packet-spnego: fix krb5_cfx_wrap without encryption
authorStefan Metzmacher <metze@samba.org>
Fri, 20 Feb 2015 07:40:34 +0000 (08:40 +0100)
committerMichael Mann <mmann78@netscape.net>
Tue, 10 Mar 2015 13:01:42 +0000 (13:01 +0000)
We need to use rrc, as the checksum is likely to be
rotated before the plaintext payload.

For now we only handle the two common cases
rrc == 0 and rrc == ec...

Ping-Bug: 9398
Change-Id: I548f2f0650716294b6aeb361021be6e44ae8f1b3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/7271
Reviewed-by: Michael Mann <mmann78@netscape.net>
asn1/spnego/packet-spnego-template.c
epan/dissectors/packet-spnego.c

index e6caf1af44f557d0c47ea3c63234d0297688a02a..edce351c9eed550247f09e62734370e655c89659 100644 (file)
@@ -1017,6 +1017,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
                offset += checksum_size;
 
        } else {
+               int returned_offset;
                int inner_token_len = 0;
 
                /*
@@ -1027,23 +1028,39 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 
                checksum_size = ec;
 
-               inner_token_len = tvb_reported_length_remaining(tvb, offset) -
-                                       ec;
+               inner_token_len = tvb_reported_length_remaining(tvb, offset);
+               if (inner_token_len > ec) {
+                       inner_token_len -= ec;
+               }
+
+               /*
+                * We handle only the two common cases for now
+                * (rrc == 0 and rrc == ec)
+                */
+               if (rrc == ec) {
+                       proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum,
+                                           tvb, offset, checksum_size, ENC_NA);
+                       offset += checksum_size;
+               }
 
+               returned_offset = offset;
                pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
                                                inner_token_len);
 
                offset += inner_token_len;
 
-               proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
-                                   checksum_size, ENC_NA);
+               if (rrc == 0) {
+                       proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum,
+                                           tvb, offset, checksum_size, ENC_NA);
+                       offset += checksum_size;
+               }
 
                /*
                 * Return an offset that puts our caller before the inner
                 * token. This is better than before, but we still see the
                 * checksum included in the LDAP query at times.
                 */
-               return offset - inner_token_len;
+               return returned_offset;
        }
 
        if(pinfo->decrypt_gssapi_tvb){
index 3a64e07e105252f507105451bafa385bb6d16ee9..7681475ef1eb89404b4fe0caabac87678d1d3f72 100644 (file)
@@ -1469,6 +1469,7 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
                offset += checksum_size;
 
        } else {
+               int returned_offset;
                int inner_token_len = 0;
 
                /*
@@ -1479,23 +1480,39 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 
                checksum_size = ec;
 
-               inner_token_len = tvb_reported_length_remaining(tvb, offset) -
-                                       ec;
+               inner_token_len = tvb_reported_length_remaining(tvb, offset);
+               if (inner_token_len > ec) {
+                       inner_token_len -= ec;
+               }
+
+               /*
+                * We handle only the two common cases for now
+                * (rrc == 0 and rrc == ec)
+                */
+               if (rrc == ec) {
+                       proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum,
+                                           tvb, offset, checksum_size, ENC_NA);
+                       offset += checksum_size;
+               }
 
+               returned_offset = offset;
                pinfo->gssapi_wrap_tvb = tvb_new_subset_length(tvb, offset,
                                                inner_token_len);
 
                offset += inner_token_len;
 
-               proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
-                                   checksum_size, ENC_NA);
+               if (rrc == 0) {
+                       proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum,
+                                           tvb, offset, checksum_size, ENC_NA);
+                       offset += checksum_size;
+               }
 
                /*
                 * Return an offset that puts our caller before the inner
                 * token. This is better than before, but we still see the
                 * checksum included in the LDAP query at times.
                 */
-               return offset - inner_token_len;
+               return returned_offset;
        }
 
        if(pinfo->decrypt_gssapi_tvb){
@@ -1938,7 +1955,7 @@ void proto_register_spnego(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1393 "../../asn1/spnego/packet-spnego-template.c"
+#line 1410 "../../asn1/spnego/packet-spnego-template.c"
        };
 
        /* List of subtrees */
@@ -1961,7 +1978,7 @@ void proto_register_spnego(void) {
     &ett_spnego_InitialContextToken_U,
 
 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1403 "../../asn1/spnego/packet-spnego-template.c"
+#line 1420 "../../asn1/spnego/packet-spnego-template.c"
        };
 
        static ei_register_info ei[] = {