From 4f95722f491e89753b0ddf22a71baf16fadd392d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 10 Jul 2024 18:55:00 +0200 Subject: [PATCH] Revert "LATER packet-kerberos: ticket_checksum tmpvtb..." This reverts commit c8b9b6fdc879198addf090d557fd57f4415e8b01. --- .../asn1/kerberos/packet-kerberos-template.c | 40 ---------------------- 1 file changed, 40 deletions(-) diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index 06a59ed1b3..905b76be8b 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -143,7 +143,6 @@ typedef struct { enc_key_t *last_added_key; enc_key_t *current_ticket_key; tvbuff_t *last_ticket_enc_part_tvb; - uint32_t within_PAC_TICKET_CHECKSUM; #endif int save_encryption_key_parent_hf_index; kerberos_key_save_fn save_encryption_key_fn; @@ -2282,7 +2281,6 @@ verify_krb5_pac_ticket_checksum(proto_tree *tree _U_, krb5_data tepdata = { .length = 0, }; krb5_enc_tkt_part *tep = NULL; krb5_data *tmpdata = NULL; - tvbuff_t *tmp_tvb = NULL; krb5_error_code ret; krb5_authdata **recoded_container = NULL; int ad_orig_idx = -1; @@ -2363,8 +2361,6 @@ verify_krb5_pac_ticket_checksum(proto_tree *tree _U_, return; } - proto_tree_add_text_internal(tree, teptvb, 0, teplength, "EncTicketPart (Original)"); - for (l0idx = 0; tep->authorization_data[l0idx]; l0idx++) { krb5_authdata *adl0 = tep->authorization_data[l0idx]; krb5_authdata **decoded_container = NULL; @@ -2455,20 +2451,6 @@ verify_krb5_pac_ticket_checksum(proto_tree *tree _U_, return; } - tmp_tvb = tvb_new_child_real_data(teptvb, tmpdata->data, tmpdata->length, tmpdata->length); - /* Add the decrypted data to the data source list. */ - add_new_data_source(actx->pinfo, tmp_tvb, "Krb5 EncTicketPart (Empty PAC)"); - proto_tree_add_text_internal(tree, tmp_tvb, 0, tmpdata->length, "EncTicketPart (Empty PAC)"); - private_data->last_ticket_enc_part_tvb = tmp_tvb; - TRY { - asn1_ctx_t actx_tmp = *actx; - dissect_kerberos_Applications(FALSE, tmp_tvb, 0, &actx_tmp, tree, /* hf_index*/ -1); - } - CATCH_BOUNDS_ERRORS { - } - ENDTRY; - private_data->last_ticket_enc_part_tvb = teptvb; - ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, tmpdata, &checksum, &valid); @@ -2730,14 +2712,6 @@ verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb) .kdc_checksum = 0, }; - if (private_data->within_PAC_TICKET_CHECKSUM != 0) { - proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype, - pactvb, 0, 0, - "PAC_TICKET_CHECKSUM recustion detected frame %u", - ret, actx->pinfo->fd->num); - return; - } - /* don't do anything if we are not attempting to decrypt data */ if(!krb_decrypt || length < 1){ return; @@ -2830,9 +2804,7 @@ verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb) } if (state.ticket_checksum_type != 0) { - private_data->within_PAC_TICKET_CHECKSUM += 1; verify_krb5_pac_ticket_checksum(tree, actx, pactvb, &state); - private_data->within_PAC_TICKET_CHECKSUM -= 1; } if (state.ticket_checksum_data != NULL) { @@ -4962,22 +4934,10 @@ dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, as static int dissect_krb5_AD_WIN2K_PAC(bool implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) { - int length = tvb_captured_length(tvb); uint32_t entries; uint32_t version; uint32_t i; - if (length == 1) { - uint8_t zero = tvb_get_guint8(tvb, offset); - - if (zero == 0) { - proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype, - tvb, offset, 1, - "Empty PAC for PAC_TICKET_CHECKSUM"); - return offset + 1; - } - } - #if defined(HAVE_MIT_KERBEROS) && defined(HAVE_KRB5_PAC_VERIFY) verify_krb5_pac(tree, actx, tvb); #endif -- 2.11.4.GIT