osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Remote API protocol (that seems to be what it's called in a number of 

places) dissector tvbuffified, from Ronnie Sahlberg and me.

Additional "are we past the end of the buffer" checks added, so that we
don't hand random junk to the transaction and transact2 dissectors.

svn path=/trunk/; revision=3824
This commit is contained in:
Guy Harris 2001-08-05 01:15:27 +00:00
parent d271509c7e
commit d2b01e812b
6 changed files with 1876 additions and 1124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
packet-smb-browse.c
View File

@ -2,7 +2,7 @@
* Routines for SMB Browser packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: packet-smb-browse.c,v 1.16 2001/08/01 08:12:15 guy Exp $
* $Id: packet-smb-browse.c,v 1.17 2001/08/05 01:15:26 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -439,8 +439,12 @@ dissect_election_criterion(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent
}
static void
dissect_server_type_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, int offset)
/*
* XXX - this causes non-browser packets to have browser fields.
*/
void
dissect_smb_server_type_flags(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *parent_tree, int offset, gboolean infoflag)
{
proto_tree *tree = NULL;
proto_item *item = NULL;
@ -454,13 +458,15 @@ dissect_server_type_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_
tree = proto_item_add_subtree(item, ett_browse_flags);
}
/* Append the type(s) of the system to the COL_INFO line ... */
if (check_col(pinfo->fd, COL_INFO)) {
for (i = 0; i < 32; i++) {
if (flags & (1<<i)) {
col_append_fstr(pinfo->fd, COL_INFO, ", %s",
val_to_str(i, server_types,
"Unknown server type:%d"));
if (infoflag) {
/* Append the type(s) of the system to the COL_INFO line ... */
if (check_col(pinfo->fd, COL_INFO)) {
for (i = 0; i < 32; i++) {
if (flags & (1<<i)) {
col_append_fstr(pinfo->fd, COL_INFO, ", %s",
val_to_str(i, server_types,
"Unknown server type:%d"));
}
}
}
}
@ -516,6 +522,7 @@ dissect_server_type_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_
}
gboolean
dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
@ -600,7 +607,7 @@ dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tr
offset += 1;
/* server type flags */
dissect_server_type_flags(tvb, pinfo, tree, offset);
dissect_smb_server_type_flags(tvb, pinfo, tree, offset, TRUE);
offset += 4;
if (cmd == BROWSE_DOMAIN_ANNOUNCEMENT) {
@ -797,7 +804,8 @@ dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tr
offset += 1;
/* server type flags */
dissect_server_type_flags(tvb, pinfo, tree, offset);
dissect_smb_server_type_flags(tvb, pinfo, tree, offset,
hf_server_type);
offset += 4;
/* OS major version */

5
packet-smb-browse.h
View File

@ -2,7 +2,7 @@
* Declaration of routines for SMB Browser packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: packet-smb-browse.h,v 1.3 2001/08/01 03:47:00 guy Exp $
* $Id: packet-smb-browse.h,v 1.4 2001/08/05 01:15:26 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -32,4 +32,7 @@ dissect_mailslot_browse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tr
gboolean
dissect_mailslot_lanman(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree);
void
dissect_smb_server_type_flags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, gboolean infoflag);
#endif

2813
packet-smb-pipe.c
View File

File diff suppressed because it is too large Load Diff

15
packet-smb-pipe.h
View File

@ -2,10 +2,10 @@
* Declarations of routines for SMB named pipe packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: packet-smb-pipe.h,v 1.3 2001/08/05 00:16:36 guy Exp $
* $Id: packet-smb-pipe.h,v 1.4 2001/08/05 01:15:26 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
@ -23,8 +23,11 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef _PACKET_SMB_PIPE_H_
#define _PACKET_SMB_PIPE_H_
gboolean
dissect_pipe_smb(const u_char *pd, int offset, frame_data *fd,
proto_tree *parent, proto_tree *tree, int max_data,
int SMB_offset, int errcode, const u_char *command,
int DataOffset, int DataCount, int ParameterOffset, int ParameterCount);
dissect_pipe_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
char *command);
#endif

