aboutsummaryrefslogtreecommitdiffstats
path: root/packet-smb-pipe.c
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2001-11-28 09:44:27 +0000
committerGuy Harris <guy@alum.mit.edu>2001-11-28 09:44:27 +0000
commitce66d97e35ffc7e5614f50a6f04b23e8c2b20364 (patch)
tree99a68e904ec382ac769ffd80c0dcf32ca607d1b2 /packet-smb-pipe.c
parent56636f157abdc8472bcf43de4837d5af2058de16 (diff)
Updates to transaction reassembly, from Ronnie Sahlberg.
Add some checks for null tvbuff arguments. When dissecting transaction setup, parameters, and data when we couldn't dissect it as a pipe or mailslot transaction, use the reported length of the supplied tvbuff, not the actual length, as the amount of data present. svn path=/trunk/; revision=4291
Diffstat (limited to 'packet-smb-pipe.c')
-rw-r--r--packet-smb-pipe.c30
1 files changed, 29 insertions, 1 deletions
diff --git a/packet-smb-pipe.c b/packet-smb-pipe.c
index 4db28b6d41..c914c8fe17 100644
--- a/packet-smb-pipe.c
+++ b/packet-smb-pipe.c
@@ -8,7 +8,7 @@ XXX Fixme : shouldnt show [malformed frame] for long packets
* significant rewrite to tvbuffify the dissector, Ronnie Sahlberg and
* Guy Harris 2001
*
- * $Id: packet-smb-pipe.c,v 1.56 2001/11/27 09:37:18 guy Exp $
+ * $Id: packet-smb-pipe.c,v 1.57 2001/11/28 09:44:27 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@@ -1986,6 +1986,12 @@ dissect_pipe_lanman(tvbuff_t *pd_tvb, tvbuff_t *p_tvb, tvbuff_t *d_tvb,
if (!proto_is_protocol_enabled(proto_smb_lanman))
return FALSE;
+ if (smb_info->request && p_tvb == NULL) {
+ /*
+ * Requests must have parameters.
+ */
+ return FALSE;
+ }
pinfo->current_proto = "LANMAN";
if (check_col(pinfo->fd, COL_PROTOCOL)) {
@@ -2772,6 +2778,8 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
* Only dissect this if we know the FID.
*/
if (fid != -1) {
+ if (d_tvb == NULL)
+ return FALSE;
return dissect_pipe_msrpc(d_tvb, pinfo, tree,
fid);
}
@@ -2800,6 +2808,8 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
* Request contains no parameters or data.
*/
if (!smb_info->request) {
+ if (p_tvb == NULL)
+ return FALSE;
offset = 0;
proto_tree_add_item(pipe_tree, hf_pipe_peek_available,
p_tvb, offset, 2, TRUE);
@@ -2818,6 +2828,8 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
* Request contains no parameters or data.
*/
if (!smb_info->request) {
+ if (p_tvb == NULL)
+ return FALSE;
offset = dissect_ipc_state(p_tvb, pinfo, pipe_tree, 0,
FALSE);
}
@@ -2828,6 +2840,8 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
* Response contains no parameters or data.
*/
if (smb_info->request) {
+ if (p_tvb == NULL)
+ return FALSE;
offset = dissect_ipc_state(p_tvb, pinfo, pipe_tree, 0,
TRUE);
}
@@ -2836,6 +2850,9 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
case Q_NM_PIPE_INFO:
offset = 0;
if (smb_info->request) {
+ if (p_tvb == NULL)
+ return FALSE;
+
/*
* Request contains an information level.
*/
@@ -2847,6 +2864,9 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
} else {
guint8 pipe_namelen;
+ if (d_tvb == NULL)
+ return FALSE;
+
switch (tri->info_level) {
case 1:
@@ -2885,6 +2905,9 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
* Request contains no parameters or data.
*/
if (!smb_info->request) {
+ if (d_tvb == NULL)
+ return FALSE;
+
offset = dissect_file_data(d_tvb, pinfo, pipe_tree, 0,
tvb_reported_length(d_tvb),
tvb_reported_length(d_tvb));
@@ -2894,10 +2917,15 @@ dissect_pipe_smb(tvbuff_t *sp_tvb, tvbuff_t *s_tvb, tvbuff_t *pd_tvb,
case RAW_WRITE_NM_PIPE:
offset = 0;
if (smb_info->request) {
+ if (d_tvb == NULL)
+ return FALSE;
+
offset = dissect_file_data(d_tvb, pinfo, pipe_tree,
offset, tvb_reported_length(d_tvb),
tvb_reported_length(d_tvb));
} else {
+ if (p_tvb == NULL)
+ return FALSE;
proto_tree_add_item(pipe_tree,
hf_pipe_write_raw_bytes_written,
p_tvb, offset, 2, TRUE);