Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: Patch: NTLMSSP verifier must come after stub decryption

Ethereal-dev: Re: [Ethereal-dev] Re: Patch: NTLMSSP verifier must come after stub decryption

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Devin Heitmueller <dheitmueller@xxxxxxxxxxx>

Date: Mon, 06 Sep 2004 21:21:11 -0400

Hello Guy,

Has anyone provided a capture that would fail with my proposed patch? 
If not, could you please check it in?

If somebody has a capture that fails in this case, send it to me and I
will be happy to debug it.  Otherwise, the current logic causes NTLMSSP
decryption to fail and that's a case that is definitely broken without
my patch.

Thanks,

Devin

On Tue, 2004-08-24 at 03:25, Guy Harris wrote:
> Tim Potter wrote:
> 
> > Whoops - sorry about that.  )-:  I would say go for it as I haven't
> > looked at this part of ethereal in quite a while.
> 
> The checkin comment for that was:
> 
>    This commit refactors the dcerpc authentication subdissectors for
>    handling encrypted request/response PDUs.  Instead of having
>    dissection function pointers which perform both decryption and
>    dissection, the function pointers now only decrypt the DCERPC fragment
>    payload.  Dissection is handled by the dcerpc_try_handoff() function
>    (with DCERPC fragment reassembly if necessary).
> 
>    Details:
> 
>     - Move the dcerpc_auth_info struct into dcerpc.h as it is now used in
>       the function prototype for the decryption function handlers.
> 
>     - decode_encrypted_data() was refactored to take a boolean request
>       parameter instead of passing the DCERPC PDU packet type.
> 
>     - A tvbuff_t * data field was added to dcerpc_auth to hold the
>       verifier.  This is passed as an argument to the decryption function
>       handlers.
> 
>     - Dissection of verifiers in request and response PDUs was moved to
>       before the payload.
> 
>     - The dissect_dcerpc_cn_stub() function was refactored to perform
>       the decryption process and hand decrypted data to the reassembly
>       code instead of performing the decryption after reassembly.
> 
>     - Removed references to decrypted_info_t as it's not necessary
>       anymore.
> 
>    Code was tested using encrypted and unencrypted fragmented PDUs.
>    Before this commit ethereal could not dissect unencrypted (!)
>    fragmented PDUs correctly.
> 
> Do you happen to remember whether the move of the verifier dissection 
> was needed to fix any of the problems the checkin fixed?
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Prev by Date: Re: [Ethereal-dev] Core dump when saving one packet in 0.10.6
Next by Date: [Ethereal-dev] ./configure error
Previous by thread: Re: [Ethereal-dev] Core dump when saving one packet in 0.10.6
Next by thread: [Ethereal-dev] ./configure error
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$