The NT Security Descriptor revision field is only one byte, not two.

Make the dissector decode the first two bytes of the security descriptor as one byte for the revision and the second byte as nothing/should be zero. svn path=/trunk/; revision=7436
2003-04-10 08:41:58 +00:00 · 2003-04-10 08:41:58 +00:00 · 1294318b4d
parent 8d78af7453
commit 1294318b4d
1 changed files with 10 additions and 6 deletions
--- a/packet-smb.c
+++ b/packet-smb.c
@ -3,7 +3,7 @@
 * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
 * 2001  Rewrite by Ronnie Sahlberg and Guy Harris
 *
- * $Id: packet-smb.c,v 1.320 2003/04/09 18:35:27 guy Exp $
+ * $Id: packet-smb.c,v 1.321 2003/04/10 08:41:58 sahlberg Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@ethereal.com>
@ -7698,7 +7698,7 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo,
 {
 	proto_item *item = NULL;
 	proto_tree *tree = NULL;
-	guint16 revision;
+	guint8 revision;
 	int old_offset = offset;
 	guint32 owner_sid_offset;
 	guint32 group_sid_offset;
@ -7712,10 +7712,14 @@ dissect_nt_sec_desc(tvbuff_t *tvb, int offset, packet_info *pinfo,
 	}

 	/* revision */
-	revision = tvb_get_letohs(tvb, offset);
+	revision = tvb_get_guint8(tvb, offset);
 	proto_tree_add_uint(tree, hf_smb_sec_desc_revision,
-		tvb, offset, 2, revision);
-	offset += 2;
+		tvb, offset, 1, revision);
+	offset += 1;
+
+	/* next byte should be zero, for now just ignore it */
+	offset += 1;
+

 	switch(revision){
 	case 1:  /* only version we will ever see of this structure?*/
@ -17972,7 +17976,7 @@ proto_register_smb(void)
 		TFS(&tfs_fs_attr_vic), 0x00008000, "Is this FS Compressed?", HFILL }},

 	{ &hf_smb_sec_desc_revision,
-		{ "Revision", "smb.sec_desc.revision", FT_UINT16, BASE_DEC,
+		{ "Revision", "smb.sec_desc.revision", FT_UINT8, BASE_DEC,
 		NULL, 0, "Version of NT Security Descriptor structure", HFILL }},

 	{ &hf_smb_sid,