aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-ntlmssp.c
AgeCommit message (Collapse)AuthorFilesLines
2015-07-03Split init of misc dissectors into init/cleanup functionsPeter Wu1-10/+8
Convert remaining dissectors to use cleanup routines when possible. (Single-)linked lists require NULL, so do reset their pointers to NULL. Generated with https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=69af86e6c2cf965ba3d7f9636b647b195f0b7d57 (with AUDIT = ALWAYS_EMIT_CLEANUP_CODE = True) Remaining dissectors which did not need further changes: epan/dissectors/packet-aeron.c epan/dissectors/packet-bootp.c epan/dissectors/packet-brdwlk.c epan/dissectors/packet-drda.c epan/dissectors/packet-etch.c epan/dissectors/packet-fix.c epan/dissectors/packet-fw1.c epan/dissectors/packet-lbm.c epan/dissectors/packet-ldss.c epan/dissectors/packet-simulcrypt.c epan/dissectors/packet-spdy.c epan/dissectors/packet-starteam.c epan/dissectors/packet-udp.c Change-Id: Idcacfea6a5de38d40e67db4cdcd0452ad9f9a6a9 Reviewed-on: https://code.wireshark.org/review/9228 Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-06-23Remove more deprecated tvb_length callsEvan Huus1-4/+4
Change-Id: Ie137e6f4e20fe26b1a4d9510e267896219c1c631 Reviewed-on: https://code.wireshark.org/review/9075 Reviewed-by: Evan Huus <eapache@gmail.com>
2015-05-18Don't put the NTLMv2 ChallengeFromClient into the protocol tree twice.Guy Harris1-10/+4
It's already put there by dissect_ntlmv2_response(); no need to do it again. Also, rename "NTLM Client Challenge" to "LMv2 Client Challenge", as that's what it is (ChallengeFromClient from 2.2.2.4 LMv2_RESPONSE), and rename "Client Challenge" to "NTLMv2 Client Challenge", as that's what *it* is (ChallengeFromClient from 2.2.2.7 NTLM v2: NTLMv2_CLIENT_CHALLENGE). Change-Id: If95e2c77323cb597df7e400bf9ffc045d94c60e2 Reviewed-on: https://code.wireshark.org/review/8524 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-05-18Reorganize the NTLMSSP blob and AUTHENTICATE message parsing.Guy Harris1-30/+78
The "result" argument to dissect_ntlmssp_blob() is never null, so don't check for it being null. Have separate clauses for LmChallengeResponse and NtChallengeResponse, and do the checks for NTLMv1 vs. NTLMv2 inside those clauses. Do the copy to client_challenge within the AUTHENTICATE message parsing only if we've already determined that it's an NTLMv2 message. Add some comments to better explain what's being done and to ask some questions. Change-Id: I52345eaeac4252d928b2e477751817084bf4e363 Reviewed-on: https://code.wireshark.org/review/8523 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-05-18Fix a comment.Guy Harris1-3/+3
Change-Id: I0f777121a4897983a48794fcdfb13efc26266bdc Reviewed-on: https://code.wireshark.org/review/8517 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-05-18ntlmssp: swap bounds check and length for memcpyEvan Huus1-5/+4
The values make more sense swapped (and the code is super-old) so I'm assuming this was just a long-uncaught typo. Fixes a valgrind error at any rate. Also replace a malloc+memcpy with a memdup for simplicity. Bug: 11203 Change-Id: I74c0aff548b844cf90610db56a143f3eac172658 Reviewed-on: https://code.wireshark.org/review/8493 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Evan Huus <eapache@gmail.com>
2014-12-21Cleanup use of #includes in non-generated epan/dissector/*.cBill Meier1-9/+5
Specifically: - Set packet.h to be the first wireshark #include after config.h and "system" #includes. packet.h added as an #include in some cases when missing. - Remove some #includes included (directly/indirectly) in packet.h. E.g., glib.h. (Done only for those files including packet.h). - As needed, move "system" #includes to be after config.h and before wireshark #includes. - Rework various #include file specifications for consistency. - Misc. Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95 Reviewed-on: https://code.wireshark.org/review/5923 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-12-13Use ENC_LITTLE_ENDIAN when fetching FT_U?INT8 fields ...Bill Meier1-5/+5
(for some dissectors which fetch all other integral fields using ENC_LITTLE_ENDIAN). Change-Id: Ica72a68ac560f2920d61e0769de83130557c46fd Reviewed-on: https://code.wireshark.org/review/5752 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-12-01Use proto_tree_add_bitmask for groups of proto_tree_add_boolean.Michael Mann1-120/+42
Part 2 of many Change-Id: I50815e7738b011382392f3078a7107d3d9eec4ec Reviewed-on: https://code.wireshark.org/review/5542 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-11-26Remove the use of pinfo->private_data from dissectors that just save it to ↵Michael Mann1-28/+3
restore it. Change-Id: I13197cc48068bb35ee12a7023cfe5f76bbc4e264 Reviewed-on: https://code.wireshark.org/review/5486 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-10-20Get rid of calls to ctype.h functions.Guy Harris1-3/+2
They don't handle values outside the range -1 to 127, and their behavior is locale-dependent. Use g_ascii_isXXX() and g_ascii_toXXX() instead of isXXX() and toXXX(). If you're checking for printable ASCII, don't use isascii() and don't use iscntrl(), use g_ascii_isprint(). If you're checking for graphical ASCII, i.e. printable ASCII except for a space, use g_ascii_isgraph(). Use ws_xton() to convert a hex digit character to the corresponding numeric value. Change-Id: Id3039bc586fbf66d8736c2df248c790c0d7a2330 Reviewed-on: https://code.wireshark.org/review/4851 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-08-18Eliminate proto_tree_add_text from some dissectors.Michael Mann1-14/+9
Other minor cleanup while in the neighborhood. Change-Id: I77cac916d617f56f92f686e9cd9f15fba058facf Reviewed-on: https://code.wireshark.org/review/3675 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-07-15Fix Argument with 'nonnull' attribute passed null found by ClangAlexis La Goutte1-1/+3
Change-Id: I48f488a75f53d077a213f7b9379960985ce3bf08 Reviewed-on: https://code.wireshark.org/review/3055 Reviewed-by: Evan Huus <eapache@gmail.com>
2014-07-04convert to proto_tree_add_subtree[_format]Michael Mann1-6/+4
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684 Reviewed-on: https://code.wireshark.org/review/2853 Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-06-19Revert "Fixup: tvb_* -> tvb_captured"Michael Mann1-5/+5
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96. Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f Reviewed-on: https://code.wireshark.org/review/2430 Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-06-18Fixup: tvb_* -> tvb_capturedDario Lombardo1-5/+5
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f Reviewed-on: https://code.wireshark.org/review/2377 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-24Fix Argument with 'nonnull' attribute passed null found by ClangAlexis La Goutte1-5/+9
Change-Id: I5c84e4813d03b734afaf2a7cb3205773324f049d Reviewed-on: https://code.wireshark.org/review/798 Reviewed-by: Evan Huus <eapache@gmail.com> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2014-03-04Remove all $Id$ from top of fileAlexis La Goutte1-2/+0
(Using sed : sed -i '/^ \* \$Id\$/,+1 d') Fix manually some typo (in export_object_dicom.c and crc16-plain.c) Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8 Reviewed-on: https://code.wireshark.org/review/497 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2013-12-16Use proto_tree_add_item() in preference to fetching the string andGuy Harris1-1/+1
adding it with proto_tree_add_string(). Use tvb_get_string_enc() rather than tvb_get_unicode_string() to fetch strings. We assume a UTF-16 encoding for all "Unicode" strings. Use tvb_strsize() and tvb_unicode_strsize() to get the lengths of null-terminated strings. Get rid of unused ett_nt_unicode_string variable. svn path=/trunk/; revision=54158
2013-12-14Fix [-Wmissing-prototypes]Jakub Zawadzki1-0/+3
svn path=/trunk/; revision=54095
2013-11-28Support long Domain Names in NTLMSSP v2Balint Reczey1-11/+15
... instead of crashing on them. :-) Discovered by Garming Sam <garming@catalyst.net.nz> svn path=/trunk/; revision=53626
2013-11-23Create the ability to have packet scoped "proto" data. Bug 9470 ↵Michael Mann1-7/+7
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9470) I'm not sold on the name or module the proto_data functions live in, but I believe the function arguments are solid and gives us the most flexibility for the future. And search/replace of a function name is easy enough to do. The big driving force for getting this in sooner rather than later is the saved memory on ethernet packets (and IP packets soon), that used to have file_scope() proto data when all it needed was packet_scope() data (technically packet_info->pool scoped), strictly for Decode As. All dissectors that use p_add_proto_data() only for Decode As functionality have been converted to using packet_scope(). All other dissectors were converted to using file_scope() which was the original scope for "proto" data. svn path=/trunk/; revision=53520
2013-11-15Create/use value_string_ext to reference a value-string-array.Bill Meier1-4/+5
Define an array as const. svn path=/trunk/; revision=53334
2013-11-10Add missing includes in order to remove exceptions.h from proto.h (next commit).Jakub Zawadzki1-0/+1
svn path=/trunk/; revision=53230
2013-11-06Remove pinfo->private_data from DCERPC dissectors and instead have ↵Michael Mann1-2/+2
dcerpc_info* infomation be passed in as a function parameter. Bug 9387 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9387) All "generated" source was manually modified (with the power of search/replace), but I believe the "source input" files have been adjusted (checked into revs 53098 and 53099) to reflect the necessary changes (with possible whitespace formatting differences). The Microsoft compiler doesn't flag "unused function parameters", so I apologize in advance if I may have missed a few. The "dcerpc_info* di" parameter is used in almost every function. svn path=/trunk/; revision=53100
2013-10-21NULL check ref_nt_challenge_response and ref_lm_challenge_response. Bug 9299 ↵Michael Mann1-2/+6
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9299) From Matthieu Patou svn path=/trunk/; revision=52732
2013-09-25Require the NTLMSSP response contents to be long enough before we try to memcpyEvan Huus1-1/+1
it. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9182 svn path=/trunk/; revision=52213
2013-09-22emem -> wmem conversion:Pascal Quantin1-3/+3
- ep_tvb_get_bits() -> wmem_packet_tvb_get_bits() - tvb_g_memdup()/ep_tvb_memdup() -> tvb_memdup() - tvb_fake_unicode()/tvb_get_ephemeral_faked_unicode() -> tvb_get_faked_unicode() - tvb_get_g_string()/tvb_get_ephemeral_string()/tvb_get_seasonal_string() -> tvb_get_string() - tvb_get_g_unicode_string()/tvb_get_ephemeral_unicode_string() -> tvb_get_unicode_string() - tvb_get_ephemeral_string_enc() -> tvb_get_string_enc() - update docs accordingly svn path=/trunk/; revision=52172
2013-09-21Add _g_ to the names of functions that allocate glib memory. This is a bit moreEvan Huus1-2/+2
explicit, and frees up the "generic" names (like tvb_memdup) for new signatures that take the appropriate wmem pool. Majority of the conversion done with sed. svn path=/trunk/; revision=52164
2013-09-19Zero the key in ntlmssp, because we don't otherwise fill all of it. I suspectEvan Huus1-0/+1
the tvb_memcpy on the next line should be taking more data, but I don't know enough about the protocol to be sure. This is the least disruptive way to fix the last valgrind error from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941 svn path=/trunk/; revision=52145
2013-09-09expert_add_info_format_text -> expert_add_info_formatMichael Mann1-2/+2
svn path=/trunk/; revision=51852
2013-09-06Convert to wmem, and as per Michael's suggestion inEvan Huus1-10/+10
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9107, use zeroed memory for ntlmssp_info structs. svn path=/trunk/; revision=51799
2013-09-06Set length and contents to 0/NULL if the blob is empty. FixesEvan Huus1-0/+2
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9107 svn path=/trunk/; revision=51798
2013-09-05add casts to make my compiler (gcc 4.6.3) happyMartin Kaiser1-3/+3
svn path=/trunk/; revision=51790
2013-09-05Make "content blob" dynamically sized so it doesn't take up 20k of memory ↵Michael Mann1-10/+30
per conversation. Add filterable expert info while we're at it. svn path=/trunk/; revision=51787
2013-09-05From Dirk:Anders Broman1-40/+39
fix NTLMSSP Target Info Attribute dissection https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9098 svn path=/trunk/; revision=51764
2013-08-20Fix clang warnings: Value stored to '[decrypted_]offset' is never read.Chris Maynard1-13/+8
svn path=/trunk/; revision=51441
2013-08-01Move a bunch of the crypt modules and pint.h into wsutil.Jeff Morriss1-5/+7
This means wsutil now links against libcrypt. Protect a bunch of the crypt header files from multiple inclusion. svn path=/trunk/; revision=51100
2013-07-18Fix the fuzz failure reported in ↵Jeff Morriss1-8/+10
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941 : Storing 2 different structures on the fd proto_data (with the same key) isn't safe: use different keys to keep them separate. I do wonder if both are really necessary... This fix can be back-ported to trunk-1.10 but not trunk-1.8 (which lacks the key identifier for proto_data's). svn path=/trunk/; revision=50734
2013-05-16From Cal Turney:Anders Broman1-1/+1
Missed p_get_proto_data() signature update in #if 0:ed code. svn path=/trunk/; revision=49342
2013-05-12Add the posibillity to use a key for per-packet-data.Anders Broman1-5/+5
svn path=/trunk/; revision=49259
2013-05-12From Dirk Jagdmann via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8640Evan Huus1-66/+60
Fix dissection of the NTLMSSP v2 Challenge Response. The old code would loop over the Attributes until the end of the Response, however in reality the last values of a Response are four 0 bytes and maybe padding. Also change the names of the values to match those from the Microsoft specification. Also change the name of one flags bit from unknown to "Anonymous", again according to the Microsoft spec. svn path=/trunk/; revision=49258
2013-03-16From beroset:Anders Broman1-20/+20
remove C++ incompatibilities https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416 svn path=/trunk/; revision=48337
2013-02-27Move show_exception() and show_reported_bounds_error() toGuy Harris1-21/+13
epan/show_exception.c, as it's used outside epan/dissectors/packet-frame.c. Update their callers to include <epan/show_exception.h> to get their declaration. Add a CATCH_NONFATAL_ERRORS macro that catches all exceptions that, if there's more stuff in the packet to dissect after the dissector call that threw the exception, doesn't mean you shouldn't go ahead and dissect that stuff. Use it in all those cases, including ones where BoundsError was inappropriately being caught (you want those passed up to the top level, so that the packet is reported as having been cut short in the capture process). Add a CATCH_BOUNDS_ERRORS macro that catches all exceptions that correspond to running past the end of the data for a tvbuff; use it rather than explicitly catching those exceptions individually, and rather than just catching all exceptions (the only place that DissectorError should be caught, for example, is at the top level, so dissector bugs show up in the protocol tree). Don't catch and then immediately rethrow exceptions without doing anything else; just let the exceptions go up to the final catcher. Use show_exception() to report non-fatal errors, rather than doing it yourself. If a dissector is called from Lua, catch all non-fatal errors and use show_exception() to report them rather than catching only ReportedBoundsError and adding a proto_malformed item. Don't catch exceptions when constructing a trailer tvbuff in packet-ieee8023.c - just construct it after the payload has been dissected, and let whatever exceptions that throws be handled at the top level. Avoid some TRY/CATCH/ENDTRY cases by using checks such as tvb_bytes_exist() before even looking in the tvbuff. svn path=/trunk/; revision=47924
2013-02-26Fix spelling/typos found using a list of commonly misspelled words.Bill Meier1-2/+2
The misspellings were mostly in comments but some were in text strings visible to the user. svn path=/trunk/; revision=47899
2013-02-26it's ==> its & its ==> it's as needed.Bill Meier1-1/+1
svn path=/trunk/; revision=47891
2013-02-19How can I get a new tvbuff that starts at an offset within a givenGuy Harris1-9/+3
tvbuff and runs to the end of the tvbuff? Let me count the ways.... Replace a bunch of different ways of doing that (some incorrect, in that they're not properly handling tvbuffs where the captured and reported lengths are different) with tvb_new_subset_remaining(). svn path=/trunk/; revision=47751
2013-01-31Use '#if 0 ... #endif' rather than /** ... **/ to comment outBill Meier1-14/+14
unused hf[] entries (which I should have done in the first place). svn path=/trunk/; revision=47390
2013-01-26Comment out cases of unused hf array entries found by checkhf.Bill Meier1-7/+21
svn path=/trunk/; revision=47302
2013-01-24Prevent copying longer than expected NTLM SSP keyBalint Reczey1-1/+1
svn path=/trunk/; revision=47248
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-26 21:58:10 +0000