guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
- int length,
- const guint8 *cryptotext,
+ tvbuff_t *cryptotvb,
int keytype,
int *datalen)
{
enc_key_t *ek;
static krb5_data data = {0,0,NULL};
krb5_keytab_entry key;
+ int length = tvb_length(cryptotvb);
+ const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
/* don't do anything if we are not attempting to decrypt data */
if(!krb_decrypt){
return NULL;
}
+ /* make sure we have all the data we need */
+ if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
+ return NULL;
+ }
+
/* XXX we should only do this for first time, then store somewhere */
/* XXX We also need to re-read the keytab when the preference changes */
guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
- int length,
- const guint8 *cryptotext,
+ tvbuff_t *cryptotvb,
int keytype,
int *datalen)
{
krb5_error_code ret;
krb5_data data;
enc_key_t *ek;
+ int length = tvb_length(cryptotvb);
+ const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
/* don't do anything if we are not attempting to decrypt data */
if(!krb_decrypt){
return NULL;
}
+ /* make sure we have all the data we need */
+ if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
+ return NULL;
+ }
+
/* XXX we should only do this for first time, then store somewhere */
/* XXX We also need to re-read the keytab when the preference changes */
guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int _U_ usage,
- int length,
- const guint8 *cryptotext,
+ tvbuff_t *cryptotvb,
int keytype,
int *datalen)
{
GSList *ske;
service_key_t *sk;
struct des3_ctx ctx;
+ int length = tvb_length(cryptotvb);
+ const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
/* don't do anything if we are not attempting to decrypt data */
return NULL;
}
+ /* make sure we have all the data we need */
+ if (tvb_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
+ return NULL;
+ }
+
if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
return NULL;
}
* == 1
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, length, tvb_get_ptr(tvb, offset, length), PA_ENC_TIMESTAMP_etype, NULL);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 1, next_tvb, PA_ENC_TIMESTAMP_etype, NULL);
}
if(plaintext){
length=tvb_length_remaining(tvb, offset);
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, length, tvb_get_ptr(tvb, offset, length), PRIV_etype, NULL);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 13, next_tvb, PRIV_etype, NULL);
}
if(plaintext){
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* == 14
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, length, tvb_get_ptr(tvb, offset, length), EncKrbCredPart_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 14, next_tvb, EncKrbCredPart_etype, NULL);
}
if(plaintext){
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
if a sub-session key is used, or 4 if the session key is used.
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 4, next_tvb, enc_authorization_data_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, length, tvb_get_ptr(tvb, offset, length), enc_authorization_data_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 5, next_tvb, enc_authorization_data_etype, NULL);
}
if(plaintext){
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* == 11
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, length, tvb_get_ptr(tvb, offset, length), authenticator_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 7, next_tvb, authenticator_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, length, tvb_get_ptr(tvb, offset, length), authenticator_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 11, next_tvb, authenticator_etype, NULL);
}
if(plaintext){
{
guint8 *plaintext;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* 7.5.1
* All Ticket encrypted parts use usage == 2
*/
- if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, length, tvb_get_ptr(tvb, offset, length), Ticket_etype, NULL)) ){
+ if( (plaintext=decrypt_krb5_data(tree, actx->pinfo, 2, next_tvb, Ticket_etype, NULL)) ){
tvbuff_t *next_tvb;
next_tvb = tvb_new_child_real_data(tvb, plaintext,
length,
* == 11
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, length, tvb_get_ptr(tvb, offset, length), AP_REP_etype, NULL);
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 12, next_tvb, AP_REP_etype, NULL);
}
if(plaintext){
{
guint8 *plaintext=NULL;
int length;
+ tvbuff_t *next_tvb;
+
+ next_tvb=tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), tvb_reported_length_remaining(tvb, offset));
length=tvb_length_remaining(tvb, offset);
* == 9
*/
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 3, next_tvb, KDC_REP_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 8, next_tvb, KDC_REP_etype, NULL);
}
if(!plaintext){
- plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, length, tvb_get_ptr(tvb, offset, length), KDC_REP_etype, NULL);
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, 9, next_tvb, KDC_REP_etype, NULL);
}
if(plaintext){