From feaa1df1ed69123af9c44420a5db1ae096631fa0 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Thu, 7 Jul 2022 16:45:49 +0200 Subject: Kerberos: add support for Krb-Error messages (#1647) --- src/lib/protocols/kerberos.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 9d2969e51..176bb2eab 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -424,7 +424,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, return; } else if(kerberos_len == expected_len) { - if(packet->payload_packet_len > 128) { + if(packet->payload_packet_len > 64) { u_int16_t koffset, i; for(i=8; i<16; i++) @@ -444,6 +444,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, if(((packet->payload[koffset] == 0x0A) || (packet->payload[koffset] == 0x0C) + || (packet->payload[koffset] == 0x1E) || (packet->payload[koffset] == 0x0D) || (packet->payload[koffset] == 0x0E))) { u_int16_t koffsetp, body_offset = 0, pad_len; @@ -679,6 +680,12 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, sport, dport, flow->protos.kerberos.hostname, flow->protos.kerberos.domain, flow->protos.kerberos.username); flow->extra_packets_func = NULL; + } else if(msg_type == 0x1e) /* Error */ { +#ifdef KERBEROS_DEBUG + printf("[Kerberos] Processing KRB-Error\n"); +#endif + /* Nothing specific to do; stop dissecting this flow */ + flow->extra_packets_func = NULL; } return; -- cgit v1.2.3