/*
-XXX Fixme : shouldnt show [malformed frame] for long packets
+XXX Fixme : shouldn't show [malformed frame] for long packets
*/
/* packet-smb-pipe.c
# include "config.h"
#endif
-#include <stdio.h>
-
#include <time.h>
#include <string.h>
#include <glib.h>
#include <ctype.h>
#include <epan/packet.h>
-#include <epan/emem.h>
#include <epan/dissectors/packet-smb.h>
#include "packet-smb-pipe.h"
#include "packet-smb-browse.h"
static int hf_pipe_fragment_multiple_tails = -1;
static int hf_pipe_fragment_too_long_fragment = -1;
static int hf_pipe_fragment_error = -1;
+static int hf_pipe_fragment_count = -1;
static int hf_pipe_reassembled_in = -1;
+static int hf_pipe_reassembled_length = -1;
static gint ett_smb_pipe = -1;
static gint ett_smb_pipe_fragment = -1;
&hf_pipe_fragment_multiple_tails,
&hf_pipe_fragment_too_long_fragment,
&hf_pipe_fragment_error,
+ &hf_pipe_fragment_count,
NULL,
+ &hf_pipe_reassembled_length,
"fragments"
};
TRUE);
} else {
proto_tree_add_bytes_format(tree, hf_index, tvb,
- cptr, count, tvb_get_ptr(tvb, cptr, count),
+ cptr, count, NULL,
"%s: %s (wrong length, should be 21, is %d",
proto_registrar_get_name(hf_index),
tvb_bytes_to_str(tvb, cptr, count), count);
}
/* user name */
- proto_tree_add_item(tree, hf_user_name, tvb, offset, 21, TRUE);
+ proto_tree_add_item(tree, hf_user_name, tvb, offset, 21, ENC_ASCII|ENC_NA);
offset += 21;
/* pad1 */
offset += 1;
/* password */
- proto_tree_add_item(tree, hf_password, tvb, offset, 15, TRUE);
+ proto_tree_add_item(tree, hf_password, tvb, offset, 15, ENC_ASCII|ENC_NA);
offset += 15;
/* pad2 */
offset += 1;
/* workstation name */
- proto_tree_add_item(tree, hf_workstation_name, tvb, offset, 16, TRUE);
+ proto_tree_add_item(tree, hf_workstation_name, tvb, offset, 16, ENC_ASCII|ENC_NA);
offset += 16;
return offset;
}
{
if (tree) {
return proto_tree_add_text(tree, tvb, offset, -1,
- "Share %.13s", tvb_get_ptr(tvb, offset, 13));
+ "Share %.13s", tvb_get_ephemeral_string(tvb, offset, 13));
} else
return NULL;
}
{
if (tree) {
return proto_tree_add_text(tree, tvb, offset, -1,
- "Server %.16s", tvb_get_ptr(tvb, offset, 16));
+ "Server %.16s", tvb_get_ephemeral_string(tvb, offset, 16));
} else
return NULL;
}
* 16-bit receive buffer length.
*/
proto_tree_add_item(tree, hf_recv_buf_len, tvb,
- offset, 2, TRUE);
+ offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
break;
* 16-bit send buffer length.
*/
proto_tree_add_item(tree, hf_send_buf_len, tvb,
- offset, 2, TRUE);
+ offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
break;
int count;
int cptr;
const char *string;
- gint string_len;
+ gint string_len = 0;
if (aux_count_p != NULL)
*aux_count_p = 0;
(*items->hf_index == -1) ?
