diff options
| author | Gerald Combs <gerald@wireshark.org> | 2011-02-23 00:51:02 +0000 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2011-02-23 00:51:02 +0000 |
| commit | 47837956900070b04a47f0289de3fb0ce2c3251c (patch) | |
| tree | adfd156482ef20ce84a4fb62abe389cf2e894b52 /epan/dissectors/packet-smb-common.c | |
| parent | 740c1c4aeb072e81b13b95020a1547da8eecffbf (diff) | |
Split get_dns_name() into get_dns_name() and expand_dns_name().
In dissect_ms_compressed_string() dissect_mscldap_string() simply call
expand_dns_name() instead of using duplicate (and insecure) code. This
*might* break CLDAP and SMB dissection. If that's the case we should
probably revert get_dns_name() and simplify expand_dns_name().
Fixes infinite recursion errors found by joernchen of Phenoelit.
svn path=/trunk/; revision=36029
Diffstat (limited to 'epan/dissectors/packet-smb-common.c')
| -rw-r--r-- | epan/dissectors/packet-smb-common.c | 79 |
1 files changed, 10 insertions, 69 deletions
diff --git a/epan/dissectors/packet-smb-common.c b/epan/dissectors/packet-smb-common.c index 501a660657..dba733a81a 100644 --- a/epan/dissectors/packet-smb-common.c +++ b/epan/dissectors/packet-smb-common.c @@ -36,6 +36,8 @@ #include <epan/strutil.h> #include "packet-smb-common.h" +#include "packet-dns.h" + /* * Share type values - used in LANMAN and in SRVSVC. * @@ -124,84 +126,23 @@ int display_unicode_string(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_i return offset+len; } -static int dissect_ms_compressed_string_internal(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot) -{ - guint8 len; - - len=tvb_get_guint8(tvb, offset); - offset+=1; - *str=0; - - /* XXX: Reserve 4 chars for "...\0" */ - while(len){ - /* add potential field separation dot */ - if(prepend_dot){ - if(maxlen<=4){ - *str=0; - return offset; - } - maxlen--; - *str++='.'; - *str=0; - } - - if(len==0xc0){ - int new_offset; - /* ops its a mscldap compressed string */ - - new_offset=tvb_get_guint8(tvb, offset); - if (new_offset == offset - 1) - THROW(ReportedBoundsError); - offset+=1; - - dissect_ms_compressed_string_internal(tvb, new_offset, str, maxlen, FALSE); - - return offset; - } - - prepend_dot=TRUE; - - if(len>(maxlen-4)){ - *str++='.'; - *str++='.'; - *str++='.'; - *str=0; - return offset; /* will mess up offset in caller, is unlikely */ - } - tvb_memcpy(tvb, str, offset, len); - str+=len; - *str=0; - maxlen-=len; - offset+=len; - - - len=tvb_get_guint8(tvb, offset); - offset+=1; - } - *str=0; - return offset; -} - /* Max string length for displaying Unicode strings. */ #define MAX_UNICODE_STR_LEN 256 int dissect_ms_compressed_string(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_index, - gboolean prepend_dot, char **data) + char **data) { - int old_offset=offset; - char *str; - int len; + int compr_len; + const guchar *str = NULL; - len = MAX_UNICODE_STR_LEN+3+1; - str=ep_alloc(len); - - offset=dissect_ms_compressed_string_internal(tvb, offset, str, len, prepend_dot); - proto_tree_add_string(tree, hf_index, tvb, old_offset, offset-old_offset, str); + /* The name data MUST start at offset 0 of the tvb */ + compr_len = expand_dns_name(tvb, offset, MAX_UNICODE_STR_LEN+3+1, 0, &str); + proto_tree_add_string(tree, hf_index, tvb, offset, compr_len, str); if (data) - *data = str; + *data = (char*) str; - return offset; + return offset + compr_len; } /* Turn a little-endian Unicode '\0'-terminated string into a string we |