128
packet-smb.c
View File

@ -2,7 +2,7 @@
* Routines for smb packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: packet-smb.c,v 1.94 2001/08/05 00:30:41 guy Exp $
* $Id: packet-smb.c,v 1.95 2001/08/05 01:15:26 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -8973,6 +8973,7 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
new_request_key -> pid = si.pid;
request_val = g_mem_chunk_alloc(smb_request_vals);
request_val -> frame = fd->num;
request_val -> last_transact2_command = -1; /* unknown */
request_val -> last_transact_command = NULL;
request_val -> last_param_descrip = NULL;
@ -9114,6 +9115,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
/* Build display for: Parameter Count */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
ParameterCount = GSHORT(pd, offset);
if (tree) {
@ -9126,6 +9130,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
/* Build display for: Parameter Offset */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
ParameterOffset = GSHORT(pd, offset);
if (tree) {
@ -9138,6 +9145,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
/* Build display for: Data Count */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
DataCount = GSHORT(pd, offset);
if (tree) {
@ -9150,6 +9160,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
/* Build display for: Data Offset */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
DataOffset = GSHORT(pd, offset);
if (tree) {
@ -9162,6 +9175,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
/* Build display for: Setup Count */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
SetupCount = GBYTE(pd, offset);
if (tree) {
@ -9190,6 +9206,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
int i;
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
/*
* First Setup word is transaction code.
*/
@ -9215,6 +9234,9 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
for (i = 2; i <= SetupCount; i++) {
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
Setup = GSHORT(pd, offset);
if (tree) {
@ -9318,11 +9340,11 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
if (check_col(fd, COL_INFO)) {
if (request_val == NULL)
col_set_str(fd, COL_INFO, "Response to unknown message");
col_set_str(fd, COL_INFO, "Response to unknown message");
else if (request_val -> last_transact2_command == -1)
col_set_str(fd, COL_INFO, "Response to message of unknown type");
col_set_str(fd, COL_INFO, "Response to message of unknown type");
else
col_add_fstr(fd, COL_INFO, "%s Response",
col_add_fstr(fd, COL_INFO, "%s Response",
val_to_str(request_val -> last_transact2_command,
trans2_cmd_vals, "Unknown (0x%02X)"));
@ -9438,7 +9460,11 @@ dissect_transact2_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *
/* Build display for: Data Displacement */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
DataDisplacement = GSHORT(pd, offset);
si.ddisp = DataDisplacement;
if (tree) {
@ -9583,6 +9609,8 @@ dissect_transact_params(const u_char *pd, int offset, frame_data *fd,
char *trans_type = NULL, *trans_cmd, *loc_of_slash = NULL;
int index;
const gchar *Data;
packet_info *pinfo;
tvbuff_t *next_tvb;
if (!TransactName)
return;
@ -9604,10 +9632,45 @@ dissect_transact_params(const u_char *pd, int offset, frame_data *fd,
else
trans_cmd = NULL;
pinfo = &pi;
if (DataOffset < 0) {
/*
* This is an interim response, so there're no parameters or data
* to dissect.
*/
si.is_interim_response = TRUE;
/*
* Create a zero-length tvbuff.
*/
next_tvb = tvb_create_from_top(pi.captured_len);
} else {
/*
* This isn't an interim response.
*/
si.is_interim_response = FALSE;
/*
* Create a tvbuff for the parameters and data.
*/
next_tvb = tvb_create_from_top(SMB_offset + ParameterOffset);
}
/*
* Offset of beginning of data from beginning of next_tvb.
*/
si.data_offset = DataOffset - ParameterOffset;
/*
* Number of bytes of data.
*/
si.data_count = DataCount;
/*
* Pass "si" to the subdissector.
*/
pi.private = &si;
pinfo->private = &si;
if ((trans_cmd == NULL) ||
(((trans_type == NULL || strcmp(trans_type, "MAILSLOT") != 0) ||
@ -9616,9 +9679,7 @@ dissect_transact_params(const u_char *pd, int offset, frame_data *fd,
SMB_offset + DataOffset, DataCount,
SMB_offset + ParameterOffset, ParameterCount)) &&
((trans_type == NULL || strcmp(trans_type, "PIPE") != 0) ||
!dissect_pipe_smb(pd, offset, fd, parent, tree, max_data,
SMB_offset, errcode, trans_cmd, DataOffset,
DataCount, ParameterOffset, ParameterCount)))) {
!dissect_pipe_smb(next_tvb, pinfo, parent, trans_cmd)))) {
if (ParameterCount > 0) {
@ -9743,6 +9804,7 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
new_request_key -> pid = si.pid;
request_val = g_mem_chunk_alloc(smb_request_vals);
request_val -> frame = fd->num;
request_val -> last_transact2_command = -1; /* unknown */
request_val -> last_transact_command = NULL;
request_val -> last_param_descrip = NULL;
@ -9887,6 +9949,9 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
/* Build display for: Parameter Count */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
ParameterCount = GSHORT(pd, offset);
if (tree) {
@ -9899,6 +9964,9 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
/* Build display for: Parameter Offset */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
ParameterOffset = GSHORT(pd, offset);
if (tree) {
@ -9911,6 +9979,9 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
/* Build display for: Data Count */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
DataCount = GSHORT(pd, offset);
if (tree) {
@ -9923,6 +9994,9 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
/* Build display for: Data Offset */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
DataOffset = GSHORT(pd, offset);
if (tree) {
@ -9935,6 +10009,9 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
/* Build display for: Setup Count */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
SetupCount = GBYTE(pd, offset);
if (tree) {
@ -9964,10 +10041,16 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
int i = SetupCount;
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
Setup = GSHORT(pd, offset);
for (i = 1; i <= SetupCount; i++) {
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
Setup = GSHORT(pd, offset);
if (tree) {
@ -10081,11 +10164,11 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
if (check_col(fd, COL_INFO)) {
if ( request_val == NULL )
col_set_str(fd, COL_INFO, "Response to unknown message");
col_set_str(fd, COL_INFO, "Response to unknown message");
else if (request_val -> last_transact_command == NULL)
col_set_str(fd, COL_INFO, "Response to message of unknown type");
col_set_str(fd, COL_INFO, "Response to message of unknown type");
else
col_add_fstr(fd, COL_INFO, "%s Response",
col_add_fstr(fd, COL_INFO, "%s Response",
request_val -> last_transact_command);
}
@ -10113,7 +10196,7 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
if (tree) {
proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
proto_tree_add_text(tree, NullTVB, offset, 2, "Byte Count (BCC): %u", ByteCount);
}
@ -10229,7 +10312,11 @@ dissect_transact_smb(const u_char *pd, int offset, frame_data *fd,
/* Build display for: Data Displacement */
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
DataDisplacement = GSHORT(pd, offset);
si.ddisp = DataDisplacement;
if (tree) {
@ -10752,7 +10839,7 @@ char *decode_smb_error(guint8 errcls, guint16 errcode)
void
dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data)
{
proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
proto_tree *smb_tree = tree, *flags_tree, *flags2_tree;
proto_item *ti, *tf;
guint8 cmd, errcls, errcode1, flags;
guint16 flags2, errcode, tid, pid, uid, mid;
@ -10763,6 +10850,7 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int
OLD_CHECK_DISPLAY_AS_DATA(proto_smb, pd, offset, fd, tree);
si.unicode = FALSE;
si.ddisp = 0;
cmd = pd[offset + SMB_hdr_com_offset];
@ -10803,8 +10891,8 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int
/* Handle error code */
if (!BYTES_ARE_IN_FRAME(SMB_offset + 10, 2))
return;
if (!BYTES_ARE_IN_FRAME(SMB_offset + 10, 2))
return;
if (GSHORT(pd, SMB_offset + 10) & 0x4000) {
@ -10904,8 +10992,8 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int
offset += 1;
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
if (!BYTES_ARE_IN_FRAME(offset, 2))
return;
flags2 = GSHORT(pd, offset);
@ -11021,7 +11109,7 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int
offset += 2;
/* Now the UID, User ID */
/* Now the UID, User ID */
uid = GSHORT(pd, offset);
si.uid = uid;
@ -11034,7 +11122,7 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int
offset += 2;
/* Now the MID, Multiplex ID */
/* Now the MID, Multiplex ID */
mid = GSHORT(pd, offset);
si.mid = mid;
@ -11090,7 +11178,7 @@ proto_register_smb(void)
&ett_smb_lock_type,
};
proto_smb = proto_register_protocol("SMB (Server Message Block Protocol)",
proto_smb = proto_register_protocol("SMB (Server Message Block Protocol)",
"SMB", "smb");
proto_register_subtree_array(ett, array_length(ett));

7
smb.h
View File

@ -2,7 +2,7 @@
* Defines for smb packet dissection
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
*
* $Id: smb.h,v 1.9 2001/08/05 00:16:36 guy Exp $
* $Id: smb.h,v 1.10 2001/08/05 01:15:27 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -628,6 +628,7 @@
#define SMB_LMapi_UserPasswordSet 0x0073
struct smb_request_val {
int frame; /* Frame in which this request appeared */
int last_transact2_command;
gchar *last_transact_command;
guint16 last_lanman_cmd;
@ -643,6 +644,10 @@ struct smb_info {
struct smb_request_val *request_val;
gboolean unicode; /* Are strings in this SMB Unicode? */
gboolean request; /* Is this a request? */
gboolean is_interim_response; /* Is this an interim transaction response? */
int data_offset; /* Offset from parameter to data in transaction */
int data_count; /* Number of bytes of data in transaction */
guint16 ddisp; /* Data displacement for transaction commands */
};
#endif