diff options
| author | jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> | 2006-11-24 07:16:06 +0000 |
|---|---|---|
| committer | jake <jake@f5534014-38df-0310-8fa8-9805f1628bb7> | 2006-11-24 07:16:06 +0000 |
| commit | 4fafa98bca8e3f41546f19aab998867966ea4f4d (patch) | |
| tree | 0dc021256497d39bd2453ea436c1b7efb29e82ea /epan/dissectors/packet-dcerpc.c | |
| parent | 72e9ece6f3a1952759f2f8c651404420b454d64c (diff) | |
From Stefan Metzmacher:
This patch fixes some problems with encrypted DCERPC traffic
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@19971 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'epan/dissectors/packet-dcerpc.c')
| -rw-r--r-- | epan/dissectors/packet-dcerpc.c | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index e50d82f605..e90410c7e8 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -2127,7 +2127,7 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, dcerpc_dissect_fnct_t *volatile sub_dissect; const char *volatile saved_proto; void *volatile saved_private_data; - guint length, reported_length; + guint length = 0, reported_length = 0; tvbuff_t *volatile stub_tvb; volatile guint auth_pad_len; volatile int auth_pad_offset; @@ -2183,8 +2183,9 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, proc->dissect_rqst : proc->dissect_resp; if (tree) { - sub_item = proto_tree_add_item (tree, sub_proto->proto_id, tvb, 0, - -1, FALSE); + sub_item = proto_tree_add_item (tree, sub_proto->proto_id, + (decrypted_tvb != NULL)?decrypted_tvb:tvb, + 0, -1, FALSE); if (sub_item) { sub_tree = proto_item_add_subtree (sub_item, sub_proto->ett); @@ -2230,12 +2231,13 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, init_ndr_pointer_list(pinfo); + length = tvb_length(decrypted_tvb); + reported_length = tvb_reported_length(decrypted_tvb); + /* * Remove the authentication padding from the stub data. */ if (auth_info != NULL && auth_info->auth_pad_len != 0) { - length = tvb_length(decrypted_tvb); - reported_length = tvb_reported_length(decrypted_tvb); if (reported_length >= auth_info->auth_pad_len) { /* * OK, the padding length isn't so big that it @@ -2253,7 +2255,7 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, if (length > reported_length) length = reported_length; - stub_tvb = tvb_new_subset(tvb, 0, length, reported_length); + stub_tvb = tvb_new_subset(decrypted_tvb, 0, length, reported_length); auth_pad_len = auth_info->auth_pad_len; auth_pad_offset = reported_length; } else { @@ -2266,6 +2268,8 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, stub_tvb = NULL; auth_pad_len = reported_length; auth_pad_offset = 0; + length = 0; + reported_length = 0; } } else { /* @@ -2276,6 +2280,10 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, auth_pad_offset = 0; } + if (sub_item) { + proto_item_set_len(sub_item, length); + } + if (stub_tvb != NULL) { /* * Catch all exceptions other than BoundsError, so that even @@ -2287,25 +2295,24 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, * dissect; just re-throw that exception. */ TRY { - offset = sub_dissect (decrypted_tvb, 0, pinfo, sub_tree, + offset = sub_dissect (stub_tvb, 0, pinfo, sub_tree, drep); - if(tree) { + if(tree && offset > 0) { proto_item_set_len(sub_item, offset); } /* If we have a subdissector and it didn't dissect all data in the tvb, make a note of it. */ - /* XXX - don't do this, as this could be just another RPC Req./Resp. in this PDU */ - /*if (tvb_reported_length_remaining(stub_tvb, offset) > 0) { + if (tvb_reported_length_remaining(stub_tvb, offset) > 0) { if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "[Long frame (%d bytes)]", tvb_reported_length_remaining(stub_tvb, offset)); - }*/ + } } CATCH(BoundsError) { RETHROW; } CATCH_ALL { - show_exception(decrypted_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE); + show_exception(stub_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE); } ENDTRY; } |