Ethereal-dev: [Ethereal-dev] packet-dns.c patch - GSSAPI in TKEY can also be NTLMSSP data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>
Date: Sun, 21 Nov 2004 17:10:48 +0200
Using the proven method of verifying NTLMSSP is used instead of GSSAPI (compare the start of the buffer to 'NTLMSSP'...), TKEY records with NTLM, not GSSAPI, are now properly dissected. 
Attached svn diff.

Y.

Index: packet-dns.c
===================================================================
--- packet-dns.c	(revision 12561)
+++ packet-dns.c	(working copy)
@@ -82,6 +82,7 @@
 
 /* Dissector handle for GSSAPI */
 static dissector_handle_t gssapi_handle;
+static dissector_handle_t ntlmssp_handle;
 
 /* DNS structs and definitions */
 
@@ -1935,8 +1936,10 @@
 			 */
 			gssapi_tvb = tvb_new_subset(
 				tvb, cur_offset, tkey_keylen, tkey_keylen);
-
-			call_dissector(gssapi_handle, gssapi_tvb, pinfo,
+			if(tvb_strneql(gssapi_tvb, 0, "NTLMSSP", 7) == 0)
+				call_dissector(ntlmssp_handle, gssapi_tvb, pinfo, key_tree);
+			else
+				call_dissector(gssapi_handle, gssapi_tvb, pinfo,
 				key_tree);
 
 			break;
@@ -2623,4 +2626,5 @@
   dissector_add("tcp.port", TCP_PORT_MDNS, dns_tcp_handle);
 
   gssapi_handle = find_dissector("gssapi");
+  ntlmssp_handle = find_dissector("ntlmssp");
 }