diff options
| author | Richard Sharpe <realrichardsharpe@gmail.com> | 2015-03-28 08:34:12 -0700 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2015-04-01 03:03:17 +0000 |
| commit | 752f5de7194c96803a7c350d8b9e67b2203a01bf (patch) | |
| tree | ee761d63aeeb3da4ba3b4ced4f7ae8e35d4d32a5 /epan | |
| parent | c5b35c290114550e67e3e71a49aa75ed8bdb39cc (diff) | |
Fix bug #10858. There were several cases where uint32 fields were mistaken
for two uint16 fields and three fields were merged into one as an unknown.
There was also an unnecessary unknown field on the end that caused a
malformed packet exception to occur.
Tested with a capture of a rename.
Bug: 10858
Change-Id: Ibcf22270d2c34605bb47e3a9804b53746597572d
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/7837
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-smb2.c | 57 |
1 files changed, 37 insertions, 20 deletions
diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index a38e9404eb..c5318aa43f 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -81,6 +81,7 @@ static int hf_smb2_security_blob = -1; static int hf_smb2_ioctl_in_data = -1; static int hf_smb2_ioctl_out_data = -1; static int hf_smb2_unknown = -1; +static int hf_smb2_root_directory_mbz = -1; static int hf_smb2_twrp_timestamp = -1; static int hf_smb2_mxac_timestamp = -1; static int hf_smb2_mxac_status = -1; @@ -96,6 +97,7 @@ static int hf_smb2_current_time = -1; static int hf_smb2_boot_time = -1; static int hf_smb2_filename = -1; static int hf_smb2_filename_len = -1; +static int hf_smb2_replace_if = -1; static int hf_smb2_nlinks = -1; static int hf_smb2_delete_pending = -1; static int hf_smb2_is_directory = -1; @@ -343,6 +345,7 @@ static int hf_smb2_error_byte_count = -1; static int hf_smb2_error_data = -1; static int hf_smb2_error_reserved = -1; static int hf_smb2_reserved = -1; +static int hf_smb2_reserved_random = -1; static int hf_smb2_transform_signature = -1; static int hf_smb2_transform_nonce = -1; static int hf_smb2_transform_msg_size = -1; @@ -1605,12 +1608,8 @@ dissect_smb2_file_all_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *pa /* file name length */ length = tvb_get_letohs(tvb, offset); - proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); - offset += 2; - - /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA); - offset += 2; + proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; /* file name */ if (length) { @@ -1625,7 +1624,6 @@ dissect_smb2_file_all_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *pa } offset += length; - return offset; } @@ -2057,6 +2055,11 @@ dissect_smb2_file_full_ea_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree return offset; } +static const true_false_string tfs_replace_if_exists = { + "Replace the target if it exists", + "Fail if the target exists" +}; + static int dissect_smb2_file_rename_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *parent_tree, int offset, smb2_info_t *si _U_) { @@ -2072,18 +2075,22 @@ dissect_smb2_file_rename_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree tree = proto_item_add_subtree(item, ett_smb2_file_rename_info); } - /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 16, ENC_NA); - offset += 16; + /* ReplaceIfExists */ + proto_tree_add_item(tree, hf_smb2_replace_if, tvb, offset, 1, ENC_NA); + offset += 1; + + /* reserved */ + proto_tree_add_item(tree, hf_smb2_reserved_random, tvb, offset, 7, ENC_NA); + offset += 7; + + /* Root Directory Handle, MBZ */ + proto_tree_add_item(tree, hf_smb2_root_directory_mbz, tvb, offset, 8, ENC_NA); + offset += 8; /* file name length */ length = tvb_get_letohs(tvb, offset); - proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); - offset += 2; - - /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 2, ENC_NA); - offset += 2; + proto_tree_add_item(tree, hf_smb2_filename_len, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; /* file name */ if (length) { @@ -2099,10 +2106,6 @@ dissect_smb2_file_rename_info(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree } offset += length; - /* some unknown bytes */ - proto_tree_add_item(tree, hf_smb2_unknown, tvb, offset, 4, ENC_NA); - offset += 4; - return offset; } @@ -7535,13 +7538,19 @@ proto_register_smb2(void) { &hf_smb2_tree, { "Tree", "smb2.tree", FT_STRING, BASE_NONE, NULL, 0, "Name of the Tree/Share", HFILL }}, + { &hf_smb2_filename, { "Filename", "smb2.filename", FT_STRING, BASE_NONE, NULL, 0, "Name of the file", HFILL }}, + { &hf_smb2_filename_len, { "Filename Length", "smb2.filename.len", FT_UINT32, BASE_DEC, NULL, 0, "Length of the file name", HFILL }}, + { &hf_smb2_replace_if, + { "Replace If", "smb2.rename.replace_if", FT_BOOLEAN, 8, + TFS(&tfs_replace_if_exists), 0xFF, "Whether to replace if the target exists", HFILL }}, + { &hf_smb2_data_offset, { "Data Offset", "smb2.data_offset", FT_UINT16, BASE_HEX, NULL, 0, "Offset to data", HFILL }}, @@ -8489,6 +8498,14 @@ proto_register_smb2(void) { "Reserved", "smb2.reserved", FT_BYTES, BASE_NONE, NULL, 0, "Reserved bytes", HFILL }}, + { &hf_smb2_reserved_random, + { "Reserved (Random)", "smb2.reserved.random", FT_BYTES, BASE_NONE, + NULL, 0, "Reserved bytes, random data", HFILL }}, + + { &hf_smb2_root_directory_mbz, + { "Root Dir Handle (MBZ)", "smb2.root_directory", FT_BYTES, BASE_NONE, + NULL, 0, "Root Directory Handle, mbz", HFILL }}, + { &hf_smb2_dhnq_buffer_reserved, { "Reserved", "smb2.dhnq_buffer_reserved", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL}}, |