Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Re: Patch: NTLMSSP verifier must come after stub decryption

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Devin Heitmueller <dheitmueller@xxxxxxxxxxx>
Date: Mon, 06 Sep 2004 21:21:11 -0400
Hello Guy,

Has anyone provided a capture that would fail with my proposed patch? 
If not, could you please check it in?

If somebody has a capture that fails in this case, send it to me and I
will be happy to debug it.  Otherwise, the current logic causes NTLMSSP
decryption to fail and that's a case that is definitely broken without
my patch.

Thanks,

Devin

On Tue, 2004-08-24 at 03:25, Guy Harris wrote:
> Tim Potter wrote:
> 
> > Whoops - sorry about that.  )-:  I would say go for it as I haven't
> > looked at this part of ethereal in quite a while.
> 
> The checkin comment for that was:
> 
>    This commit refactors the dcerpc authentication subdissectors for
>    handling encrypted request/response PDUs.  Instead of having
>    dissection function pointers which perform both decryption and
>    dissection, the function pointers now only decrypt the DCERPC fragment
>    payload.  Dissection is handled by the dcerpc_try_handoff() function
>    (with DCERPC fragment reassembly if necessary).
> 
>    Details:
> 
>     - Move the dcerpc_auth_info struct into dcerpc.h as it is now used in
>       the function prototype for the decryption function handlers.
> 
>     - decode_encrypted_data() was refactored to take a boolean request
>       parameter instead of passing the DCERPC PDU packet type.
> 
>     - A tvbuff_t * data field was added to dcerpc_auth to hold the
>       verifier.  This is passed as an argument to the decryption function
>       handlers.
> 
>     - Dissection of verifiers in request and response PDUs was moved to
>       before the payload.
> 
>     - The dissect_dcerpc_cn_stub() function was refactored to perform
>       the decryption process and hand decrypted data to the reassembly
>       code instead of performing the decryption after reassembly.
> 
>     - Removed references to decrypted_info_t as it's not necessary
>       anymore.
> 
>    Code was tested using encrypted and unencrypted fragmented PDUs.
>    Before this commit ethereal could not dissect unencrypted (!)
>    fragmented PDUs correctly.
> 
> Do you happen to remember whether the move of the verifier dissection 
> was needed to fix any of the problems the checkin fixed?
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube