This fix now allows SASL/GSS-API with integrity only to be properly dissected

in that we now properly indicate the checksum and provide the wrapped token to
the LDAP dissector to dissect.

There is still a problem in that the wrong parts of the SASL packet can be
indicated when users click on some parts.

I am committing it for review and because it is much better than the current
code.

Bug:9398
Change-Id: I552fc249db26835b79abfc8793438a95f221663a
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/1905
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

1 files changed, 34 insertions, 7 deletions

diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index b3dca1a365..adcd55b5d0 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -1478,13 +1478,40 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 
 	if (pinfo->gssapi_data_encrypted) {
 		checksum_size = 44 + ec;
+
+		proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
+				    checksum_size, ENC_NA);
+		offset += checksum_size;
+
 	} else {
-		checksum_size = 12;
-	}
+		int inner_token_len = 0;
 
-	proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
-			    checksum_size, ENC_NA);
-	offset += checksum_size;
+		/*
+		 * We know we have a wrap token, but we have to let the proto
+		 * above us decode that, so hand it back in gssapi_wrap_tvb
+		 * and put the checksum in the tree.
+		 */
+
+		checksum_size = ec;
+
+		inner_token_len = tvb_reported_length_remaining(tvb, offset) -
+					ec;
+
+		pinfo->gssapi_wrap_tvb = tvb_new_subset(tvb, offset,
+						inner_token_len, inner_token_len);
+
+		offset += inner_token_len;
+
+		proto_tree_add_item(tree, hf_spnego_krb5_sgn_cksum, tvb, offset,
+				    checksum_size, ENC_NA);
+
+		/*
+		 * Return an offset that puts our caller before the inner
+		 * token. This is better than before, but we still see the
+		 * checksum included in the LDAP query at times.
+		 */
+		return offset - inner_token_len;
+	}
 
 	if(pinfo->decrypt_gssapi_tvb){
 		/* if the caller did not provide a tvb, then we just use
@@ -1927,7 +1954,7 @@ void proto_register_spnego(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1382 "../../asn1/spnego/packet-spnego-template.c"
+#line 1409 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	/* List of subtrees */
@@ -1950,7 +1977,7 @@ void proto_register_spnego(void) {
     &ett_spnego_InitialContextToken_U,
 
 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1392 "../../asn1/spnego/packet-spnego-template.c"
+#line 1419 "../../asn1/spnego/packet-spnego-template.c"
 	};
 
 	/* Register protocol */