Yaniv Kaul wrote:
Lines 840-844, in packet-socks.c:
else if ( hash_info->state == AuthReply){ /* V5 User Auth reply */
hash_info->cmd_reply_row = get_packet_ptr;
if (check_col(pinfo->cinfo, COL_INFO))
col_append_str(pinfo->cinfo, COL_INFO, " User authentication reply");
hash_info->state = V5Command;
The code assumes that the response for a an authentication request is a V5Command. However, it's usually an authentication response - and the authentication subnegotiation has its own version number ('1', according to RFC 1929). This causes it not to interpret the command properly (as it see the version is '1' and '5', it won't continue to dissect the packet).
I've seen servers replying with version '5', but I think it's a faulty server - some clients won't be able to connect to it, if they expect the version they sent ('1)' and the version they received ('5') to match...
Snoops will be available upon request.
--- packet-socks.c 2004-01-22 22:43:18.000000000 +0200
+++ ../packet-socks.c 2004-02-12 15:30:46.000000000 +0200
@@ -2,7 +2,7 @@
* Routines for socks versions 4 &5 packet dissection
* Copyright 2000, Jeffrey C. Foster <[EMAIL PROTECTED]>
*
- * $Id: packet-socks.c,v 1.56 2004/01/22 20:43:17 guy Exp $
+ * $Id: packet-socks.c,v 1.55 2004/01/10 02:43:29 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <[EMAIL PROTECTED]>
@@ -141,6 +141,7 @@
V5Reply,
V5BindReply,
UserNameAuth,
+ UserNameAuthReply,
GssApiAuth,
AuthReply,
Done
@@ -166,6 +167,7 @@
row_pointer_type command_row;
row_pointer_type auth_method_row;
row_pointer_type user_name_auth_row;
+ row_pointer_type auth_version;
guint32 start_done_row;
guint32 dst_addr; /* this needs to handle IPv6 */
@@ -418,7 +420,7 @@
*ptr = hash_info->udp_remote_port;
- decode_udp_ports( tvb, offset, pinfo, tree, pinfo->srcport, pinfo->destport,
-1);
+ decode_udp_ports( tvb, offset, pinfo, tree, pinfo->srcport, pinfo->destport);
*ptr = hash_info->udp_port;
@@ -538,7 +540,7 @@
unsigned int i, command;
guint temp;
char *AuthMethodStr;
-
+ unsigned char auth_status;
proto_tree_add_item( tree, hf_socks_ver, tvb, offset, 1, FALSE);
++offset;
@@ -589,6 +591,14 @@
}
/* command to the server */
/* command response from server */
+ else if (compare_packet( hash_info->auth_version)) {
+ auth_status = tvb_get_guint8(tvb, offset);
+ if(auth_status != 0)
+ proto_tree_add_text( tree, tvb, offset, 1, "Status: %d
(failure)", auth_status);
+ else
+ proto_tree_add_text( tree, tvb, offset, 1, "Status: success",
auth_status);
+ offset ++;
+ }
else if ((compare_packet( hash_info->command_row)) ||
(compare_packet( hash_info->cmd_reply_row)) ||
(compare_packet( hash_info->bind_reply_row))){
@@ -823,24 +833,25 @@
else if ( hash_info->state == V5BindReply) { /* V5 Bind Second Reply */
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO, " Command Response:
Bind remote host info");
+ col_append_str(pinfo->cinfo, COL_INFO, " Command Response:
Bind remote host info");
hash_info->bind_reply_row = get_packet_ptr;
hash_info->state = Done;
}
else if ( hash_info->state == UserNameAuth) { /* Handle V5 User Auth*/
+ hash_info->auth_version = get_packet_ptr;
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO,
- " User authentication response");
+ col_append_str(pinfo->cinfo, COL_INFO,
+ " User authentication request");
hash_info->user_name_auth_row = get_packet_ptr;
hash_info->state = AuthReply;
}
else if ( hash_info->state == AuthReply){ /* V5 User Auth reply */
- hash_info->cmd_reply_row = get_packet_ptr;
+ hash_info->auth_version = get_packet_ptr;
if (check_col(pinfo->cinfo, COL_INFO))
- col_append_str(pinfo->cinfo, COL_INFO, " User authentication
reply");
+ col_append_str(pinfo->cinfo, COL_INFO, " User authentication
reply");
hash_info->state = V5Command;
}
}
_______________________________________________ Ethereal-dev mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-dev
