Age | Commit message (Collapse) | Author | Files | Lines |
|
"dissect_nt_sec_desc()". Add a Boolean argument to
"dissect_nt_sec_desc()" to indicate whether a length was passed to it
(so we don't treat -1 as a special value; we want to stop treating -1 as
a special length value, and, in fact, want to stop treating *any*
negative length values specially, so that we don't have to worry about
passing arbitrary 32-bit values from packets as lengths), and have
"dissect_nt_sec_desc()" initially create the protocol tree item for the
security descriptor with a length of "go to the end of the tvbuff", and
set the length once we're done dissecting it - and, if the length was
specified, check at *that* point, *after* we've dissected the security
descriptor, whether we have the entire security descriptor in the
tvbuff.
That means that we don't have to worry about overflows after
"dissect_nt_sec_desc()" returns - if the length was so large that we
would have gotten an overflow, we'd have thrown an exception in the
"tvb_ensure_bytes_exist()" call at the end of "dissect_nt_sec_desc()".
Do sanity checks on offsets within the security descriptor, so we know
the item referred to by the offset is after the fixed-length portion of
the descriptor.
svn path=/trunk/; revision=16113
|
|
- and rename smb.h to packet-smb.h, as it's packet-smb.c's header file.
svn path=/trunk/; revision=15845
|
|
directory to the epan directory. Some of them should perhaps ultimately
be moved to epan/dissectors, if they pertain only to stuff exported by a
particular dissector.
Fix Gerald's e-mail address in files we're moving.
svn path=/trunk/; revision=15844
|
|
characters from the stack into emem allocated memory
svn path=/trunk/; revision=15617
|
|
svn path=/trunk/; revision=15222
|
|
svn path=/trunk/; revision=14788
|
|
svn path=/trunk/; revision=14515
|
|
svn path=/trunk/; revision=13210
|
|
svn path=/trunk/; revision=12864
|
|
svn path=/trunk/; revision=12831
|
|
Clean up indentation.
Add a comment asking whether the revision in an ACL is *really* 2 bytes
and the ACE count is *really* 4 bytes.
svn path=/trunk/; revision=12816
|
|
The ACL parser will attempt to decode as many ACE structures as are
specified in the ACL structure. If the number of ACE structures is
sufficiently large with one of the ACE structures specifying a size of
0, then the ACL parser will parse that ACE structure repeatedly,
eventually causing a denial of service to Ethereal.
I've attached a diff against HEAD that corrects the problem. The diff
also corrects a few decoding errors in the NT ACL & ACE structures. A
pcap is attached that reproduces the problem.
svn path=/trunk/; revision=12706
|
|
"int", so we throw in a cast to squelch a warning.
svn path=/trunk/; revision=11774
|
|
hardwiring "LL" as the suffix - it's not "LL" in MSVC++.
svn path=/trunk/; revision=11773
|
|
produces some floating-point noise in the nanoseconds field; we've
required 64-bit integer support for a while, so use that.
svn path=/trunk/; revision=11754
|
|
problems with this definition and throws a warning "convert negative constant to unsigned integer"
svn path=/trunk/; revision=11753
|
|
"packet-windows-common.[ch]".
svn path=/trunk/; revision=11592
|