Wireshark-bugs: [Wireshark-bugs] [Bug 9398] dissectors bug with a SASL/GSSAPI/Kerberos security

Date: Fri, 30 May 2014 03:34:52 +0000

Comment # 4 on bug 9398 from
OK, this looks like the problem in dissect_spnego_krb5_cfx_wrap_base:

static int
dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
#ifndef HAVE_KERBEROS
        _U_
#endif
    , proto_tree *tree, guint16 token_id _U_
    )
{
        guint8 flags;
        guint16 ec;
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
        guint16 rrc;
#endif
        int checksum_size;
        int start_offset=offset;

        /*
         * The KRB5 blob conforms to RFC4121:
         *   USHORT (0x0504)
         *   and so on }
         */

        /* Now, the sign and seal algorithms ... */

        flags = tvb_get_guint8(tvb, offset);
        offset = dissect_spnego_krb5_cfx_flags(tvb, offset, tree, flags);

        pinfo->gssapi_data_encrypted=(flags & 2);

        /* Skip the filler */

        proto_tree_add_item(tree, hf_spnego_krb5_filler, tvb, offset, 1,
                            ENC_NA);
        offset += 1;

        /* EC */
        ec = tvb_get_ntohs(tvb, offset);
        proto_tree_add_item(tree, hf_spnego_krb5_cfx_ec, tvb, offset, 2,
                            ENC_BIG_ENDIAN);
        offset += 2;
        /* RRC */
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
        rrc = tvb_get_ntohs(tvb, offset);
#endif
        proto_tree_add_item(tree, hf_spnego_krb5_cfx_rrc, tvb, offset, 2,
                            ENC_BIG_ENDIAN);
        offset += 2;

        /* sequence number */

        proto_tree_add_item(tree, hf_spnego_krb5_cfx_seq, tvb, offset, 8,
                            ENC_BIG_ENDIAN);
        offset += 8;

        /* Checksum of plaintext padded data */

        if (pinfo->gssapi_data_encrypted) {
                checksum_size = 44 + ec;
        } else {
                checksum_size = 12;
        }

        proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
                            checksum_size, ENC_NA);
        offset += checksum_size;

This last pair should only be done if pinfo->gssapi_data_encrypted is set,
otherwise we should defer adding this element until after the payload is
decrypted and then add the checksum as the last 12 bytes.


You are receiving this mail because:
  • You are watching all bug changes.