Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

A bug in the SPNEGO asn1-based dissector that shows up when dissecting NTLMSSP

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sun, 1 Jul 2012 17:40:51 -0700
Hi folks,

There is a bug in the SPNEGO dissector that shows up when dissecting
the new445stream242.pcap file that was shown in the CIFS/SMB session
at Sharkfest.

It occurs in frame 8 and seems to happen because, when dissecting the
negTokenTarg, it dissects the NTLMSSP responseToken and then dissects
the mechListMIC, however, it does not think that it has used up all
the bytes in the TVB by the look of things, and redissects the
mechListMIC using a heuristic approach that tries to dissect it as
NTLMSSP, which it is not, so it screws up.

Can someone have a look at it.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: