epan/dissectors/packet-dcerpc.c dcerpc-hardening part1 & part2

Change-Id: I907663775f5ebfe66cb994266f99fc15bf645fb1

diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c
index a57b2849eb677ae5c0bdea1db713e4bc303f25bc..f1955e70d251b520b14c153f13847321b284027a 100644 (file)
--- a/epan/dissectors/packet-dcerpc.c
+++ b/epan/dissectors/packet-dcerpc.c
@@ -469,6 +469,8 @@ static int hf_dcerpc_cn_bind_trans_ver = -1;
 static int hf_dcerpc_cn_bind_trans_btfn = -1;
 static int hf_dcerpc_cn_bind_trans_btfn_01 = -1;
 static int hf_dcerpc_cn_bind_trans_btfn_02 = -1;
+static int hf_dcerpc_cn_bind_trans_btfn_04 = -1;
+static int hf_dcerpc_cn_bind_trans_btfn_08 = -1;
 static int hf_dcerpc_cn_alloc_hint = -1;
 static int hf_dcerpc_cn_sec_addr_len = -1;
 static int hf_dcerpc_cn_sec_addr = -1;
@@ -589,6 +591,8 @@ static int hf_dcerpc_sec_vt_bitmask = -1;
 static int hf_dcerpc_sec_vt_bitmask_sign = -1;
 static int hf_dcerpc_sec_vt_pcontext_uuid = -1;
 static int hf_dcerpc_sec_vt_pcontext_ver = -1;
+static int hf_dcerpc_sec_vt_preauth_salt = -1;
+static int hf_dcerpc_sec_vt_preauth_sha512 = -1;
 
 static int * const sec_vt_command_fields[] = {
     &hf_dcerpc_sec_vt_command_cmd,
@@ -619,6 +623,8 @@ static int hf_dcerpc_authentication_verifier = -1;
 static int * const dcerpc_cn_bind_trans_btfn_fields[] = {
         &hf_dcerpc_cn_bind_trans_btfn_01,
         &hf_dcerpc_cn_bind_trans_btfn_02,
+        &hf_dcerpc_cn_bind_trans_btfn_04,
+        &hf_dcerpc_cn_bind_trans_btfn_08,
         NULL
 };
 
@@ -636,6 +642,7 @@ static const value_string sec_vt_command_cmd_vals[] = {
     {1, "BITMASK_1"},
     {2, "PCONTEXT"},
     {3, "HEADER2"},
+    {4, "PREAUTH"},
     {0, NULL}
 };
 
@@ -663,6 +670,7 @@ static gint ett_dcerpc_sec_vt_command = -1;
 static gint ett_dcerpc_sec_vt_bitmask = -1;
 static gint ett_dcerpc_sec_vt_pcontext = -1;
 static gint ett_dcerpc_sec_vt_header = -1;
+static gint ett_dcerpc_sec_vt_preauth = -1;
 static gint ett_dcerpc_complete_stub_data = -1;
 static gint ett_dcerpc_fault_flags = -1;
 static gint ett_dcerpc_fault_stub_data = -1;
@@ -3568,6 +3576,28 @@ dissect_sec_vt_header(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb)
     proto_item_set_len(ti, offset);
 }
 
