diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-08-18 10:37:41 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2005-08-18 10:37:41 +0000 |
| commit | 2edce4224d955127c08578e2512046c7946cfde5 (patch) | |
| tree | af4063204a23cbf8625ff12fb8bcb9e6dfb59199 /epan | |
| parent | d5891d962385b3bef35c4e1d23f7f8c92be56022 (diff) | |
when kerberos claims a conversation, it only claims it for the source port
since a KDC MIGTH send the reply back from a different port.
Then comes X.L's capture (ethereal-dev) 816fc4.cap from 16Aug2005 where
the client is reusing the same source port to talk to DNS after finishing
doing the port 88 KDC stuff.
==>
Make kerberos/udp able to test the packet for sanity and reject packets that
do not look like kerberos (even if there was a conversation that said it was kerberos)
and thus let other dissectors have a go at it.
in doubt, try 816fc4.cap before and after this patch :-)
svn path=/trunk/; revision=15405
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-kerberos.c | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index 6abd9fe14e..7216e32d91 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -3732,8 +3732,7 @@ dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); - (void)dissect_kerberos_common(tvb, pinfo, tree, TRUE, FALSE, NULL); - return tvb_length(tvb); + return dissect_kerberos_common(tvb, pinfo, tree, TRUE, FALSE, NULL); } static gint @@ -3836,6 +3835,43 @@ dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, offset += 4; } + /* Do some sanity checking here, + * All krb5 packets start with a TAG class that is BER_CLASS_APP + * and a tag value that is either of the values below: + * If it doesnt look like kerberos, return 0 and let someone else have + * a go at it. + */ + if (!have_rm) { + gint8 tmp_class; + gboolean tmp_pc; + gint32 tmp_tag; + + get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag); + if(tmp_class!=BER_CLASS_APP){ + return 0; + } + switch(tmp_tag){ + case KRB5_MSG_AUTHENTICATOR: + case KRB5_MSG_ENC_TICKET_PART: + case KRB5_MSG_AS_REQ: + case KRB5_MSG_AS_REP: + case KRB5_MSG_TGS_REQ: + case KRB5_MSG_TGS_REP: + case KRB5_MSG_AP_REQ: + case KRB5_MSG_AP_REP: + case KRB5_MSG_ENC_AS_REP_PART: + case KRB5_MSG_ENC_TGS_REP_PART: + case KRB5_MSG_ENC_AP_REP_PART: + case KRB5_MSG_ENC_KRB_PRIV_PART: + case KRB5_MSG_SAFE: + case KRB5_MSG_PRIV: + case KRB5_MSG_ERROR: + break; + default: + return 0; + } + } + TRY { offset=dissect_ber_choice(pinfo, kerberos_tree, tvb, offset, kerberos_applications_choice, -1, -1, NULL); } CATCH_ALL { |