diff options
| author | Gerald Combs <gerald@wireshark.org> | 2005-04-16 21:54:32 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2005-04-16 21:54:32 +0000 |
| commit | 83f3aa6e082bea11de6bfe7c9c8ede419a2aff55 (patch) | |
| tree | 6c5bfed8fc78f85ff40462f798d09689464b18d9 /epan/dissectors/packet-smb-pipe.c | |
| parent | 3625956f52d2e29e20f3858330a8165e0c1683db (diff) | |
Add an extra_info_type field to smb_extra_info_t so that we can make
sure we're not referencing a fid when we think we're referencing an
smb_nt_transact_info_t pointer. (A fuzzed capture I have triggers
this behavior).
svn path=/trunk/; revision=14107
Diffstat (limited to 'epan/dissectors/packet-smb-pipe.c')
| -rw-r--r-- | epan/dissectors/packet-smb-pipe.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/epan/dissectors/packet-smb-pipe.c b/epan/dissectors/packet-smb-pipe.c index bc1ffea3ed..875a3a5b3b 100644 --- a/epan/dissectors/packet-smb-pipe.c +++ b/epan/dissectors/packet-smb-pipe.c @@ -438,9 +438,12 @@ add_detail_level(tvbuff_t *tvb, int offset, int count _U_, packet_info *pinfo, proto_tree *tree, int convert _U_, int hf_index) { struct smb_info *smb_info = pinfo->private_data; - smb_transact_info_t *trp = smb_info->sip->extra_info; + smb_transact_info_t *trp = NULL; guint16 level; + if (smb_info->sip->extra_info_type == SMB_EI_TRI) + trp = smb_info->sip->extra_info; + level = tvb_get_letohs(tvb, offset); if (!pinfo->fd->flags.visited) trp->info_level = level; /* remember this for the response */ @@ -2459,7 +2462,7 @@ dissect_response_data(tvbuff_t *tvb, packet_info *pinfo, int convert, const struct lanman_desc *lanman, gboolean has_ent_count, guint16 ent_count) { - smb_transact_info_t *trp = smb_info->sip->extra_info; + smb_transact_info_t *trp = NULL; const item_list_t *resp_data_list; int offset, start_offset; const char *label; @@ -2472,6 +2475,9 @@ dissect_response_data(tvbuff_t *tvb, packet_info *pinfo, int convert, guint i, j; guint16 aux_count; + if (smb_info->sip->extra_info_type == SMB_EI_TRI) + trp = smb_info->sip->extra_info; + /* * Find the item table for the matching request's detail level. */ @@ -2607,7 +2613,7 @@ dissect_pipe_lanman(tvbuff_t *pd_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, packet_info *pinfo, proto_tree *parent_tree) { smb_info_t *smb_info = pinfo->private_data; - smb_transact_info_t *trp = smb_info->sip->extra_info; + smb_transact_info_t *trp = NULL; int offset = 0, start_offset; guint16 cmd; guint16 status; @@ -2624,6 +2630,9 @@ dissect_pipe_lanman(tvbuff_t *pd_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb, proto_item *data_item; proto_tree *data_tree; + if (smb_info->sip->extra_info_type == SMB_EI_TRI) + trp = smb_info->sip->extra_info; + if (!proto_is_protocol_enabled(find_protocol_by_id(proto_smb_lanman))) return FALSE; if (smb_info->request && p_tvb == NULL) { @@ -3536,7 +3545,7 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb, smb_info->request ? "Request" : "Response"); } - if (smb_info->sip != NULL) + if (smb_info->sip != NULL && smb_info->sip->extra_info_type == SMB_EI_TRI) tri = smb_info->sip->extra_info; else tri = NULL; |