0db39ae59a
The latest iteration of Microsoft updates to SMB3 added compression to the protocol. This commit implements decompressing and dissecting compressed payloads. The compression algorithms that can be used are "Plain LZ77", "LZ77+Huffman" and "LZNT1" which you can read more about in the [MS-XCA] documentation. This set of algorithm is sometimes referred to as XPRESS. This commit reuses the existing uncompression API scheme already in place with zlib and brotli and adds 3 tvb_uncompress_*() function implemented in: * epan/tvbuff_lz77.c * epan/tvbuff_lz77huff.c * epan/tvbuff_lznt1.c A new function wmem_array_try_index() was added to the wmem_array API to make bound checked reads that fail gracefully. New tests for it have been added as well. Since both reads (tvb) and writes (wmem_array) are bound checked the risk for buffer overruns is drastically reduced. LZ77+Huffman has decoding tables and special care was taken to bound check these. Simplified versions of the implementations were succesfully tested against AFL (American Fuzzy Lop) for ~150 millions executions each. The SMB2/3 dissector was changed to deal with the new transform header for compressed packets (new protocol_id value) and READ request flags (COMPRESSED). Badly compressed or encrypted packets are now reported as such, and the decryption test suite was changed to reflect that. This commit also adds a test capture with 1 packet compressed with each algorithm as returned by Windows Server 2019, along with 3 matching tests in test/suite_dissection.py Change-Id: I2b84f56541f2f4ee7d886152794b993987dd10e7 Reviewed-on: https://code.wireshark.org/review/33855 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl> |
||
|---|---|---|
| .. | ||
| baseline | ||
| captures | ||
| config | ||
| keys | ||
| lua | ||
| suite_dfilter | ||
| suite_dissectors | ||
| README.test | ||
| conftest.py | ||
| fixtures.py | ||
| fixtures_ws.py | ||
| hosts.custom | ||
| hosts.global | ||
| hosts.personal | ||
| matchers.py | ||
| sampleif.py | ||
| subprocesstest.py | ||
| suite_capture.py | ||
| suite_clopts.py | ||
| suite_decryption.py | ||
| suite_dissection.py | ||
| suite_fileformats.py | ||
| suite_follow.py | ||
| suite_io.py | ||
| suite_mergecap.py | ||
| suite_nameres.py | ||
| suite_outputformats.py | ||
| suite_sharkd.py | ||
| suite_text2pcap.py | ||
| suite_unittests.py | ||
| suite_wslua.py | ||
| test.py | ||
| travis-upload-artifacts.sh | ||
| util_dump_dhcp_pcap.py | ||
README.test
Wireshark Tests The recommended steps to prepare for and to run tests: * Install two Python packages, pytest: `pip install pytest pytest-xdist` * Build programs (“wireshark”, “tshark”, etc.): `ninja` * Build additional programs for the “unittests” suite: `ninja test-programs` * Run tests in the build directory: `pytest` Replace `ninja test-programs` by `make test-programs` as needed. See the “Wireshark Tests” chapter of the Developer's Guide for details: https://www.wireshark.org/docs/wsdg_html_chunked/ChapterTests.html