osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

credssp: fix dissection in RDP stream 

When there are more packets on the stream after credssp, like tpkt-rpd
data, the credssp heuristics fails when invoked by tls and then even the
packets for which the credssp heuristics succeeded do not get dissected
as credssp but as tpkt-continuation data.
To work around that, call the credssp heuristic dissector directly from
the rdp dissector before trying fastpath.
Leave the credssp heursitics in TLS for other protocols such as HTTP
where it may work.
This commit is contained in:
Isaac Boukris 2021-05-29 20:35:56 +03:00 committed by Wireshark GitLab Utility
parent 5363626d5a
commit 9147201351
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
epan/dissectors/asn1/credssp/packet-credssp-template.c
View File

@ -159,6 +159,7 @@ void proto_register_credssp(void) {
void proto_reg_handoff_credssp(void) {
heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE);
heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE);
exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
}

1
epan/dissectors/packet-credssp.c
View File

@ -535,6 +535,7 @@ void proto_register_credssp(void) {
void proto_reg_handoff_credssp(void) {
heur_dissector_add("tls", dissect_credssp_heur, "CredSSP over TLS", "credssp_tls", proto_credssp, HEURISTIC_ENABLE);
heur_dissector_add("rdp", dissect_credssp_heur, "CredSSP in TPKT", "credssp_tpkt", proto_credssp, HEURISTIC_ENABLE);
exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
}

10
epan/dissectors/packet-rdp.c
View File

@ -31,6 +31,8 @@
void proto_register_rdp(void);
void proto_reg_handoff_rdp(void);
static heur_dissector_list_t rdp_heur_subdissector_list;
static int proto_rdp = -1;
static int ett_rdp = -1;
@ -2352,6 +2354,12 @@ dissect_rdp_fastpath(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree,
static gboolean
dissect_rdp_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_) {
heur_dtbl_entry_t *hdtbl_entry;
if (dissector_try_heuristic(rdp_heur_subdissector_list, tvb, pinfo, parent_tree,
&hdtbl_entry, NULL)) {
return TRUE;
}
return dissect_rdp_fastpath(tvb, pinfo, parent_tree, NULL);
}
@ -3420,6 +3428,8 @@ proto_register_rdp(void) {
prefs_register_static_text_preference(rdp_module, "tcp_port_info",
"The TCP ports used by the RDP protocol should be added to the TPKT preference \"TPKT TCP ports\", or by selecting \"TPKT\" as the \"Transport\" protocol in the \"Decode As\" dialog.",
"RDP TCP Port preference moved information");
rdp_heur_subdissector_list = register_heur_dissector_list("rdp", proto_rdp);
}
void