scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

ASN.1 BER ID encoding broken by PR #3693 (Kerberos: documentation + various fixes + demo)

Open pgit opened this issue 3 years ago • 1 comments

Brief description

See this cange to ber.py of PR #3693:

- s = BER_id_enc(implicit_tag) + s[1:]
+ s = BER_id_enc((hash(hidden_tag) & ~(0x1f)) | implicit_tag) + s[1:]

hash(hidden_tag) will resolve to the enum value of custom tags. When OR'ed together with an implicit tag, nothing good happens.

As a side note, if hidden_tag ever was None: hash(None) is a large integer, yielding even more garbage.

Scapy version

2.5.0

Python version

3.8.12

Operating system

RH8

Additional environment information

No response

How to reproduce

from scapy.asn1.asn1 import ASN1_Codecs
from scapy.asn1packet import ASN1_Packet
from scapy.layers.ldap import ASN1F_LDAP_Authentication_simple
 
class TestAuth(ASN1_Packet):
    ASN1_codec = ASN1_Codecs.BER
    ASN1_root = ASN1F_LDAP_Authentication_simple("auth", None, implicit_tag=129)
 
test = TestAuth()
test.auth = b'abc'
print(bytes(test).hex())

Actual result

a103616263

Expected result

8103616263

Related resources

No response

pgit avatar Dec 29 '22 15:12 pgit

Please note the "Expected result" is what v2.4.5 used to produce.

pgit avatar Jan 27 '23 08:01 pgit

Sorry for the very long delay. FTR this is fixed in https://github.com/secdev/scapy/pull/4306

gpotter2 avatar Mar 02 '24 23:03 gpotter2