Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4759] Kerberos dissection failure (e-data)

Date: Fri, 14 May 2010 07:30:04 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4759

--- Comment #1 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-05-14 10:30:02 EDT ---
(In reply to comment #0)

> Please see packet 5, e-data part. Looks like the whole dissection of e-data is
> off (it explains why there's missing data for all the dissection, and a string
> is dissected as salt, etc.).
> 

I'm certainly a novice when it comes to Kerberos ....

However: After some amount of checking the BER encoding, the dissector code and
RFC 4120, I've convinced myself that the dissection of the e-data portion of
the KRB-ERROR message is being done correctly.

1. Looking at the BER encoding: the fields shown as <MISSING> actually are
missing. 

That is: the BER encoding for each is 'octet string' with a length of 0.

2. "salt" fields being present as part of the value for the PA-ENCTYPE-INFO
field (named PA-ETYPE-INFO in RFC 4120) of the pa-data is as expected.

See section 5.2.7.4 of RFC4120.

So: It seems to me that this report can be closed as "Invalid" unless you
disagree.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.