From 4b4ccabd703b8d5c8ee2b0a10bc83c9ab75df3a1 Mon Sep 17 00:00:00 2001 From: jamesecorrenti Date: Tue, 22 Nov 2016 16:41:56 -0500 Subject: [PATCH] Update krb-types.pac KerberosString formatting for principal name to be compliant with RFC 4120 section 5.2.2, which states that there can be a few components (and in practice we have seen 3, more than the 1 or 2 that is typical) --- src/analyzer/protocol/krb/krb-types.pac | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/analyzer/protocol/krb/krb-types.pac b/src/analyzer/protocol/krb/krb-types.pac index 07418b3a71..0195f66acd 100644 --- a/src/analyzer/protocol/krb/krb-types.pac +++ b/src/analyzer/protocol/krb/krb-types.pac @@ -19,7 +19,9 @@ Val* GetStringFromPrincipalName(const KRB_Principal_Name* pname) return bytestring_to_val(pname->data()[0][0]->encoding()->content()); if ( pname->data()->size() == 2 ) return new StringVal(fmt("%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin())); - + if ( pname->data()->size() == 3 )  # if the name-string has a third value, this will just append it, else this will return unkown as the principal name + return new StringVal(fmt("%s/%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin(), (char *)pname->data()[0][2]->encoding()->content().begin())); + return new StringVal("unknown"); }