+static void
+dissect_sec_vt_preauth(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb)
+{
+    int offset = 0;
+    guint8 salt[16];
+    guint8 sha512[64];
+    proto_item *ti = NULL;
+    proto_tree *tr = proto_tree_add_subtree(tree, tvb, offset, -1,
+                                            ett_dcerpc_sec_vt_preauth,
+                                            &ti, "preauth");
+
+    tvb_memcpy(tvb, salt, offset, 16);
+    proto_tree_add_bytes(tr, hf_dcerpc_sec_vt_preauth_salt, tvb, offset, 16, salt);
+    offset += 16;
+
+    tvb_memcpy(tvb, sha512, offset, 64);
+    proto_tree_add_bytes(tr, hf_dcerpc_sec_vt_preauth_sha512, tvb, offset, 64, sha512);
+    offset += 64;
+
+    proto_item_set_len(ti, offset);
+}
+
 static int
 dissect_verification_trailer_impl(packet_info *pinfo, tvbuff_t *tvb, int stub_offset,
                                   proto_tree *parent_tree, int *signature_offset)
@@ -3580,6 +3610,7 @@ dissect_verification_trailer_impl(packet_info *pinfo, tvbuff_t *tvb, int stub_of
         SEC_VT_COMMAND_BITMASK_1    = 0x0001,
         SEC_VT_COMMAND_PCONTEXT     = 0x0002,
         SEC_VT_COMMAND_HEADER2      = 0x0003,
+        SEC_VT_COMMAND_PREAUTH      = 0x0004,
         SEC_VT_COMMAND_END          = 0x4000,
         SEC_VT_MUST_PROCESS_COMMAND = 0x8000,
         SEC_VT_COMMAND_MASK         = 0x3fff,
@@ -3681,6 +3712,9 @@ dissect_verification_trailer_impl(packet_info *pinfo, tvbuff_t *tvb, int stub_of
         case SEC_VT_COMMAND_HEADER2:
             dissect_sec_vt_header(pinfo, tr, cmd_tvb);
             break;
+        case SEC_VT_COMMAND_PREAUTH:
+            dissect_sec_vt_preauth(pinfo, tr, cmd_tvb);
+            break;
         default:
             proto_tree_add_item(tr, hf_dcerpc_unknown, cmd_tvb, 0, len, ENC_NA);
             break;
@@ -6798,6 +6832,10 @@ proto_register_dcerpc(void)
           { "Security Context Multiplexing Supported", "dcerpc.cn_bind_trans_btfn.01", FT_BOOLEAN, 16, NULL, 0x01, NULL, HFILL }},
         { &hf_dcerpc_cn_bind_trans_btfn_02,
           { "Keep Connection On Orphan Supported", "dcerpc.cn_bind_trans_btfn.02", FT_BOOLEAN, 16, NULL, 0x02, NULL, HFILL }},
+        { &hf_dcerpc_cn_bind_trans_btfn_04,
+          { "Support SHA512 PREAUTH Verification", "dcerpc.cn_bind_trans_btfn.04", FT_BOOLEAN, 16, NULL, 0x04, NULL, HFILL }},
+        { &hf_dcerpc_cn_bind_trans_btfn_08,
+          { "Support protection of all PDUs", "dcerpc.cn_bind_trans_btfn.08", FT_BOOLEAN, 16, NULL, 0x08, NULL, HFILL }},
         { &hf_dcerpc_cn_alloc_hint,
           { "Alloc hint", "dcerpc.cn_alloc_hint", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
         { &hf_dcerpc_cn_sec_addr_len,
@@ -7076,6 +7114,10 @@ proto_register_dcerpc(void)
           {"UUID", "dcerpc.rpc_sec_vt.pcontext.interface.uuid", FT_GUID, BASE_NONE, NULL, 0, NULL, HFILL }},
         { &hf_dcerpc_sec_vt_pcontext_ver,
           {"Version", "dcerpc.rpc_sec_vt.pcontext.interface.ver", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
+        { &hf_dcerpc_sec_vt_preauth_salt,
+          {"Salt", "dcerpc.rpc_sec_vt.preauth.salt", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
+        { &hf_dcerpc_sec_vt_preauth_sha512,
+          {"SHA512 Hash", "dcerpc.rpc_sec_vt.preauth.sha512", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
         { &hf_dcerpc_reserved,
           {"Reserved", "dcerpc.reserved", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }},
         { &hf_dcerpc_unknown,
@@ -7123,6 +7165,7 @@ proto_register_dcerpc(void)
         &ett_dcerpc_sec_vt_bitmask,
         &ett_dcerpc_sec_vt_pcontext,
         &ett_dcerpc_sec_vt_header,
+        &ett_dcerpc_sec_vt_preauth,
         &ett_dcerpc_complete_stub_data,
         &ett_dcerpc_fault_flags,
         &ett_dcerpc_fault_stub_data,