Wireshark-bugs: [Wireshark-bugs] [Bug 5387] New: Kerberos: PA-PW-SALT is sometimes just a string
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5387
Summary: Kerberos: PA-PW-SALT is sometimes just a string (with
undefined locale)
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mykaul@xxxxxxxxx
Build Information:
SVN r34846
--
Per RFC 4120, section 5.2.7.3:
"... Unfortunately, for historical reasons, the character set to be used is
unspecified and probably locale-specific."
and 5.2.7:
3 pa-pw-salt salt (not ASN.1 encoded)
So it can be just a string. And indeed, in a MS Windows capture I have the salt
is just a hostname+username string. It appears the Kerberos dissector always
dissects it as a NT error/status, which may mislead the user to think that
there's an unknown error (as the string is interpreted as an error).
Two solutions I can think of:
1. Probe the first 32 bit see if they match any known NT error. If they do,
possibly it's a NT error status code indeed.
2. If they don't, and it's an ASCII char, try to decode as string -
regretfully, I don't know how to get the length of the data from the ASN.1
context. If one can help me with that, we can even implement a 'dumber'
solution - if length != 12, dissect as string and not as NT status.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.