From feaa1df1ed69123af9c44420a5db1ae096631fa0 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 7 Jul 2022 16:45:49 +0200
Subject: Kerberos: add support for Krb-Error messages (#1647)

---
 src/lib/protocols/kerberos.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 9d2969e51..176bb2eab 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -424,7 +424,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 	
 	return;
       } else if(kerberos_len == expected_len) {
-	if(packet->payload_packet_len > 128) {
+	if(packet->payload_packet_len > 64) {
 	  u_int16_t koffset, i;
 
 	  for(i=8; i<16; i++)
@@ -444,6 +444,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 
 	  if(((packet->payload[koffset] == 0x0A)
 	      || (packet->payload[koffset] == 0x0C)
+	      || (packet->payload[koffset] == 0x1E)
 	      || (packet->payload[koffset] == 0x0D)
 	      || (packet->payload[koffset] == 0x0E))) {
 	    u_int16_t koffsetp, body_offset = 0, pad_len;
@@ -679,6 +680,12 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct,
 	                   sport, dport, flow->protos.kerberos.hostname, flow->protos.kerberos.domain,
 	                   flow->protos.kerberos.username);
 	      flow->extra_packets_func = NULL;
+	    } else if(msg_type == 0x1e) /* Error */ {
+#ifdef KERBEROS_DEBUG
+	      printf("[Kerberos] Processing KRB-Error\n");
+#endif
+	      /* Nothing specific to do; stop dissecting this flow */
+	      flow->extra_packets_func = NULL;
 	    }
 
 	    return;
-- 
cgit v1.2.3