ESP: honor enable_null_encryption_decode_heuristic preference when the ESP packet does not match any known SA
Otherwise checking the enable_encryption_decode preference will completely ignore enable_null_encryption_decode_heuristic Change-Id: I34744ddb2080453dab7cd7d34f47b4984969993c Reviewed-on: https://code.wireshark.org/review/4897 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This commit is contained in:
parent
48da429a04
commit
001dbaf763
|
@ -1313,7 +1313,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
guint32 saved_match_uint;
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT
|
||||
gboolean get_address_ok = FALSE;
|
||||
gboolean null_encryption_decode_heuristic = FALSE;
|
||||
guint8 *decrypted_data = NULL;
|
||||
guint8 *authenticator_data = NULL;
|
||||
|
@ -1426,14 +1425,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
/* Create strings for src, dst addresses */
|
||||
ip_src = address_to_str(wmem_packet_scope(), &pinfo->src);
|
||||
ip_dst = address_to_str(wmem_packet_scope(), &pinfo->dst);
|
||||
get_address_ok = TRUE;
|
||||
|
||||
/* The packet cannot be decoded using the SAD */
|
||||
if(g_esp_enable_null_encryption_decode_heuristic && !get_address_ok)
|
||||
null_encryption_decode_heuristic = TRUE;
|
||||
|
||||
if(get_address_ok)
|
||||
{
|
||||
/* Get the SPI */
|
||||
if (tvb_length(tvb) >= 4)
|
||||
{
|
||||
|
@ -2061,6 +2053,11 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
}
|
||||
}
|
||||
}
|
||||
else if(g_esp_enable_null_encryption_decode_heuristic)
|
||||
{
|
||||
/* The packet does not belong to a Security Association */
|
||||
null_encryption_decode_heuristic = TRUE;
|
||||
}
|
||||
|
||||
if(decrypt_ok && (decrypted_len > esp_iv_len))
|
||||
{
|
||||
|
@ -2153,12 +2150,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* The packet does not belong to a security Association */
|
||||
null_encryption_decode_heuristic = g_esp_enable_null_encryption_decode_heuristic;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
If the packet is present in the security association database and the field g_esp_enable_authentication_check set.
|
||||
|
|
Loading…
Reference in New Issue