From 42a27355eecbff484ad761a8b0d4b9d4614bb950 Mon Sep 17 00:00:00 2001 From: Richard Sharpe Date: Mon, 12 Jun 2017 15:19:18 -0700 Subject: [PATCH] Add support for dissecting FIND responses of FileIdFullDirectoryInfo type. Simply had to copy an existing one and remove unneeded field etc. Fix bug 13795. Attached a capture showing the problem to the bug report. Change-Id: I93d5cdac3f336cbe0bd93db76a84bf97cbfa00ac Reviewed-on: https://code.wireshark.org/review/22106 Petri-Dish: Anders Broman Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/dissectors/packet-smb2.c | 97 +++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index 1564697951..95906e5b56 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -4017,6 +4017,102 @@ static void dissect_smb2_id_both_directory_info(tvbuff_t *tvb, packet_info *pinf } +static void dissect_smb2_id_full_directory_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, smb2_info_t *si _U_) +{ + int offset = 0; + proto_item *item = NULL; + proto_tree *tree = NULL; + const char *name = NULL; + guint16 bc; + + while (tvb_reported_length_remaining(tvb, offset) > 4) { + int old_offset = offset; + int next_offset; + int file_name_len; + + if (parent_tree) { + item = proto_tree_add_item(parent_tree, hf_smb2_id_both_directory_info, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_smb2_id_both_directory_info); + } + + /* next offset */ + next_offset = tvb_get_letohl(tvb, offset); + proto_tree_add_item(tree, hf_smb2_next_offset, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; + + /* file index */ + proto_tree_add_item(tree, hf_smb2_file_index, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; + + /* create time */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_create_timestamp); + + /* last access */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_access_timestamp); + + /* last write */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_write_timestamp); + + /* last change */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_smb2_last_change_timestamp); + + /* end of file */ + proto_tree_add_item(tree, hf_smb2_end_of_file, tvb, offset, 8, ENC_LITTLE_ENDIAN); + offset += 8; + + /* allocation size */ + proto_tree_add_item(tree, hf_smb2_allocation_size, tvb, offset, 8, ENC_LITTLE_ENDIAN); + offset += 8; + + /* File Attributes */ + offset = dissect_file_ext_attr(tvb, tree, offset); + + /* file name length */ + file_name_len = tvb_get_letohl(tvb, offset); + proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; + + /* ea size */ + proto_tree_add_item(tree, hf_smb2_ea_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; + + /* reserved */ + proto_tree_add_item(tree, hf_smb2_reserved, tvb, offset, 4, ENC_NA); + offset += 4; + + /* file id */ + proto_tree_add_item(tree, hf_smb2_file_id, tvb, offset, 8, ENC_LITTLE_ENDIAN); + offset += 8; + + /* file name */ + if (file_name_len) { + bc = file_name_len; + name = get_unicode_or_ascii_string(tvb, &offset, + TRUE, &file_name_len, TRUE, TRUE, &bc); + if (name) { + proto_tree_add_string(tree, hf_smb2_filename, tvb, + offset, file_name_len, name); + proto_item_append_text(item, ": %s", name); + + } + } + + proto_item_set_len(item, offset-old_offset); + + if (next_offset == 0) { + return; + } + + offset = old_offset+next_offset; + if (offset < old_offset) { + proto_tree_add_expert_format(tree, pinfo, &ei_smb2_invalid_length, tvb, offset, -1, + "Invalid offset/length. Malformed packet"); + return; + } + } +} + + typedef struct _smb2_find_dissector_t { guint32 level; void (*dissector)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, smb2_info_t *si); @@ -4028,6 +4124,7 @@ smb2_find_dissector_t smb2_find_dissectors[] = { {SMB2_FIND_BOTH_DIRECTORY_INFO, dissect_smb2_both_directory_info}, {SMB2_FIND_NAME_INFO, dissect_smb2_file_name_info}, {SMB2_FIND_ID_BOTH_DIRECTORY_INFO,dissect_smb2_id_both_directory_info}, + {SMB2_FIND_ID_FULL_DIRECTORY_INFO,dissect_smb2_id_full_directory_info}, {0, NULL} };