"String Param" :
proto_registrar_get_name(*items->hf_index),
- string);
+ string ? string : "(null)");
items++;
} else {
offset = (*items->func)(tvb, offset, 0,
{0, NULL}
};
+static value_string_ext commands_ext = VALUE_STRING_EXT_INIT(commands);
+
static void
dissect_response_data(tvbuff_t *tvb, packet_info *pinfo, int convert,
proto_tree *tree, struct smb_info *smb_info,
ett = *lanman->ett_data_entry_list;
else
ett = ett_lanman_unknown_entries;
- data_item = proto_tree_add_text(tree, tvb, offset, -1,
+ data_item = proto_tree_add_text(tree, tvb, offset, -1, "%s",
label);
data_tree = proto_item_add_subtree(data_item, ett);
} else {
{
smb_info_t *smb_info = pinfo->private_data;
smb_transact_info_t *trp = NULL;
- int offset = 0, start_offset;
+ int offset = 0/*, start_offset*/;
guint16 cmd;
guint16 status;
int convert;
const gchar *param_descrip, *data_descrip, *aux_data_descrip = NULL;
gboolean has_data;
gboolean has_ent_count;
- guint16 ent_count, aux_count;
+ guint16 ent_count = 0, aux_count;
guint i;
proto_item *data_item;
proto_tree *data_tree;
}
pinfo->current_proto = "LANMAN";
- if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "LANMAN");
- }
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "LANMAN");
if (parent_tree) {
item = proto_tree_add_item(parent_tree, proto_smb_lanman,
- pd_tvb, 0, -1, FALSE);
+ pd_tvb, 0, -1, ENC_NA);
tree = proto_item_add_subtree(item, ett_lanman);
}
/* function code */
cmd = tvb_get_letohs(p_tvb, offset);
if (check_col(pinfo->cinfo, COL_INFO)) {
- col_add_fstr(pinfo->cinfo, COL_INFO, "%s Request", val_to_str(cmd, commands, "Unknown Command (%u)"));
+ col_add_fstr(pinfo->cinfo, COL_INFO, "%s Request", val_to_str_ext(cmd, &commands_ext, "Unknown Command (%u)"));
}
proto_tree_add_uint(tree, hf_function_code, p_tvb, offset, 2,
cmd);
}
/* parameter descriptor */
- descriptor_len = tvb_strsize(p_tvb, offset);
+ param_descrip = tvb_get_const_stringz(p_tvb, offset, &descriptor_len);
proto_tree_add_item(tree, hf_param_desc, p_tvb, offset,
- descriptor_len, TRUE);
- param_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
+ descriptor_len, ENC_ASCII|ENC_NA);
if (!pinfo->fd->flags.visited) {
/*
* Save the parameter descriptor for future use.
offset += descriptor_len;
/* return descriptor */
- descriptor_len = tvb_strsize(p_tvb, offset);
+ data_descrip = tvb_get_const_stringz(p_tvb, offset, &descriptor_len);
proto_tree_add_item(tree, hf_return_desc, p_tvb, offset,
- descriptor_len, TRUE);
- data_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
+ descriptor_len, ENC_ASCII|ENC_NA);
if (!pinfo->fd->flags.visited) {
/*
* Save the return descriptor for future use.
lanman = find_lanman(cmd);
/* request parameters */
- start_offset = offset;
+ /*start_offset = offset;*/
offset = dissect_request_parameters(p_tvb, offset, pinfo, tree,
param_descrip, lanman->req, &has_data);
* There are more parameters left, so the next
* item is the auxiliary data descriptor.
*/
- descriptor_len = tvb_strsize(p_tvb, offset);
+ aux_data_descrip = tvb_get_const_stringz(p_tvb, offset, &descriptor_len);
proto_tree_add_item(tree, hf_aux_data_desc, p_tvb, offset,
- descriptor_len, TRUE);
- aux_data_descrip = tvb_get_ptr(p_tvb, offset, descriptor_len);
+ descriptor_len, ENC_ASCII|ENC_NA);
if (!pinfo->fd->flags.visited) {
/*
* Save the auxiliary data descriptor for
/* command */
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s Interim Response",
- val_to_str(trp->lanman_cmd, commands, "Unknown Command (%u)"));
+ val_to_str_ext(trp->lanman_cmd, &commands_ext, "Unknown Command (%u)"));
}
proto_tree_add_uint(tree, hf_function_code, p_tvb, 0, 0, trp->lanman_cmd);
return TRUE;
/* command */
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s Response",
- val_to_str(trp->lanman_cmd, commands, "Unknown Command (%u)"));
+ val_to_str_ext(trp->lanman_cmd, &commands_ext, "Unknown Command (%u)"));
}
proto_tree_add_uint(tree, hf_function_code, p_tvb, 0, 0,
trp->lanman_cmd);
{
static hf_register_info hf[] = {
{ &hf_function_code,
- { "Function Code", "lanman.function_code", FT_UINT16, BASE_DEC,
- VALS(commands), 0, "LANMAN Function Code/Command", HFILL }},
+ { "Function Code", "lanman.function_code", FT_UINT16, BASE_DEC|BASE_EXT_STRING,
+ &commands_ext, 0, "LANMAN Function Code/Command", HFILL }},
{ &hf_param_desc,
{ "Parameter Descriptor", "lanman.param_desc", FT_STRING, BASE_NONE,
NULL, 0, "LANMAN Number of Available Bytes", HFILL }},
