diff options
author | Guy Harris <guy@alum.mit.edu> | 2013-12-15 19:48:15 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2013-12-15 19:48:15 +0000 |
commit | 59dddc25ec39be11e00cfe1ff0a839f63d75a26f (patch) | |
tree | 7a1ef525f1870a36f2d362ae3cce76ba2d30c1d9 /epan/dissectors/packet-dcerpc.c | |
parent | afc0d8af03dd33dbc1e7a538cae5aa79c08b157c (diff) |
In dissect_ndr_byte_array(), use the field index from the dcerpc_info
structure, rather than a fixed field. Get rid of that fixed field, as
it's no longer needed.
Use dissect_ndr_byte_array() rather than dissect_ndr_char_cvstring() in
a case where we have an opaque byte array.
Have dissect_ndr_cvstring() and dissect_ndr_vstring() - and, therefore,
routines that call them, such as dissect_ndr_cstring(),
dissect_ndr_char_cvstring(), dissect_ndr_char_vstring(), and
dissect_ndr_wchar_vstring() - require that the field being used by an
FT_STRING field. Manually fix a case where the PIDL generator makes
such a field FT_NONE rather than FT_STRING. Also handle EBCDIC, just in
case we happen to see a packet with EBCDIC strings.
Use tvb_get_string_enc(), rather than tvb_get_unicode_string() or
tvb_get_string(), in dissect_ndr_cvstring() and dissect_ndr_vstring().
svn path=/trunk/; revision=54134
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
-rw-r--r-- | epan/dissectors/packet-dcerpc.c | 134 |
1 files changed, 60 insertions, 74 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index 77f1b5eaea..3182cf0732 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -569,7 +569,6 @@ static int hf_dcerpc_dg_status = -1; static int hf_dcerpc_array_max_count = -1; static int hf_dcerpc_array_offset = -1; static int hf_dcerpc_array_actual_count = -1; -static int hf_dcerpc_array_buffer = -1; static int hf_dcerpc_op = -1; static int hf_dcerpc_referent_id = -1; static int hf_dcerpc_fragments = -1; @@ -1939,8 +1938,8 @@ dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo, DISSECTOR_ASSERT(len <= G_MAXUINT32); if (tree && len) { tvb_ensure_bytes_exist(tvb, offset, (guint32)len); - proto_tree_add_item(tree, hf_dcerpc_array_buffer, - tvb, offset, (guint32)len, ENC_NA); + proto_tree_add_item(tree, di->hf_index, tvb, offset, (guint32)len, + ENC_NA); } offset += (guint32)len; @@ -1961,12 +1960,16 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is, int hfindex, gboolean add_subtree, char **data) { + header_field_info *hfinfo; proto_item *string_item; proto_tree *string_tree; guint64 len; guint32 buffer_len; char *s; - header_field_info *hfinfo; + + /* Make sure this really is a string field. */ + hfinfo = proto_registrar_get_nth(hfindex); + DISSECTOR_ASSERT(hfinfo->type == FT_STRING); if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ @@ -2000,44 +2003,35 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, if (!di->no_align && (offset % size_is)) offset += size_is - (offset % size_is); + /* + * "tvb_get_string_enc()" throws an exception if the entire string + * isn't in the tvbuff. If the length is bogus, this should + * keep us from trying to allocate an immensely large buffer. + * (It won't help if the length is *valid* but immensely large, + * but that's another matter; in any case, that would happen only + * if we had an immensely large tvbuff....) + * + * XXX - so why are we doing tvb_ensure_bytes_exist()? + */ + tvb_ensure_bytes_exist(tvb, offset, buffer_len); if (size_is == sizeof(guint16)) { - /* XXX - use drep to determine the byte order? */ - /* XXX - once we have an ENC_ value for UTF-16, just use - proto_tree_add_item() with the appropriate ENC_ value? */ - /* XXX - should this ever be used with something that's *not* - an FT_STRING? */ - s = tvb_get_unicode_string(wmem_packet_scope(), tvb, offset, buffer_len, ENC_LITTLE_ENDIAN); - if (tree && buffer_len) { - hfinfo = proto_registrar_get_nth(hfindex); - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - if (hfinfo->type == FT_STRING) { - proto_tree_add_string(string_tree, hfindex, tvb, offset, - buffer_len, s); - } else { - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); - } - } - - } else { /* - * "tvb_get_string()" throws an exception if the entire string - * isn't in the tvbuff. If the length is bogus, this should - * keep us from trying to allocate an immensely large buffer. - * (It won't help if the length is *valid* but immensely large, - * but that's another matter; in