Ethereal-dev: [Ethereal-dev] Re: bug in socks (3) - wrong dissection of AuthReply packets.
Attached please find a fix for packet-socks.c that corrects this,
against CVS 2004-01-20.
Yaniv Kaul wrote:
Lines 840-844, in packet-socks.c:
else if ( hash_info->state == AuthReply){ /* V5 User Auth reply */
hash_info->cmd_reply_row = get_packet_ptr;
if (check_col(pinfo->cinfo, COL_INFO))
col_append_str(pinfo->cinfo, COL_INFO, " User
authentication reply");
hash_info->state = V5Command;
The code assumes that the response for a an authentication request is
a V5Command. However, it's usually an authentication response - and
the authentication subnegotiation has its own version number ('1',
according to RFC 1929). This causes it not to interpret the command
properly (as it see the version is '1' and '5', it won't continue to
dissect the packet).
I've seen servers replying with version '5', but I think it's a faulty
server - some clients won't be able to connect to it, if they expect
the version they sent ('1)' and the version they received ('5') to
match...
Snoops will be available upon request.
--- packet-socks.c 2004-01-22 22:43:18.000000000 +0200
+++ ../packet-socks.c 2004-02-12 15:30:46.000000000 +0200
@@ -2,7 +2,7 @@
* Routines for socks versions 4 &5 packet dissection
* Copyright 2000, Jeffrey C. Foster <jfoste@xxxxxxxxxxxx>
*
- * $Id: packet-socks.c,v 1.56 2004/01/22 20:43:17 guy Exp $
+ * $Id: packet-socks.c,v 1.55 2004/01/10 02:43:29 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxxxxxx>
@@ -141,6 +141,7 @@
V5Reply,
V5BindReply,
UserNameAuth,
+ UserNameAuthReply,
GssApiAuth,
AuthReply,
Done
@@ -166,6 +167,7 @@
row_pointer_type command_row;
row_pointer_type auth_method_row;
row_pointer_type user_name_auth_row;
+ row_pointer_type auth_version;
guint32 start_done_row;
guint32 dst_addr; /* this needs to handle IPv6 */
@@ -418,7 +420,7 @@
*ptr = hash_info->udp_remote_port;
- decode_udp_ports( tvb, offset, pinfo, tree, pinfo->srcport, pinfo->destport, -1);
+ decode_udp_ports( tvb, offset, pinfo, tree, pinfo->srcport, pinfo->destport);
*ptr = hash_info->udp_port;
@@ -538,7 +540,7 @@
unsigned int i, command;
guint temp;
char *AuthMethodStr;
-
+ unsigned char auth_status;
proto_tree_add_item( tree, hf_socks_ver, tvb, offset, 1, FALSE);
++offset;
@@ -589,6 +591,14 @@
}
/* command to the server */
/* command response from server */
+ else if (compare_packet( hash_info->auth_version)) {
+ auth_status = tvb_get_guint8(tvb, offset);
+ if(auth_status != 0)
+ proto_tree_add_text( tree, tvb, offset, 1, "Status: %d (failure)", auth_status);
+ else
+ proto_tree_add_text( tree, tvb, offset, 1, "Status: success", auth_status);
+ offset ++;
+ }
else if ((compare_packet( hash_info->command_row)) ||
(compare_packet( hash_info->cmd_reply_row)) ||
(compare_packet( hash_info->bind_reply_row))){
@@ -823,24 +833,25 @@
else if ( hash_info->state == V5BindReply) { /* V5 Bind Second Reply */
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO, " Command Response: Bind remote host info");
+ col_append_str(pinfo->cinfo, COL_INFO, " Command Response: Bind remote host info");
hash_info->bind_reply_row = get_packet_ptr;
hash_info->state = Done;
}
else if ( hash_info->state == UserNameAuth) { /* Handle V5 User Auth*/
+ hash_info->auth_version = get_packet_ptr;
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO,
- " User authentication response");
+ col_append_str(pinfo->cinfo, COL_INFO,
+ " User authentication request");
hash_info->user_name_auth_row = get_packet_ptr;
hash_info->state = AuthReply;
}
else if ( hash_info->state == AuthReply){ /* V5 User Auth reply */
- hash_info->cmd_reply_row = get_packet_ptr;
+ hash_info->auth_version = get_packet_ptr;
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO, " User authentication reply");
+ col_append_str(pinfo->cinfo, COL_INFO, " User authentication reply");
hash_info->state = V5Command;
}
}
