diff options
author | Guy Harris <guy@alum.mit.edu> | 2002-08-10 21:15:37 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2002-08-10 21:15:37 +0000 |
commit | 2cfb231081ebc74b6812a346ee32cfafb1a5ca9a (patch) | |
tree | bf42878d925ca8d64680332c93677496722f03a2 /packet-smb-common.c | |
parent | ab5e55b841bf2a22b14b0085b23b942906375be1 (diff) |
From Devin Heitmueller: dissect NTLMSSP authentication messages, and handle
the flags field in NTLMSSP messages as a 32-bit field.
Make "get_unicode_or_ascii_string()" take a "Unicode or not" flag rather
than a "packet_info *" as an argument, make it not static, and move it
to "packet-smb-common.c", so that it can be used by the SMB dissector
and the NTLMSSP dissector. Also get rid of some _U_'s that are applied
to arguments that are, in fact, used.
svn path=/trunk/; revision=5976
Diffstat (limited to 'packet-smb-common.c')
-rw-r--r-- | packet-smb-common.c | 147 |
1 files changed, 146 insertions, 1 deletions
diff --git a/packet-smb-common.c b/packet-smb-common.c index 6d78b9fc9d..d76cfbfdc7 100644 --- a/packet-smb-common.c +++ b/packet-smb-common.c @@ -2,7 +2,7 @@ * Common routines for smb packet dissection * Copyright 2000, Jeffrey C. Foster <jfoste@woodward.com> * - * $Id: packet-smb-common.c,v 1.12 2002/06/16 00:39:30 guy Exp $ + * $Id: packet-smb-common.c,v 1.13 2002/08/10 21:15:37 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -127,6 +127,151 @@ int display_unicode_string(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_i return offset+len; } +/* Max string length for displaying Unicode strings. */ +#define MAX_UNICODE_STR_LEN 256 + +/* Turn a little-endian Unicode '\0'-terminated string into a string we + can display. + XXX - for now, we just handle the ISO 8859-1 characters. + If exactlen==TRUE then us_lenp contains the exact len of the string in + bytes. It might not be null terminated ! + bc specifies the number of bytes in the byte parameters; Windows 2000, + at least, appears, in some cases, to put only 1 byte of 0 at the end + of a Unicode string if the byte count +*/ +static gchar * +unicode_to_str(tvbuff_t *tvb, int offset, int *us_lenp, gboolean exactlen, + guint16 bc) +{ + static gchar str[3][MAX_UNICODE_STR_LEN+3+1]; + static gchar *cur; + gchar *p; + guint16 uchar; + int len; + int us_len; + int overflow = 0; + + if (cur == &str[0][0]) { + cur = &str[1][0]; + } else if (cur == &str[1][0]) { + cur = &str[2][0]; + } else { + cur = &str[0][0]; + } + p = cur; + len = MAX_UNICODE_STR_LEN; + us_len = 0; + for (;;) { + if (bc == 0) + break; + if (bc == 1) { + /* XXX - explain this */ + if (!exactlen) + us_len += 1; /* this is a one-byte null terminator */ + break; + } + uchar = tvb_get_letohs(tvb, offset); + if (uchar == 0) { + us_len += 2; /* this is a two-byte null terminator */ + break; + } + if (len > 0) { + if ((uchar & 0xFF00) == 0) + *p++ = uchar; /* ISO 8859-1 */ + else + *p++ = '?'; /* not 8859-1 */ + len--; + } else + overflow = 1; + offset += 2; + bc -= 2; + us_len += 2; + if(exactlen){ + if(us_len>= *us_lenp){ + break; + } + } + } + if (overflow) { + /* Note that we're not showing the full string. */ + *p++ = '.'; + *p++ = '.'; + *p++ = '.'; + } + *p = '\0'; + *us_lenp = us_len; + return cur; +} + +/* nopad == TRUE : Do not add any padding before this string + * exactlen == TRUE : len contains the exact len of the string in bytes. + * bc: pointer to variable with amount of data left in the byte parameters + * region + */ +const gchar * +get_unicode_or_ascii_string(tvbuff_t *tvb, int *offsetp, + gboolean useunicode, int *len, gboolean nopad, gboolean exactlen, + guint16 *bcp) +{ + static gchar str[3][MAX_UNICODE_STR_LEN+3+1]; + static gchar *cur; + const gchar *string; + int string_len; + unsigned int copylen; + + if (*bcp == 0) { + /* Not enough data in buffer */ + return NULL; + } + if (useunicode) { + if ((!nopad) && (*offsetp % 2)) { + /* + * XXX - this should be an offset relative to the beginning of the SMB, + * not an offset relative to the beginning of the frame; if the stuff + * before the SMB has an odd number of bytes, an offset relative to + * the beginning of the frame will give the wrong answer. + */ + (*offsetp)++; /* Looks like a pad byte there sometimes */ + (*bcp)--; + if (*bcp == 0) { + /* Not enough data in buffer */ + return NULL; + } + } + if(exactlen){ + string_len = *len; + } + string = unicode_to_str(tvb, *offsetp, &string_len, exactlen, *bcp); + } else { + if(exactlen){ + /* + * The string we return must be null-terminated. + */ + if (cur == &str[0][0]) { + cur = &str[1][0]; + } else if (cur == &str[1][0]) { + cur = &str[2][0]; + } else { + cur = &str[0][0]; + } + copylen = *len; + if (copylen > MAX_UNICODE_STR_LEN) + copylen = MAX_UNICODE_STR_LEN; + tvb_memcpy(tvb, (guint8 *)cur, *offsetp, copylen); + cur[copylen] = '\0'; + if (copylen > MAX_UNICODE_STR_LEN) + strcat(cur, "..."); + string_len = *len; + string = cur; + } else { + string_len = tvb_strsize(tvb, *offsetp); + string = tvb_get_ptr(tvb, *offsetp, string_len); + } + } + *len = string_len; + return string; +} + int dissect_smb_unknown(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset) { |