From d2396d2f580cb513896c6ecb5f5d7bd8d2c4f759 Mon Sep 17 00:00:00 2001
From: Eugene Sukhodolin <eugene@sukhodolin.com>
Date: Sat, 9 Aug 2014 21:24:09 -0700
Subject: [PATCH] The version of the CredSSP protocol can be 2 or 3

According to Microsoft documentation, valid values for the Version field are 2 and 3. Newer servers (like Windows 2012 R2) respond with Version=3.

Change-Id: Ifb0c6f52d09c75bbde2b4a46d13366461736b9c0
Reviewed-on: https://code.wireshark.org/review/3527
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
---
 epan/dissectors/packet-credssp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/epan/dissectors/packet-credssp.c b/epan/dissectors/packet-credssp.c
index 8531c59b43..edc5353105 100644
--- a/epan/dissectors/packet-credssp.c
+++ b/epan/dissectors/packet-credssp.c
@@ -362,6 +362,7 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
   gboolean pc;
   gint32 tag;
   guint32 length;
+  gint8 ver;
 
   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
 
@@ -376,7 +377,8 @@ dissect_credssp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
         offset = get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
         if((ber_class == BER_CLASS_UNI) && (tag == BER_UNI_TAG_INTEGER)) {
           offset = get_ber_length(tvb, offset, &length, NULL);
-          if((length == 1) && (tvb_get_guint8(tvb, offset) == 2)) {
+          ver = tvb_get_guint8(tvb, offset);
+          if((length == 1) && ((ver == 2) || (ver == 3))) {
             if (have_tap_listener(exported_pdu_tap)) {
               exp_pdu_data_t *exp_pdu_data;
               guint8 tags_bit_field;