{ &hf_current_time,
- { "Current Date/Time", "lanman.current_time", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Current Date/Time", "lanman.current_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Current date and time, in seconds since 00:00:00, January 1, 1970", HFILL }},
{ &hf_msecs,
NULL, 0, "LANMAN Number of incorrect passwords entered since last successful login", HFILL }},
{ &hf_last_logon,
- { "Last Logon Date/Time", "lanman.last_logon", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Last Logon Date/Time", "lanman.last_logon", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Date and time of last logon", HFILL }},
{ &hf_last_logoff,
- { "Last Logoff Date/Time", "lanman.last_logoff", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Last Logoff Date/Time", "lanman.last_logoff", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Date and time of last logoff", HFILL }},
{ &hf_logoff_time,
- { "Logoff Date/Time", "lanman.logoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Logoff Date/Time", "lanman.logoff_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Date and time when user should log off", HFILL }},
{ &hf_kickoff_time,
- { "Kickoff Date/Time", "lanman.kickoff_time", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Kickoff Date/Time", "lanman.kickoff_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Date and time when user will be logged off", HFILL }},
{ &hf_password_age,
NULL, 0, "LANMAN Time since user last changed his/her password", HFILL }},
{ &hf_password_can_change,
- { "Password Can Change", "lanman.password_can_change", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Password Can Change", "lanman.password_can_change", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Date and time when user can change their password", HFILL }},
{ &hf_password_must_change,
- { "Password Must Change", "lanman.password_must_change", FT_ABSOLUTE_TIME, BASE_NONE,
+ { "Password Must Change", "lanman.password_must_change", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
NULL, 0, "LANMAN Date and time when user must change their password", HFILL }},
{ &hf_script_path,
NULL, 0, "LANMAN Code Page", HFILL }},
{ &hf_new_password,
- { "New Password", "lanman.new_password", FT_BYTES, BASE_HEX,
+ { "New Password", "lanman.new_password", FT_BYTES, BASE_NONE,
NULL, 0, "LANMAN New Password (encrypted)", HFILL }},
{ &hf_old_password,
- { "Old Password", "lanman.old_password", FT_BYTES, BASE_HEX,
+ { "Old Password", "lanman.old_password", FT_BYTES, BASE_NONE,
NULL, 0, "LANMAN Old Password (encrypted)", HFILL }},
{ &hf_reserved,
pinfo->desegment_offset = 0;
pinfo->desegment_len = 0;
reported_len = tvb_reported_length(d_tvb);
- if(smb_dcerpc_reassembly && tvb_bytes_exist(d_tvb, 0, reported_len)){
+ if(smb_dcerpc_reassembly && tvb_length(d_tvb) >= reported_len){
pinfo->can_desegment=2;
}
/* if we completed reassembly */
if(fd_head){
- new_tvb = tvb_new_real_data(fd_head->data,
+ new_tvb = tvb_new_child_real_data(d_tvb, fd_head->data,
fd_head->datalen, fd_head->datalen);
- tvb_set_child_real_data_tvbuff(d_tvb, new_tvb);
add_new_data_source(pinfo, new_tvb,
"DCERPC over SMB");
pinfo->fragmented=FALSE;
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
goto clean_up_and_exit;
}
- if(!fd_head->flags&FD_DEFRAGMENTED){
+ if(!(fd_head->flags&FD_DEFRAGMENTED)){
/* we dont have a fully reassembled frame */
result = dissector_try_heuristic(smb_transact_heur_subdissector_list, d_tvb, pinfo, parent_tree);
goto clean_up_and_exit;
/* display the reassembled pdu */
- new_tvb = tvb_new_real_data(fd_head->data,
+ new_tvb = tvb_new_child_real_data(d_tvb, fd_head->data,
fd_head->datalen, fd_head->datalen);
- tvb_set_child_real_data_tvbuff(d_tvb, new_tvb);
add_new_data_source(pinfo, new_tvb,
"DCERPC over SMB");
pinfo->fragmented=FALSE;
/*
* Set the columns.
*/
- if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
- col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB Pipe");
- }
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMB Pipe");
if (check_col(pinfo->cinfo, COL_INFO)) {
col_set_str(pinfo->cinfo, COL_INFO,
smb_info->request ? "Request" : "Response");
sp_len = 0;
if (tree) {
pipe_item = proto_tree_add_item(tree, proto_smb_pipe,
- sp_tvb, 0, sp_len, FALSE);
+ sp_tvb, 0, sp_len, ENC_NA);
pipe_tree = proto_item_add_subtree(pipe_item, ett_smb_pipe);
}
offset = 0;
* It's a priority.
