aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-ntlmssp.c
AgeCommit message (Collapse)AuthorFilesLines
2013-09-06Set length and contents to 0/NULL if the blob is empty. FixesEvan Huus1-0/+2
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9107 svn path=/trunk/; revision=51798
2013-09-05add casts to make my compiler (gcc 4.6.3) happyMartin Kaiser1-3/+3
svn path=/trunk/; revision=51790
2013-09-05Make "content blob" dynamically sized so it doesn't take up 20k of memory ↵Michael Mann1-10/+30
per conversation. Add filterable expert info while we're at it. svn path=/trunk/; revision=51787
2013-09-05From Dirk:Anders Broman1-40/+39
fix NTLMSSP Target Info Attribute dissection https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9098 svn path=/trunk/; revision=51764
2013-08-20Fix clang warnings: Value stored to '[decrypted_]offset' is never read.Chris Maynard1-13/+8
svn path=/trunk/; revision=51441
2013-08-01Move a bunch of the crypt modules and pint.h into wsutil.Jeff Morriss1-5/+7
This means wsutil now links against libcrypt. Protect a bunch of the crypt header files from multiple inclusion. svn path=/trunk/; revision=51100
2013-07-18Fix the fuzz failure reported in ↵Jeff Morriss1-8/+10
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941 : Storing 2 different structures on the fd proto_data (with the same key) isn't safe: use different keys to keep them separate. I do wonder if both are really necessary... This fix can be back-ported to trunk-1.10 but not trunk-1.8 (which lacks the key identifier for proto_data's). svn path=/trunk/; revision=50734
2013-05-16From Cal Turney:Anders Broman1-1/+1
Missed p_get_proto_data() signature update in #if 0:ed code. svn path=/trunk/; revision=49342
2013-05-12Add the posibillity to use a key for per-packet-data.Anders Broman1-5/+5
svn path=/trunk/; revision=49259
2013-05-12From Dirk Jagdmann via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8640Evan Huus1-66/+60
Fix dissection of the NTLMSSP v2 Challenge Response. The old code would loop over the Attributes until the end of the Response, however in reality the last values of a Response are four 0 bytes and maybe padding. Also change the names of the values to match those from the Microsoft specification. Also change the name of one flags bit from unknown to "Anonymous", again according to the Microsoft spec. svn path=/trunk/; revision=49258
2013-03-16From beroset:Anders Broman1-20/+20
remove C++ incompatibilities https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416 svn path=/trunk/; revision=48337
2013-02-27Move show_exception() and show_reported_bounds_error() toGuy Harris1-21/+13
epan/show_exception.c, as it's used outside epan/dissectors/packet-frame.c. Update their callers to include <epan/show_exception.h> to get their declaration. Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if there's more stuff in the packet to dissect after the dissector call that threw the exception, doesn't mean you shouldn't go ahead and dissect that stuff. Use it in all those cases, including ones where BoundsError was inappropriately being caught (you want those passed up to the top level, so that the packet is reported as having been cut short in the capture process). Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that correspond to running past the end of the data for a tvbuff; use it rather than explicitly catching those exceptions individually, and rather than just catching all exceptions (the only place that DissectorError should be caught, for example, is at the top level, so dissector bugs show up in the protocol tree). Don't catch and then immediately rethrow exceptions without doing anything else; just let the exceptions go up to the final catcher. Use show_exception() to report non-fatal errors, rather than doing it yourself. If a dissector is called from Lua, catch all non-fatal errors and use show_exception() to report them rather than catching only ReportedBoundsError and adding a proto_malformed item. Don't catch exceptions when constructing a trailer tvbuff in packet-ieee8023.c - just construct it after the payload has been dissected, and let whatever exceptions that throws be handled at the top level. Avoid some TRY/CATCH/ENDTRY cases by using checks such as tvb_bytes_exist() before even looking in the tvbuff. svn path=/trunk/; revision=47924
2013-02-26Fix spelling/typos found using a list of commonly misspelled words.Bill Meier1-2/+2
The misspellings were mostly in comments but some were in text strings visible to the user. svn path=/trunk/; revision=47899
2013-02-26it's ==> its & its ==> it's as needed.Bill Meier1-1/+1
svn path=/trunk/; revision=47891
2013-02-19How can I get a new tvbuff that starts at an offset within a givenGuy Harris1-9/+3
tvbuff and runs to the end of the tvbuff? Let me count the ways.... Replace a bunch of different ways of doing that (some incorrect, in that they're not properly handling tvbuffs where the captured and reported lengths are different) with tvb_new_subset_remaining(). svn path=/trunk/; revision=47751
2013-01-31Use '#if 0 ... #endif' rather than /** ... **/ to comment outBill Meier1-14/+14
unused hf[] entries (which I should have done in the first place). svn path=/trunk/; revision=47390
2013-01-26Comment out cases of unused hf array entries found by checkhf.Bill Meier1-7/+21
svn path=/trunk/; revision=47302
2013-01-24Prevent copying longer than expected NTLM SSP keyBalint Reczey1-1/+1
svn path=/trunk/; revision=47248
2012-12-26Fix a bunch of warnings.Guy Harris1-1/+1
Cast away some implicit 64-bit-to-32-bit conversion errors due to use of sizeof. Cast away some implicit 64-bit-to-32-bit conversion errors due to use of strtol() and strtoul(). Change some data types to avoid those implicit conversion warnings. When assigning a constant to a float, make sure the constant isn't a double, by appending "f" to the constant. Constify a bunch of variables, parameters, and return values to eliminate warnings due to strings being given const qualifiers. Cast away those warnings in some cases where an API we don't control forces us to do so. Enable a bunch of additional warnings by default. Note why at least some of the other warnings aren't enabled. randpkt.c and text2pcap.c are used to build programs, so they don't need to be in EXTRA_DIST. If the user specifies --enable-warnings-as-errors, add -Werror *even if the user specified --enable-extra-gcc-flags; assume they know what they're doing and are willing to have the compile fail due to the extra GCC warnings being treated as errors. svn path=/trunk/; revision=46748
2012-09-20We always HAVE_CONFIG_H so don't bother checking whether we have it or not.Jeff Morriss1-3/+1
svn path=/trunk/; revision=45017
2012-09-10Initial commit to support yet another method of passing data between dissectors.Jakub Zawadzki1-8/+6
Add new parameter 'data' to heur_dissector_t and new_dissector_t, for now it's always NULL svn path=/trunk/; revision=44860
2012-08-16Fix (minor ?) memory leak;Bill Meier1-534/+867
General cleanup: - use expert...() instead of a 'printf()'; - #include <stdio.h> only if debug enabled; - remove unneeded variable initializations; - localize some variables; - reformat hf[] entries; - use consistent whitespace formatting. svn path=/trunk/; revision=44545
2012-08-16From Stefan Metzmacher: Updates for the SMB2/3Bill Meier1-14/+8
This patches add some missing things for SMB2/3 and support for decryption of SMB3 traffic https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7645 From me: Change an initializer from C99 to C89 style (since the Microsoft compiler doesn't support C99). svn path=/trunk/; revision=44542
2012-08-10Use val_to_str_const() where appropriate;Bill Meier1-3/+3
Also (for a few files): - create/use some extended value strings; - remove unneeded #include files; - remove unneeded variable initialization; - re-order fcns slightly so prefs_reg_handoff...() at end, etc svn path=/trunk/; revision=44438
2012-07-14As suggested by Richard Sharpe in ↵Pascal Quantin1-1/+1
http://www.wireshark.org/lists/wireshark-dev/201207/msg00111.html : Make the NTLMSSP Unknown message type string more explicit svn path=/trunk/; revision=43713
2012-06-28Update Free Software Foundation address.Jakub Zawadzki1-1/+1
(COPYING will be updated in next commit) svn path=/trunk/; revision=43536
2012-05-29Avoid using C99 '%hh' length modifierPascal Quantin1-1/+1
svn path=/trunk/; revision=42904
2012-02-11Use C89-style comment rather than C++/C99-style comment.Guy Harris1-1/+1
svn path=/trunk/; revision=40965
2012-02-11NTLM show the decrypted data buffer in a separate tabRonnie Sahlberg1-0/+2
from Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=40958
2012-02-11NTLM print the whole string, not just half the stringRonnie Sahlberg1-1/+1
from Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=40957
2012-02-11NTLM: clear the nt_password_unicode buffer.Ronnie Sahlberg1-0/+1
from Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=40956
2012-02-11NTLM make it easier to activate/deactivate debugging code in NTLMRonnie Sahlberg1-3/+7
from Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=40955
2012-02-11NTLM: If we encounter an NTLM blob that is bigger than out fixed maxbuffer,Ronnie Sahlberg1-2/+2
log a warning to the user. from Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=40954
2012-02-11NTLMv2 blobs can be bigger than 256 bytes. Set the limite to 10k for now.Ronnie Sahlberg1-2/+2
From Matthieu Patou <mat@matws.net> svn path=/trunk/; revision=40953
2012-01-15Rename crypt-xxx to xxxJörg Mayer1-4/+4
svn path=/trunk/; revision=40511
2011-12-13Use tvb_new_child_real_data() instead of tvb_new_real_data() + ↵Bill Meier1-4/+3
tvb_set_child_real_data_tvbuff(). svn path=/trunk/; revision=40173
2011-11-09Fix a number of proto_tree_add_item() encoding args.Bill Meier1-1/+1
svn path=/trunk/; revision=39774
2011-10-23Replace use of tvb_get_ephemeral_faked_unicode() by use of ↵Bill Meier1-1/+1
tvb_get_ephemeral_unicode_string(); Fix encoding arg as needed. svn path=/trunk/; revision=39530
2011-10-21For proto_tree_add_item(..., proto_xxx, ...)use ENC_NA as the encoding arg.Bill Meier1-2/+2
Also: remove trailing whitespace for a number of files. svn path=/trunk/; revision=39503
2011-10-15Convert proto_tree_add_item() 'encoding' arg for field types FT_STRING, ↵Bill Meier1-1/+1
FT_STRINGZ, FT_UINT_STRING as follows: 1. If there's no character encoding (ENC_ASCII, ...) specified then use ENC_ASCII. 2. For all but FT_UINT_STRING, always use ENC_NA (replacing any existing True/1/FALSE/0 /ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN). svn path=/trunk/; revision=39426
2011-10-06Convert 'encoding' parameter of certain proto_tree_add_item() calls in ↵Bill Meier1-8/+8
non-autogenerated epan/dissectors: Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as the encoding parameter for proto_tree_add_item() calls which directly reference an item in hf[] which has a type of: FT_UINT8 FT_UINT16 FT_UINT24 FT_UINT32 FT_UINT64 FT_INT8 FT_INT16 FT_INT24 FT_INT32 FT_INT64 FT_FLOAT FT_DOUBLE svn path=/trunk/; revision=39288
2011-10-04Use ENC_NA as encoding for proto_tree_add_item() calls which directly ↵Bill Meier1-16/+16
reference an hf item (in hf[] with types: FT_NONE FT_BYTES FT_IPV6 FT_IPXNET FT_OID Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN svn path=/trunk/; revision=39260
2011-09-30Microsoft Credential Security Support Provider (CredSSP) support. Graeme Lunt1-2/+17
Used by direct approach RDP for NTLMSSP authentication under SSL. svn path=/trunk/; revision=39196
2011-09-21Fix vi "modeline" so it works;Bill Meier1-1/+1
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5748 svn path=/trunk/; revision=39074
2011-08-31Second try to move crc routines to libwsutil.Stig Bjørlykke1-1/+1
This time keep the tvb routines in epan. Now we can use common crc routines outside epan. svn path=/trunk/; revision=38810
2011-08-30Revert r38800, as the crc routines contains some tvb functions.Stig Bjørlykke1-1/+1
svn path=/trunk/; revision=38803
2011-08-30Move all crc routines to libwsutil.Stig Bjørlykke1-1/+1
This way we can use the crc routines in wiretap. svn path=/trunk/; revision=38800
2011-05-27Treat TVBs as opaque: use the accessor functions instead of accessing the fieldsJeff Morriss1-1/+1
directly. svn path=/trunk/; revision=37420
2011-05-20Don't assign to a variable which is then not referenced: Coverity 998 [UNUSED].Bill Meier1-1/+1
svn path=/trunk/; revision=37340
2011-05-17According to MS-NLMP, the "version" field in the NTLMSSP blobs isGuy Harris1-7/+14
present only if the NTLMSSP_NEGOTIATE_VERSION flag is set in the flags field, and that appears to be true in at least one capture I've seen. svn path=/trunk/; revision=37197
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-24 17:53:04 +0000