osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

PKTC must be stricter with its Kerberos application choices. 

The PKTC dissector calls the Kerberos dissector assuming certain application values.  Because different application values can have different "private" data, corruption can occur.
Ensure the Kerberos application values match the preceding comments by checking the ber identifier before calling the Kerberos dissector.

Bug: 12206
Change-Id: I9b04837f93a56681cae3816278315cf01da17544
Reviewed-on: https://code.wireshark.org/review/14520
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
Michael Mann 2016-03-18 21:06:51 -04:00 committed by Alexis La Goutte
parent 92db934c7c
commit 4cdc9eeba5
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
epan/dissectors/packet-pktc.c
View File

@ -36,6 +36,7 @@
#include <epan/to_str.h>
#include <epan/asn1.h>
#include "packet-pktc.h"
#include "packet-ber.h"
#include "packet-kerberos.h"
#include "packet-snmp.h"
@ -95,6 +96,7 @@ static gint ett_pktc_mtafqdn = -1;
static expert_field ei_pktc_unknown_kmmid = EI_INIT;
static expert_field ei_pktc_unknown_doi = EI_INIT;
static expert_field ei_pktc_unknown_kerberos_application = EI_INIT;
#define KMMID_WAKEUP 0x01
#define KMMID_AP_REQUEST 0x02
@ -548,6 +550,9 @@ dissect_pktc_mtafqdn(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void*
proto_tree *pktc_mtafqdn_tree;
proto_item *item;
tvbuff_t *pktc_mtafqdn_tvb;
gint8 ber_class;
gboolean pc;
gint32 tag;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PKTC");
@ -559,11 +564,22 @@ dissect_pktc_mtafqdn(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void*
/* KRB_AP_RE[QP] */
pktc_mtafqdn_tvb = tvb_new_subset_remaining(tvb, offset);
offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, NULL);
get_ber_identifier(pktc_mtafqdn_tvb, 0, &ber_class, &pc, &tag);
if ((tag == 10) || (tag == 11)) {
offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, NULL);
} else {
expert_add_info_format(pinfo, item, &ei_pktc_unknown_kerberos_application, "Unknown Kerberos application (%d), expected 10 or 11", tag);
return tvb_captured_length(tvb);
}
/* KRB_SAFE */
pktc_mtafqdn_tvb = tvb_new_subset_remaining(tvb, offset);
offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, cb);
get_ber_identifier(pktc_mtafqdn_tvb, 0, &ber_class, &pc, &tag);
if (tag == 20) {
offset += dissect_kerberos_main(pktc_mtafqdn_tvb, pinfo, pktc_mtafqdn_tree, FALSE, cb);
} else {
expert_add_info_format(pinfo, item, &ei_pktc_unknown_kerberos_application, "Unknown Kerberos application (%d), expected 20", tag);
}
proto_item_set_len(item, offset);
return tvb_captured_length(tvb);
@ -776,6 +792,7 @@ proto_register_pktc_mtafqdn(void)
static ei_register_info ei[] = {
{ &ei_pktc_unknown_kmmid, { "pktc.mtafqdn.unknown_kmmid", PI_PROTOCOL, PI_WARN, "Unknown KMMID", EXPFILL }},
{ &ei_pktc_unknown_doi, { "pktc.mtafqdn.unknown_doi", PI_PROTOCOL, PI_WARN, "Unknown DOI", EXPFILL }},
{ &ei_pktc_unknown_kerberos_application, { "pktc.mtafqdn.unknown_kerberos_application", PI_PROTOCOL, PI_WARN, "Unknown Kerberos application", EXPFILL }},
};
expert_module_t* expert_pktc;