Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix for an issue with GSSAPI mech_token from Florent Monjalet

Browse source 
From Florent's patch:
Previously, the ASN1EncodingMeta was in the NTLM_SSP_Token; this broke the
NTLM decoding when used directly with DCE-RPC. NTLM now works on DCE-RPC
and should work properly on other layers in the future (e.g. HTTP
Authentication data).
This commit is contained in:
Seth Hall 2016-07-07 13:03:33 -04:00
parent 5c744fa0c9
commit c31c0ed2e2
3 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/analyzer/protocol/gssapi/gssapi-protocol.pac
View file

@ -30,7 +30,7 @@ type GSSAPI_NEG_TOKEN_INIT_Arg = record {
type GSSAPI_NEG_TOKEN_INIT_Arg_Data(index: uint8) = case index of {
0 -> mech_type_list : ASN1Encoding;
1 -> req_flags : ASN1Encoding;
2 -> mech_token : bytestring &restofdata;
2 -> mech_token : GSSAPI_NEG_TOKEN_MECH_TOKEN(true);
3 -> mech_list_mic : ASN1OctetString;
};
@ -44,7 +44,12 @@ type GSSAPI_NEG_TOKEN_RESP_Arg = record {
args : case seq_meta.index of {
0 -> neg_state : ASN1Integer;
1 -> supported_mech : ASN1Encoding;
2 -> response_token : bytestring &restofdata;
2 -> response_token : GSSAPI_NEG_TOKEN_MECH_TOKEN(false);
3 -> mech_list_mic : ASN1OctetString;
} &length=seq_meta.length;
};
type GSSAPI_NEG_TOKEN_MECH_TOKEN(is_orig: bool) = record {
meta : ASN1EncodingMeta;
mech_token : bytestring &length=meta.length;
};