kerberos: fix probing parser tag condition

author Philippe Antoine <contact@catenacyber.fr>

Thu, 11 Mar 2021 15:12:36 +0000 (16:12 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 12 Mar 2021 12:32:50 +0000 (13:32 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 11 Mar 2021 15:12:36 +0000 (16:12 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 12 Mar 2021 12:32:50 +0000 (13:32 +0100)
diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs

index 067213abdc0e87703cfaf6989ffc0a4dd7c5b4e6..389bbc7b3cdca60066a3d32f13a0d3cb8eb03918 100644 (file)
--- a/rust/src/krb/krb5.rs
+++ b/rust/src/krb/krb5.rs
@@ -415,7 +415,7 @@ pub extern "C" fn rs_krb5_probing_parser(_flow: *const Flow,
              // Kerberos messages start with an APPLICATION header
              if hdr.class != BerClass::Application { return unsafe{ALPROTO_FAILED}; }
              // Tag number should be <= 30
-            if hdr.tag.0 >= 30 { return unsafe{ALPROTO_FAILED}; }
+            if hdr.tag.0 > 30 { return unsafe{ALPROTO_FAILED}; }
              // Kerberos messages contain sequences
              if rem.is_empty() || rem[0] != 0x30 { return unsafe{ALPROTO_FAILED}; }
              // Check kerberos version
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 11 Mar 2021 15:12:36 +0000 (16:12 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 12 Mar 2021 12:32:50 +0000 (13:32 +0100)