replace a rotating buffer in smb with ep allocated memory
dont try dcerpc reassembly of fragments if we dont have the entire pdu only call the heuristical dissectors once from smb/pipe as per guy(?)s comments about idempotence. when doing reassembly, the dcerpc dissector is indeed not idempotent any more. svn path=/trunk/; revision=19304
This commit is contained in:
Ronnie Sahlberg
parent
4c6484334c
commit
5c2232dc22
|
|
@ -2996,7 +2996,7 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|||
nor the first fragment then there is nothing more we can do
|
||||
so we just have to exit
|
||||
*/
|
||||
if( !dcerpc_reassemble )
|
||||
if( !dcerpc_reassemble || (tvb_length(tvb)!=tvb_reported_length(tvb)) )
|
||||
goto end_cn_stub;
|
||||
|
||||
/* if we didnt get 'frame' we dont know where the PDU started and thus
|
||||
|
|
@ -3022,9 +3022,9 @@ dissect_dcerpc_cn_stub (tvbuff_t *tvb, int offset, packet_info *pinfo,
|
|||
/* defragmentation is a bit tricky, as there's no offset of the fragment
|
||||
* in the protocol data.
|
||||
*
|
||||
* just use fragment_add_seq_next() and hope that TCP/SMB segments coming
|
||||
* in with the correct sequence.
|
||||
*/
|
||||
* just use fragment_add_seq_next() and hope that TCP/SMB segments coming
|
||||
* in with the correct sequence.
|
||||
*/
|
||||
fd_head = fragment_add_seq_next(decrypted_tvb, 0, pinfo, frame,
|
||||
dcerpc_co_fragment_table, dcerpc_co_reassemble_table,
|
||||
tvb_length(decrypted_tvb),
|
||||
|
|
|
|||
|
|
@ -3342,13 +3342,10 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
|
|||
*/
|
||||
|
||||
/*
|
||||
* First, just check if it looks like dcerpc or not.
|
||||
*
|
||||
* XXX - this assumes that the dissector is idempotent,
|
||||
* as it's doing a "trial" dissection building no
|
||||
* tree; that's not necessarily the case.
|
||||
* Try the heuristic dissectors and see if we
|
||||
* find someone that recognizes this payload.
|
||||
*/
|
||||
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, NULL);
|
||||
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
|
||||
|
||||
/* no this didnt look like something we know */
|
||||
if(!result){
|
||||
|
|
@ -3366,13 +3363,7 @@ dissect_pipe_dcerpc(tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree
|
|||
fragment_set_tot_len(pinfo, fid,
|
||||
dcerpc_fragment_table,
|
||||
pinfo->desegment_len+reported_len);
|
||||
goto clean_up_and_exit;
|
||||
}
|
||||
|
||||
/* guess we have the full pdu in this tvb then,
|
||||
just dissect it and continue.
|
||||
*/
|
||||
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
|
||||
goto clean_up_and_exit;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15491,8 +15491,6 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
|
|||
proto_item *tmp_item=NULL;
|
||||
guint8 flags;
|
||||
guint16 flags2;
|
||||
static smb_info_t si_arr[20];
|
||||
static int si_counter=0;
|
||||
smb_info_t *si;
|
||||
smb_saved_info_t *sip = NULL;
|
||||
smb_saved_info_key_t key;
|
||||
|
|
@ -15504,11 +15502,7 @@ dissect_smb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
|
|||
conversation_t *conversation;
|
||||
nstime_t t, deltat;
|
||||
|
||||
si_counter++;
|
||||
if(si_counter>=20){
|
||||
si_counter=0;
|
||||
}
|
||||
si=&si_arr[si_counter];
|
||||
si=ep_alloc(sizeof(smb_info_t));
|
||||
|
||||
top_tree=parent_tree;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue