diff options
| -rw-r--r-- | epan/dissectors/packet-dcerpc-netlogon.c | 4 | ||||
| -rw-r--r-- | epan/dissectors/packet-dcerpc-nspi.c | 2 | ||||
| -rw-r--r-- | epan/dissectors/packet-dcerpc.c | 134 | ||||
| -rw-r--r-- | epan/dissectors/packet-dcerpc.h | 8 |
4 files changed, 71 insertions, 77 deletions
diff --git a/epan/dissectors/packet-dcerpc-netlogon.c b/epan/dissectors/packet-dcerpc-netlogon.c index de0ba211d4..99ad64d409 100644 --- a/epan/dissectors/packet-dcerpc-netlogon.c +++ b/epan/dissectors/packet-dcerpc-netlogon.c @@ -643,7 +643,7 @@ netlogon_dissect_EXTRA_FLAGS(tvbuff_t *tvb, int offset, return offset; } -int +static int dissect_ndr_lm_nt_hash_cb(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int hf_index, @@ -675,7 +675,7 @@ dissect_ndr_lm_nt_hash_cb(tvbuff_t *tvb, int offset, hf_nt_cs_size, &size); offset = dissect_ndr_pointer_cb(tvb, offset, pinfo, tree, di, drep, - dissect_ndr_char_cvstring, NDR_POINTER_UNIQUE, + dissect_ndr_byte_array, NDR_POINTER_UNIQUE, "Bytes Array", hf_index, callback, callback_args); return offset; diff --git a/epan/dissectors/packet-dcerpc-nspi.c b/epan/dissectors/packet-dcerpc-nspi.c index 7befde13fe..f300974272 100644 --- a/epan/dissectors/packet-dcerpc-nspi.c +++ b/epan/dissectors/packet-dcerpc-nspi.c @@ -10613,7 +10613,7 @@ void proto_register_dcerpc_nspi(void) { &hf_nspi_SPropValue_CTR_MVszW, { "Mvszw", "nspi.SPropValue_CTR.MVszW", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_nspi_LPSTR_lppszA, - { "Lppsza", "nspi.LPSTR.lppszA", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { "Lppsza", "nspi.LPSTR.lppszA", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_nspi_SPropValue_CTR_MVszA, { "Mvsza", "nspi.SPropValue_CTR.MVszA", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, { &hf_nspi_property_type, diff --git a/epan/dissectors/packet-dcerpc.c b/epan/dissectors/packet-dcerpc.c index 77f1b5eaea..3182cf0732 100644 --- a/epan/dissectors/packet-dcerpc.c +++ b/epan/dissectors/packet-dcerpc.c @@ -569,7 +569,6 @@ static int hf_dcerpc_dg_status = -1; static int hf_dcerpc_array_max_count = -1; static int hf_dcerpc_array_offset = -1; static int hf_dcerpc_array_actual_count = -1; -static int hf_dcerpc_array_buffer = -1; static int hf_dcerpc_op = -1; static int hf_dcerpc_referent_id = -1; static int hf_dcerpc_fragments = -1; @@ -1939,8 +1938,8 @@ dissect_ndr_byte_array(tvbuff_t *tvb, int offset, packet_info *pinfo, DISSECTOR_ASSERT(len <= G_MAXUINT32); if (tree && len) { tvb_ensure_bytes_exist(tvb, offset, (guint32)len); - proto_tree_add_item(tree, hf_dcerpc_array_buffer, - tvb, offset, (guint32)len, ENC_NA); + proto_tree_add_item(tree, di->hf_index, tvb, offset, (guint32)len, + ENC_NA); } offset += (guint32)len; @@ -1961,12 +1960,16 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is, int hfindex, gboolean add_subtree, char **data) { + header_field_info *hfinfo; proto_item *string_item; proto_tree *string_tree; guint64 len; guint32 buffer_len; char *s; - header_field_info *hfinfo; + + /* Make sure this really is a string field. */ + hfinfo = proto_registrar_get_nth(hfindex); + DISSECTOR_ASSERT(hfinfo->type == FT_STRING); if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ @@ -2000,44 +2003,35 @@ dissect_ndr_cvstring(tvbuff_t *tvb, int offset, packet_info *pinfo, if (!di->no_align && (offset % size_is)) offset += size_is - (offset % size_is); + /* + * "tvb_get_string_enc()" throws an exception if the entire string + * isn't in the tvbuff. If the length is bogus, this should + * keep us from trying to allocate an immensely large buffer. + * (It won't help if the length is *valid* but immensely large, + * but that's another matter; in any case, that would happen only + * if we had an immensely large tvbuff....) + * + * XXX - so why are we doing tvb_ensure_bytes_exist()? + */ + tvb_ensure_bytes_exist(tvb, offset, buffer_len); if (size_is == sizeof(guint16)) { - /* XXX - use drep to determine the byte order? */ - /* XXX - once we have an ENC_ value for UTF-16, just use - proto_tree_add_item() with the appropriate ENC_ value? */ - /* XXX - should this ever be used with something that's *not* - an FT_STRING? */ - s = tvb_get_unicode_string(wmem_packet_scope(), tvb, offset, buffer_len, ENC_LITTLE_ENDIAN); - if (tree && buffer_len) { - hfinfo = proto_registrar_get_nth(hfindex); - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - if (hfinfo->type == FT_STRING) { - proto_tree_add_string(string_tree, hfindex, tvb, offset, - buffer_len, s); - } else { - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); - } - } - - } else { /* - * "tvb_get_string()" throws an exception if the entire string - * isn't in the tvbuff. If the length is bogus, this should - * keep us from trying to allocate an immensely large buffer. - * (It won't help if the length is *valid* but immensely large, - * but that's another matter; in any case, that would happen only - * if we had an immensely large tvbuff....) + * Assume little-endian UTF-16. * - * XXX - if this is an octet string, does the byte order - * matter? Will this ever be anything *other* than an - * octet string? What if size_is is neither 1 nor 2? + * XXX - is this always little-endian? */ - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - s = tvb_get_string(wmem_packet_scope(), tvb, offset, buffer_len); - if (tree && buffer_len) - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + ENC_UTF_16|ENC_LITTLE_ENDIAN); + } else { + /* + * XXX - what if size_is is neither 1 nor 2? + */ + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + DREP_ENC_CHAR(drep)); } + if (tree && buffer_len) + proto_tree_add_string(string_tree, hfindex, tvb, offset, + buffer_len, s); if (string_item != NULL) proto_item_append_text(string_item, ": %s", s); @@ -2151,12 +2145,16 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep, int size_is, int hfindex, gboolean add_subtree, char **data) { + header_field_info *hfinfo; proto_item *string_item; proto_tree *string_tree; guint64 len; guint32 buffer_len; char *s; - header_field_info *hfinfo; + + /* Make sure this really is a string field. */ + hfinfo = proto_registrar_get_nth(hfindex); + DISSECTOR_ASSERT(hfinfo->type == FT_STRING); if (di->conformant_run) { /* just a run to handle conformant arrays, no scalars to dissect */ @@ -2186,44 +2184,35 @@ dissect_ndr_vstring(tvbuff_t *tvb, int offset, packet_info *pinfo, if (!di->no_align && (offset % size_is)) offset += size_is - (offset % size_is); + /* + * "tvb_get_string_enc()" throws an exception if the entire string + * isn't in the tvbuff. If the length is bogus, this should + * keep us from trying to allocate an immensely large buffer. + * (It won't help if the length is *valid* but immensely large, + * but that's another matter; in any case, that would happen only + * if we had an immensely large tvbuff....) + * + * XXX - so why are we doing tvb_ensure_bytes_exist()? + */ + tvb_ensure_bytes_exist(tvb, offset, buffer_len); if (size_is == sizeof(guint16)) { - /* XXX - use drep to determine the byte order? */ - /* XXX - once we have an ENC_ value for UTF-16, just use - proto_tree_add_item() with the appropriate ENC_ value? */ - /* XXX - should this ever be used with something that's *not* - an FT_STRING? */ - s = tvb_get_unicode_string(wmem_packet_scope(), tvb, offset, buffer_len, ENC_LITTLE_ENDIAN); - if (tree && buffer_len) { - hfinfo = proto_registrar_get_nth(hfindex); - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - if (hfinfo->type == FT_STRING) { - proto_tree_add_string(string_tree, hfindex, tvb, offset, - buffer_len, s); - } else { - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); - } - } - - } else { /* - * "tvb_get_string()" throws an exception if the entire string - * isn't in the tvbuff. If the length is bogus, this should - * keep us from trying to allocate an immensely large buffer. - * (It won't help if the length is *valid* but immensely large, - * but that's another matter; in any case, that would happen only - * if we had an immensely large tvbuff....) + * Assume little-endian UTF-16. * - * XXX - if this is an octet string, does the byte order - * matter? Will this ever be anything *other* than an - * octet string? What if size_is is neither 1 nor 2? + * XXX - is this always little-endian? */ - tvb_ensure_bytes_exist(tvb, offset, buffer_len); - s = tvb_get_string(wmem_packet_scope(), tvb, offset, buffer_len); - if (tree && buffer_len) - proto_tree_add_item(string_tree, hfindex, tvb, offset, - buffer_len, DREP_ENC_INTEGER(drep)); + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + ENC_UTF_16|ENC_LITTLE_ENDIAN); + } else { + /* + * XXX - what if size_is is neither 1 nor 2? + */ + s = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, buffer_len, + DREP_ENC_CHAR(drep)); } + if (tree && buffer_len) + proto_tree_add_string(string_tree, hfindex, tvb, offset, + buffer_len, s); if (string_item != NULL) proto_item_append_text(string_item, ": %s", s); @@ -6181,9 +6170,6 @@ proto_register_dcerpc(void) { &hf_dcerpc_array_actual_count, { "Actual Count", "dcerpc.array.actual_count", FT_UINT32, BASE_DEC, NULL, 0x0, "Actual Count: Actual number of elements in the array", HFILL }}, - { &hf_dcerpc_array_buffer, - { "Buffer", "dcerpc.array.buffer", FT_BYTES, BASE_NONE, NULL, 0x0, "Buffer: Buffer containing elements of the array", HFILL }}, - { &hf_dcerpc_op, { "Operation", "dcerpc.op", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, diff --git a/epan/dissectors/packet-dcerpc.h b/epan/dissectors/packet-dcerpc.h index af65eb25ef..6121077435 100644 --- a/epan/dissectors/packet-dcerpc.h +++ b/epan/dissectors/packet-dcerpc.h @@ -38,12 +38,20 @@ extern "C" { */ #define DREP_LITTLE_ENDIAN 0x10 +#define DREP_EBCDIC 0x01 + /* * Data representation to integer byte order. */ #define DREP_ENC_INTEGER(drep) \ (((drep)[0] & DREP_LITTLE_ENDIAN) ? ENC_LITTLE_ENDIAN : ENC_BIG_ENDIAN) +/* + * Data representation to (octet-string) character encoding. + */ +#define DREP_ENC_CHAR(drep) \ + (((drep)[0] & DREP_EBCDIC) ? ENC_EBCDIC|ENC_NA : ENC_ASCII|ENC_NA) + #ifdef PT_R4 /* now glib always includes signal.h and on linux PPC * signal.h defines PT_R4 |