MIT krb5-1.6 HACK patch

metze

diff --git a/krb5-1.6-wireshark-hack-01.diff b/krb5-1.6-wireshark-hack-01.diff
new file mode 100644 (file)
index 0000000..5190e79
--- /dev/null
+++ b/krb5-1.6-wireshark-hack-01.diff
@@ -0,0 +1,56 @@
+Index: lib/crypto/dk/dk_decrypt.c
+===================================================================
+--- lib/crypto/dk/dk_decrypt.c (Revision 22448)
++++ lib/crypto/dk/dk_decrypt.c (Arbeitskopie)
+@@ -155,7 +155,8 @@
+           abort();
+     } else
+       cn = NULL;
+-
++{
++int bad = 0;
+     /* verify the hash */
+ 
+     d1.length = hashsize;
+@@ -165,8 +166,11 @@
+       goto cleanup;
+ 
+     if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
++bad = 1;
++/*
+       ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+       goto cleanup;
++*/
+     }
+ 
+     /* because this encoding isn't self-describing wrt length, the
+@@ -182,6 +186,29 @@
+ 
+     memcpy(output->data, d2.data+blocksize, output->length);
+ 
++    if (bad != 0 && output->length > 16) {
++      /*
++       * HACK:
++       * This is a HACK to allow Wireshark to decrypt DCERPC
++       * payload when header signing is used.
++       *
++       * We know the checksum was wrong, this happens
++       * when DCERPC uses header signing and we check for
++       * a valid gss_cfx_wrap_token header which is 16 byte long
++       * and starts with 0x05 0x04 and sits at the end of the
++       * encrypted data.
++       */
++      unsigned char *hdr = output->data + (output->length - 16);
++      if (hdr[0] == 0x05 && hdr[1] == 0x04) {
++              bad = 0;
++      }
++    }
++
++    if (bad != 0) {
++      ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
++      goto cleanup;
++    }
++}
+     if (cn != NULL)
+       memcpy(ivec->data, cn, blocksize);
+