Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: Patch: NTLMSSP verifier must come after stub decryption

[Guy Harris <gharris@xxxxxxxxx>]

Tim Potter wrote:

> Whoops - sorry about that.  )-:  I would say go for it as I haven't
> looked at this part of ethereal in quite a while.

The checkin comment for that was:

  This commit refactors the dcerpc authentication subdissectors for
  handling encrypted request/response PDUs.  Instead of having
  dissection function pointers which perform both decryption and
  dissection, the function pointers now only decrypt the DCERPC fragment
  payload.  Dissection is handled by the dcerpc_try_handoff() function
  (with DCERPC fragment reassembly if necessary).

  Details:

   - Move the dcerpc_auth_info struct into dcerpc.h as it is now used in
     the function prototype for the decryption function handlers.

   - decode_encrypted_data() was refactored to take a boolean request
     parameter instead of passing the DCERPC PDU packet type.

   - A tvbuff_t * data field was added to dcerpc_auth to hold the
     verifier.  This is passed as an argument to the decryption function
     handlers.

   - Dissection of verifiers in request and response PDUs was moved to
     before the payload.

   - The dissect_dcerpc_cn_stub() function was refactored to perform
     the decryption process and hand decrypted data to the reassembly
     code instead of performing the decryption after reassembly.

   - Removed references to decrypted_info_t as it's not necessary
     anymore.

  Code was tested using encrypted and unencrypted fragmented PDUs.
  Before this commit ethereal could not dissect unencrypted (!)
  fragmented PDUs correctly.

Do you happen to remember whether the move of the verifier dissection 
was needed to fix any of the problems the checkin fixed?