From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 25 Jul 2009 08:23:26 +0000 (+0200)
Subject: MIT krb5-1.6 HACK patch
X-Git-Url: http://git.samba.org/?p=metze%2Fwireshark%2Fwip.git;a=commitdiff_plain;h=07a293bd8b6a15a83d8af24b1daa1826773731e0

MIT krb5-1.6 HACK patch

metze
---

diff --git a/krb5-1.6-wireshark-hack-01.diff b/krb5-1.6-wireshark-hack-01.diff
new file mode 100644
index 0000000000..5190e79f50
--- /dev/null
+++ b/krb5-1.6-wireshark-hack-01.diff
@@ -0,0 +1,56 @@
+Index: lib/crypto/dk/dk_decrypt.c
+===================================================================
+--- lib/crypto/dk/dk_decrypt.c	(Revision 22448)
++++ lib/crypto/dk/dk_decrypt.c	(Arbeitskopie)
+@@ -155,7 +155,8 @@
+ 	    abort();
+     } else
+ 	cn = NULL;
+-
++{
++int bad = 0;
+     /* verify the hash */
+ 
+     d1.length = hashsize;
+@@ -165,8 +166,11 @@
+ 	goto cleanup;
+ 
+     if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
++bad = 1;
++/*
+ 	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ 	goto cleanup;
++*/
+     }
+ 
+     /* because this encoding isn't self-describing wrt length, the
+@@ -182,6 +186,29 @@
+ 
+     memcpy(output->data, d2.data+blocksize, output->length);
+ 
++    if (bad != 0 && output->length > 16) {
++	/*
++	 * HACK:
++	 * This is a HACK to allow Wireshark to decrypt DCERPC
++	 * payload when header signing is used.
++	 *
++	 * We know the checksum was wrong, this happens
++	 * when DCERPC uses header signing and we check for
++	 * a valid gss_cfx_wrap_token header which is 16 byte long
++	 * and starts with 0x05 0x04 and sits at the end of the
++	 * encrypted data.
++	 */
++	unsigned char *hdr = output->data + (output->length - 16);
++	if (hdr[0] == 0x05 && hdr[1] == 0x04) {
++		bad = 0;
++	}
++    }
++
++    if (bad != 0) {
++	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
++	goto cleanup;
++    }
++}
+     if (cn != NULL)
+ 	memcpy(ivec->data, cn, blocksize);
+