diff options
author | Gordon Ross <gordon.w.ross@gmail.com> | 2016-05-25 21:54:20 -0400 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2016-05-26 10:43:25 +0000 |
commit | 32c1a2a3150113451240f7ec6699e17a08678506 (patch) | |
tree | 91729138a4721dd8c04b5e3f1e83111423dd6d92 /epan/dissectors/packet-smb.c | |
parent | 931465257e1b18dc3480451dda0ada1f65945df4 (diff) |
SMB NtCreate andX with extended response sometimes incorrect
Bug: 12473
Change-Id: Id513a89c5674e7288c7e0b12a06076eec18ff830
Reviewed-on: https://code.wireshark.org/review/15568
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-smb.c')
-rw-r--r-- | epan/dissectors/packet-smb.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/epan/dissectors/packet-smb.c b/epan/dissectors/packet-smb.c index 11f93dd1b6..a576f8ed67 100644 --- a/epan/dissectors/packet-smb.c +++ b/epan/dissectors/packet-smb.c @@ -10068,16 +10068,17 @@ dissect_nt_create_andx_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t proto_tree_add_item(tree, hf_smb_is_directory, tvb, offset, 1, ENC_LITTLE_ENDIAN); offset += 1; - /* Do we know whether or not EXTENDED_RESPONSES are required? */ - /* MS-SMB 2.2.4.9.2 says that there is a Volume GUID, File ID, - Maximal Access Rights and Guest Maximal Access Rights here - if ExtendedResponses requested. */ - if ((si->sip != NULL) && (si->sip->extra_info_type == SMB_EI_FILEDATA) && - (((smb_fid_saved_info_t *)(si->sip->extra_info))->create_flags & 0x10)) { + /* Always use the word count to decide if this is an "extended" response. + When the server doesn't support the 0x10 flag, it will send a normal + 34 word response, so the word count is the only way to tell which of + the response formats we have. MS-SMB 2.2.4.9.2 + Also note that the extended format is actually 50 words, but in a + "windows behavior note" they say Windows sets word count to 42. + Handle anything 42 or larger as "extended" format. */ + if (wc >= 42) { proto_tree *tr = NULL; /* The first field is a Volume GUID ... */ - proto_tree_add_item(tree, hf_smb_volume_guid, tvb, offset, 16, ENC_NA); offset += 16; |