When we create a tvbuff for a security blob, set its reported length to
the reported length of the blob, not the amount of data available from the blob. Use "tvb_strneql()" when checking for strings, so that we don't throw an exception if there's less data in the tvbuff than there are bytes in the string, we just say "not equal". svn path=/trunk/; revision=11031
This commit is contained in:
Guy Harris
parent
12279386df
commit
4384e31a4f
51
packet-smb.c
51
packet-smb.c
|
|
@ -3,7 +3,7 @@
|
|||
* Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com>
|
||||
* 2001 Rewrite by Ronnie Sahlberg and Guy Harris
|
||||
*
|
||||
* $Id: packet-smb.c,v 1.390 2004/04/02 21:38:34 sahlberg Exp $
|
||||
* $Id: packet-smb.c,v 1.391 2004/05/29 06:55:52 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
|
|
@ -2351,7 +2351,9 @@ dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
|
|||
COUNT_BYTES(16);
|
||||
|
||||
/* security blob */
|
||||
/* dont try to eat too much of we might get an exception on
|
||||
/* If it runs past the end of the captured data, don't
|
||||
* try to put all of it into the protocol tree as the
|
||||
* raw security blob; we might get an exception on
|
||||
* short frames and then we will not see anything at all
|
||||
* of the security blob.
|
||||
*/
|
||||
|
|
@ -2363,7 +2365,6 @@ dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
|
|||
tree, hf_smb_security_blob,
|
||||
tvb, offset, sbloblen, TRUE);
|
||||
|
||||
/* security blob */
|
||||
/*
|
||||
* If Extended security and BCC == 16, then raw
|
||||
* NTLMSSP is in use. We need to save this info
|
||||
|
|
@ -2376,8 +2377,16 @@ dissect_negprot_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, in
|
|||
gssapi_tree = proto_item_add_subtree(
|
||||
blob_item, ett_smb_secblob);
|
||||
|
||||
/*
|
||||
* Set the reported length of this to
|
||||
* the reported length of the blob,
|
||||
* rather than the amount of data
|
||||
* available from the blob, so that
|
||||
* we'll throw the right exception if
|
||||
* it's too short.
|
||||
*/
|
||||
gssapi_tvb = tvb_new_subset(
|
||||
tvb, offset, sbloblen, sbloblen);
|
||||
tvb, offset, sbloblen, bc);
|
||||
|
||||
call_dissector(
|
||||
gssapi_handle, gssapi_tvb, pinfo,
|
||||
|
|
@ -5737,7 +5746,7 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
int dn_len;
|
||||
const char *dn;
|
||||
guint16 pwlen=0;
|
||||
guint16 sbloblen=0;
|
||||
guint16 sbloblen=0, sbloblen_short;
|
||||
guint16 apwlen=0, upwlen=0;
|
||||
gboolean unicodeflag;
|
||||
|
||||
|
|
@ -5837,15 +5846,19 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
proto_item *blob_item;
|
||||
|
||||
/* security blob */
|
||||
/* dont try to eat too much of we might get an exception on
|
||||
/* If it runs past the end of the captured data, don't
|
||||
* try to put all of it into the protocol tree as the
|
||||
* raw security blob; we might get an exception on
|
||||
* short frames and then we will not see anything at all
|
||||
* of the security blob.
|
||||
*/
|
||||
if(sbloblen>tvb_length_remaining(tvb,offset)){
|
||||
sbloblen=tvb_length_remaining(tvb,offset);
|
||||
sbloblen_short = sbloblen;
|
||||
if(sbloblen_short>tvb_length_remaining(tvb,offset)){
|
||||
sbloblen_short=tvb_length_remaining(tvb,offset);
|
||||
}
|
||||
blob_item = proto_tree_add_item(tree, hf_smb_security_blob,
|
||||
tvb, offset, sbloblen, TRUE);
|
||||
tvb, offset, sbloblen_short,
|
||||
TRUE);
|
||||
|
||||
/* As an optimization, because Windows is perverse,
|
||||
we check to see if NTLMSSP is the first part of the
|
||||
|
|
@ -5863,12 +5876,17 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
ett_smb_secblob);
|
||||
CHECK_BYTE_COUNT(sbloblen);
|
||||
|
||||
blob_tvb = tvb_new_subset(tvb, offset, sbloblen,
|
||||
/*
|
||||
* Set the reported length of this to the reported
|
||||
* length of the blob, rather than the amount of
|
||||
* data available from the blob, so that we'll
|
||||
* throw the right exception if it's too short.
|
||||
*/
|
||||
blob_tvb = tvb_new_subset(tvb, offset, sbloblen_short,
|
||||
sbloblen);
|
||||
|
||||
if (si && si->ct && si->ct->raw_ntlmssp &&
|
||||
!strncmp("NTLMSSP",
|
||||
tvb_get_ptr(tvb, offset, 7), 7)) {
|
||||
if (si && si->ct && si->ct->raw_ntlmssp &&
|
||||
tvb_strneql(tvb, offset, "NTLMSSP", 7) == 0) {
|
||||
call_dissector(ntlmssp_handle, blob_tvb, pinfo,
|
||||
blob_tree);
|
||||
|
||||
|
|
@ -5890,7 +5908,7 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
* and if so just override the flag.
|
||||
*/
|
||||
unicodeflag=si->unicode;
|
||||
if( !strncmp(tvb_get_ptr(tvb, offset, 3), "Win", 3) ){
|
||||
if( tvb_strneql(tvb, offset, "Win", 3) == 0 ){
|
||||
unicodeflag=FALSE;
|
||||
}
|
||||
an = get_unicode_or_ascii_string(tvb, &offset,
|
||||
|
|
@ -5916,7 +5934,7 @@ dissect_session_setup_andx_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree
|
|||
* and if so just override the flag.
|
||||
*/
|
||||
unicodeflag=si->unicode;
|
||||
if( !strncmp(tvb_get_ptr(tvb, offset, 3), "Win", 3) ){
|
||||
if( tvb_strneql(tvb, offset, "Win", 3) == 0 ){
|
||||
unicodeflag=FALSE;
|
||||
}
|
||||
an = get_unicode_or_ascii_string(tvb, &offset,
|
||||
|
|
@ -6119,8 +6137,7 @@ dissect_session_setup_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tre
|
|||
sbloblen);
|
||||
|
||||
if (si && si->ct && si->ct->raw_ntlmssp &&
|
||||
!strncmp("NTLMSSP",
|
||||
tvb_get_ptr(tvb, offset, 7), 7)) {
|
||||
tvb_strneql(tvb, offset, "NTLMSSP", 7) == 0) {
|
||||
call_dissector(ntlmssp_handle, blob_tvb, pinfo,
|
||||
blob_tree);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue