUE; + } return dissect_rdp_fastpath(tvb, pinfo, parent_tree, NULL); } @@ -3420,6 +3428,8 @@ proto_register_rdp(void) { prefs_register_static_text_preference(rdp_module, "tcp_port_info", "The TCP ports used by the RDP protocol should be added to the TPKT preference \"TPKT TCP ports\", or by selecting \"TPKT\" as the \"Transport\" protocol in the \"Decode As\" dialog.", "RDP TCP Port preference moved information"); + + rdp_heur_subdissector_list = register_heur_dissector_list("rdp", proto_rdp); } void |