any case, that would happen only - * if we had an immensely large tvbuff....) + * Assume little-endian UTF-16. * - * XXX - if this is an octet string, does the byte order - * matter? Will this ever be anything *other* than an - * octet string? What if size_is is neither 1 nor 2? + * XXX - is this always little-endian? */ - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - s = tvb_get_string(wmem_packet_scope(), tvb, offset, buffer_len); - if (tree && buffer_len) - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + ENC_UTF_16|ENC_LITTLE_ENDIAN); + } else { + /* + * XXX - what if size_is is neither 1 nor 2? + */ + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + DREP_ENC_CHAR(drep)); } + if (tree && buffer_len) + proto_tree_add_string(string_tree, hfindex, tvb, offset, + buffer_len, s); if (string_item != NULL) proto_item_append_text(string_item, ": %s", s); @@ -2151,12 +2145,16 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is, int hfindex, gboolean add_subtree, char **data) { + header_field_info *hfinfo; proto_item *string_item; proto_tree *string_tree; guint64 len; guint32 buffer_len; char *s; - header_field_info *hfinfo; + + /* Make sure this really is a string field. */ + hfinfo = proto_registrar_get_nth(hfindex); + DISSECTOR_ASSERT(hfinfo->type == FT_STRING); if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ @@ -2186,44 +2184,35 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, if (!di->no_align && (offset % size_is)) offset += size_is - (offset % size_is); + /* + * "tvb_get_string_enc()" throws an exception if the entire string + * isn't in the tvbuff. If the length is bogus, this should + * keep us from trying to allocate an immensely large buffer. + * (It won't help if the length is *valid* but immensely large, + * but that's another matter; in any case, that would happen only + * if we had an immensely large tvbuff....) + * + * XXX - so why are we doing tvb_ensure_bytes_exist()? + */ + tvb_ensure_bytes_exist(tvb, offset, buffer_len); if (size_is == sizeof(guint16)) { - /* XXX - use drep to determine the byte order? */ - /* XXX - once we have an ENC_ value for UTF-16, just use - proto_tree_add_item() with the appropriate ENC_ value? */ - /* XXX - should this ever be used with something that's *not* - an FT_STRING? */ - s = tvb_get_unicode_string(wmem_packet_scope(), tvb, offset, buffer_len, ENC_LITTLE_ENDIAN); - if (tree && buffer_len) { - hfinfo = proto_registrar_get_nth(hfindex); - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - if (hfinfo->type == FT_STRING) { - proto_tree_add_string(string_tree, hfindex, tvb, offset, - buffer_len, s); - } else { - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); - } - } - - } else { /* - * "tvb_get_string()" throws an exception if the entire string - * isn't in the tvbuff. If the length is bogus, this should - * keep us from trying to allocate an immensely large buffer. - * (It won't help if the length is *valid* but immensely large, - * but that's another matter; in any case, that would happen only - * if we had an immensely large tvbuff....) + * Assume little-endian UTF-16. * - * XXX - if this is an octet string, does the byte order - * matter? Will this ever be anything *other* than an - * octet string? What if size_is is neither 1 nor 2? + * XXX - is this always little-endian? */ - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - s = tvb_get_string(wmem_packet_scope(), tvb, offset, buffer_len); - if (tree && buffer_len) - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + ENC_UTF_16|ENC_LITTLE_ENDIAN); + } else { + /* + * XXX - what if size_is is neither 1 nor 2? + */ + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + DREP_ENC_CHAR(drep)); } + if (tree && buffer_len) + proto_tree_add_string(string_tree, hfindex, tvb, offset, + buffer_len, s); if (string_item != NULL) proto_item_append_text(string_item, ": %s", s); @@ -6181,9 +6170,6 @@ proto_register_dcerpc(void) { &hf_dcerpc_array_actual_count, { "Actual Count", "dcerpc.array.actual_count", FT_UINT32, BASE_DEC, NULL, 0x0, "Actual Count: Actual number of elements in the array", HFILL }}, - { &hf_dcerpc_array_buffer, - { "Buffer", "dcerpc.array.buffer", FT_BYTES, BASE_NONE, NULL, 0x0, "Buffer: Buffer containing elements of the array", HFILL }}, - { &hf_dcerpc_op, { "Operation", "dcerpc.op", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, |