microsoft does not use a confounder for spnego when using DNS/TSIG

they use an additional confounder everywhere else (as it seems) but not for DNS/TSIG svn path=/trunk/; revision=16894
2005-12-25 11:43:47 +00:00 · 2005-12-25 11:43:47 +00:00 · 2975ff835b
parent cec07db2da
commit 2975ff835b
2 changed files with 22 additions and 10 deletions
--- a/asn1/spnego/packet-spnego-template.c
+++ b/asn1/spnego/packet-spnego-template.c
@ -796,13 +796,19 @@ dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo _U
 	 * extra 8 bytes of "Random confounder" after the checksum.
 	 * It certainly confounds code expecting all Kerberos 5
 	 * GSS_Wrap() tokens to look the same....
+	 *
+	 * The exception is DNS/TSIG where there is no such confounder
+	 * so we need to test here if there are more bytes in our tvb or not.
+	 *  -- ronnie
 	 */
-	if (sgn_alg == KRB_SGN_ALG_HMAC) {
-	  proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8,
+	if (tvb_length_remaining(tvb, offset)) {
+	  if (sgn_alg == KRB_SGN_ALG_HMAC) {
+	    proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8,
 			      TRUE);

-	  offset += 8;
-	}
+	    offset += 8;
+	  }
+        }

 	/*
 	 * Return the offset past the checksum, so that we know where
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@ -1296,13 +1296,19 @@ dissect_spnego_krb5_getmic_base(tvbuff_t *tvb, int offset, packet_info *pinfo _U
 	 * extra 8 bytes of "Random confounder" after the checksum.
 	 * It certainly confounds code expecting all Kerberos 5
 	 * GSS_Wrap() tokens to look the same....
+	 *
+	 * The exception is DNS/TSIG where there is no such confounder
+	 * so we need to test here if there are more bytes in our tvb or not.
+	 *  -- ronnie
 	 */
-	if (sgn_alg == KRB_SGN_ALG_HMAC) {
-	  proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8,
+	if (tvb_length_remaining(tvb, offset)) {
+	  if (sgn_alg == KRB_SGN_ALG_HMAC) {
+	    proto_tree_add_item(tree, hf_spnego_krb5_confounder, tvb, offset, 8,
 			      TRUE);

-	  offset += 8;
-	}
+	    offset += 8;
+	  }
+        }

 	/*
 	 * Return the offset past the checksum, so that we know where
@ -1590,7 +1596,7 @@ void proto_register_spnego(void) {
        "", HFILL }},

 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1005 "packet-spnego-template.c"
+#line 1011 "packet-spnego-template.c"
 	};

 	/* List of subtrees */
@ -1611,7 +1617,7 @@ void proto_register_spnego(void) {
    &ett_spnego_InitialContextToken,

 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1014 "packet-spnego-template.c"
+#line 1020 "packet-spnego-template.c"
 	};

 	/* Register protocol */