diff options
author | sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-08-11 07:42:25 +0000 |
---|---|---|
committer | sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-08-11 07:42:25 +0000 |
commit | a4fdfacbb3d1aef7a19eb12906523378f61d6603 (patch) | |
tree | 136c4d56274c029943d8d3f370782ee547ed7cff /epan/dissectors/packet-dcerpc-nt.c | |
parent | d6dc31acefd3eb2b21b95fb654ea87080681398e (diff) |
From Matthieu Patou <mat@matws.net>
Add two helper functions to dissect null terminated ascii and wchar strings in dcerpc
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@38471 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-dcerpc-nt.c')
-rw-r--r-- | epan/dissectors/packet-dcerpc-nt.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c index 53ce6639a4..ecdfc22570 100644 --- a/epan/dissectors/packet-dcerpc-nt.c +++ b/epan/dissectors/packet-dcerpc-nt.c @@ -4,6 +4,7 @@ /* packet-dcerpc-nt.c * Routines for DCERPC over SMB packet disassembly * Copyright 2001-2003, Tim Potter <tpot@samba.org> + * Copyright 2011, Matthieu Patou <mat@matws.net> * * $Id$ * @@ -41,6 +42,7 @@ int hf_nt_cs_len = -1; +int hf_nt_error; int hf_nt_cs_size = -1; static int hf_lsa_String_name_len = -1; static int hf_lsa_String_name_size = -1; @@ -75,6 +77,82 @@ const value_string platform_id_vals[] = { { 0, NULL } }; +int +dissect_null_term_string(tvbuff_t *tvb, int offset, + packet_info *pinfo _U_, proto_tree *tree, + guint8 *drep _U_, int hf_index, int levels _U_) +{ + guint8 data; + int tmp_offset = offset; + guint32 len = 0; + char *s; + + data = tvb_get_guint8 (tvb, tmp_offset); + for ( ;tvb_length_remaining (tvb, tmp_offset) > 0 && data; tmp_offset++) { + data = tvb_get_guint8 (tvb, tmp_offset); + } + + /* Let's try to the terminator on the last char ...*/ + if (data) { + tmp_offset++; + data = tvb_get_guint8 (tvb, tmp_offset); + } + + if (data) { + proto_item *ti; + + ti = proto_tree_add_string(tree, hf_nt_error, tvb, offset, tmp_offset - offset, "Not a null terminated string"); + return tmp_offset; + /*expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_WARN, + "Length of item (%d) is not valid", length);*/ + } + + len = tmp_offset - offset; + /* tvb_get_ephemeral_string didn't want the length with the 0*/ + s = tvb_get_ephemeral_string(tvb, offset, len); + proto_tree_add_string(tree, hf_index, tvb, offset, len + 1, s); + + return tmp_offset; +} + +int +dissect_null_term_wstring(tvbuff_t *tvb, int offset, + packet_info *pinfo _U_, proto_tree *tree, + guint8 *drep, int hf_index, int levels _U_) +{ + guint16 data; + int tmp_offset = offset; + guint32 len = 0; + char *s; + + data = dcerpc_tvb_get_ntohs(tvb, tmp_offset, drep); + for ( ; tvb_length_remaining (tvb, tmp_offset) > 1 && data; tmp_offset +=2) { + data = dcerpc_tvb_get_ntohs(tvb, tmp_offset, drep); + } + + /* Let's try to find the terminator on the last char ...*/ + + if (data) { + tmp_offset += 2; + data = dcerpc_tvb_get_ntohs(tvb, tmp_offset, drep); + } + + if (data) { + proto_item *ti; + ti = proto_tree_add_string(tree, hf_nt_error, tvb, offset, tmp_offset - offset, "Not a null terminated string"); + return tmp_offset; + /*expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_WARN, + "Length of item (%d) is not valid", length);*/ + } + len = tmp_offset - offset; + + /* tvb_get_ephemeral_string didn't want the length with the 0*/ + s = tvb_get_unicode_string(tvb, offset, len, ENC_LITTLE_ENDIAN); + proto_tree_add_string(tree, hf_index, tvb, offset, len, s); + + return tmp_offset; +} + /* Parse some common RPC structures */ /* Dissect a counted string as a callback to dissect_ndr_pointer_cb() */ @@ -1822,6 +1900,11 @@ void dcerpc_smb_init(int proto_dcerpc) TFS(&tfs_nt_acb_autolock), 0x0400, "If this account has been autolocked", HFILL }}, + { &hf_nt_error, + { "Wrong string type", "dcerpc.nt.sting_error", + FT_STRING, BASE_NONE, NULL, 0x0, + "Non terminated string", HFILL }}, + /* SIDs */ { &hf_nt_domain_sid, |