2 files changed, 8 insertions, 18 deletions

diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 81f84a8ac..2d062ce4e 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -28,7 +28,7 @@
 
 #include "ndpi_api.h"
 
-//#define KERBEROS_DEBUG 1
+/* #define KERBEROS_DEBUG 1 */
 
 #define KERBEROS_PORT 88
 
@@ -190,7 +190,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 		u_int16_t name_offset;
 
 		name_offset = body_offset + 13;
-		for(i=0; i<10; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */
+		for(i=0; i<20; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */
 
 #ifdef KERBEROS_DEBUG
 		printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]);
@@ -222,8 +222,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 		      for(i=0; i<cname_len; i++) cname_str[i] = tolower(cname_str[i]);
 
 #ifdef KERBEROS_DEBUG
-		      printf("[AS-REQ][s/dport: %u/%u][Kerberos Cname][len: %u][%s]\n",
-			     sport, dport, cname_len, cname_str);
+		      printf("[AS-REQ][s/dport: %u/%u][Kerberos Cname][len: %u][%s]\n", sport, dport, cname_len, cname_str);
 #endif
 
 		      if(((strcmp(cname_str, "host") == 0) || (strcmp(cname_str, "ldap") == 0)) && (packet->payload[name_offset+1+cname_len] == 0x1b)) {
@@ -242,7 +241,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 		    } else
 		      snprintf(flow->protos.kerberos.username, sizeof(flow->protos.kerberos.username), "%s", cname_str);
 
-		    for(i=0; i<10; i++) if(packet->payload[realm_offset] != 0x1b) name_offset++; /* ASN.1 */
+		    for(i=0; i<14; i++) if(packet->payload[realm_offset] != 0x1b) realm_offset++; /* ASN.1 */
 #ifdef KERBEROS_DEBUG
 		    printf("realm_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", realm_offset, packet->payload[realm_offset], packet->payload[realm_offset+1]);
 #endif
@@ -279,7 +278,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 		u_int name_offset, padding_offset = body_offset + 4;
 
 		name_offset = padding_offset;
-		for(i=0; i<10; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */
+		for(i=0; i<14; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */
 
 #ifdef KERBEROS_DEBUG
 		printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]);
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 1d7d2a02b..3fda1d22a 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -33,7 +33,7 @@
 extern char *strptime(const char *s, const char *format, struct tm *tm);
 
 
-/* #define DEBUG_TLS 1 */
+/* #define DEBUG_TLS 1  */
 /* #define DEBUG_FINGERPRINT 1 */
 
 /*
@@ -252,7 +252,6 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct,
     }
 
     total_len += header_len;
-
     memset(buffer, 0, buffer_len);
 
     /* Truncate total len, search at least in incomplete packet */
@@ -966,8 +965,8 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct,
   memset(buffer, 0, buffer_len);
 
   /* Check after handshake protocol header (5 bytes) and message header (4 bytes) */
-  u_int num_found = 0;
-  u_int i, j;
+  u_int num_found = 0, i, j;
+  
   for(i = 9; i < packet->payload_packet_len-4; i++) {
     /* Organization OID: 2.5.4.10 */
     if((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x04) && (packet->payload[i+2] == 0x0a)) {
@@ -1083,7 +1082,6 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi
       getSSCertificateFingerprint(ndpi_struct, flow);
   }
   
-#if 1
   /* consider only specific SSL packets (handshake) */
   if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) {
     char certificate[64];
@@ -1101,12 +1099,6 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi
       getSSLorganization(ndpi_struct, flow, organization, sizeof(organization));
 
       packet->tls_certificate_detected++;
-#if 0
-      if((flow->l4.tcp.tls_seen_server_cert == 1)
-	 && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0'))
-        /* 0 means we've done processing extra packets (since we found what we wanted) */
-        return 0;
-#endif
     }
 
     if(flow->l4.tcp.tls_record_offset == 0) {
@@ -1123,7 +1115,6 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi
       }
     }
   }
-#endif
   
   /* 1 means keep looking for more packets */
   if(!flow->l4.tcp.tls_srv_cert_fingerprint_processed) rc = 1;