*/
proto_tree_add_item(pipe_tree, hf_pipe_priority, s_tvb,
- offset, 2, TRUE);
+ offset, 2, ENC_LITTLE_ENDIAN);
break;
case PEEK_NAMED_PIPE:
* It's a FID.
*/
fid = tvb_get_letohs(s_tvb, 2);
- dissect_smb_fid(s_tvb, pinfo, pipe_tree, offset, 2, (guint16) fid, FALSE, FALSE);
+ dissect_smb_fid(s_tvb, pinfo, pipe_tree, offset, 2, (guint16) fid, FALSE, FALSE, FALSE);
if (tri != NULL)
tri->fid = fid;
break;
}
fid = tri->fid;
if (fid != -1)
- dissect_smb_fid(NULL, pinfo, pipe_tree, 0, 0, (guint16) fid, FALSE, FALSE);
+ dissect_smb_fid(d_tvb, pinfo, pipe_tree, 0, 0, (guint16) fid, FALSE, FALSE, TRUE);
} else {
function = -1;
fid = -1;
case PIPE_LANMAN:
return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo,
tree);
- break;
case PIPE_DCERPC:
/*
case PIPE_LANMAN:
return dissect_pipe_lanman(pd_tvb, p_tvb, d_tvb, pinfo,
tree);
- break;
}
break;
return FALSE;
offset = 0;
proto_tree_add_item(pipe_tree, hf_pipe_peek_available,
- p_tvb, offset, 2, TRUE);
+ p_tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(pipe_tree, hf_pipe_peek_remaining,
- p_tvb, offset, 2, TRUE);
+ p_tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(pipe_tree, hf_pipe_peek_status,
- p_tvb, offset, 2, TRUE);
+ p_tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
}
break;
case 1:
proto_tree_add_item(pipe_tree,
hf_pipe_getinfo_output_buffer_size,
- d_tvb, offset, 2, TRUE);
+ d_tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(pipe_tree,
hf_pipe_getinfo_input_buffer_size,
- d_tvb, offset, 2, TRUE);
+ d_tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(pipe_tree,
hf_pipe_getinfo_maximum_instances,
- d_tvb, offset, 1, TRUE);
+ d_tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
proto_tree_add_item(pipe_tree,
hf_pipe_getinfo_current_instances,
- d_tvb, offset, 1, TRUE);
+ d_tvb, offset, 1, ENC_LITTLE_ENDIAN);
offset += 1;
pipe_namelen = tvb_get_guint8(d_tvb, offset);
proto_tree_add_uint(pipe_tree,
/* XXX - can this be Unicode? */
proto_tree_add_item(pipe_tree,
hf_pipe_getinfo_pipe_name,
- d_tvb, offset, pipe_namelen, TRUE);
+ d_tvb, offset, pipe_namelen, ENC_ASCII|ENC_NA);
break;
}
}
return FALSE;
proto_tree_add_item(pipe_tree,
hf_pipe_write_raw_bytes_written,
- p_tvb, offset, 2, TRUE);
+ p_tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
}
break;
NULL, 0, "Total number of bytes remaining in the message at the head of the pipe", HFILL }},
{ &hf_pipe_peek_status,
{ "Pipe Status", "pipe.peek.status", FT_UINT16, BASE_DEC,
- VALS(pipe_status), 0, "Pipe status", HFILL }},
+ VALS(pipe_status), 0, NULL, HFILL }},
{ &hf_pipe_getinfo_info_level,
{ "Information Level", "pipe.getinfo.info_level", FT_UINT16, BASE_DEC,
NULL, 0, "Information level of information to return", HFILL }},
{ &hf_pipe_fragment_error,
{ "Defragmentation error", "pipe.fragment.error", FT_FRAMENUM,
BASE_NONE, NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
+ { &hf_pipe_fragment_count,
+ { "Fragment count", "pipe.fragment.count", FT_UINT32,
+ BASE_DEC, NULL, 0x0, NULL, HFILL }},
{ &hf_pipe_fragment,
{ "Fragment", "pipe.fragment", FT_FRAMENUM,
BASE_NONE, NULL, 0x0, "Pipe Fragment", HFILL }},
{ &hf_pipe_reassembled_in,
{ "This PDU is reassembled in", "pipe.reassembled_in", FT_FRAMENUM,
BASE_NONE, NULL, 0x0, "The DCE/RPC PDU is completely reassembled in this frame", HFILL }},
+ { &hf_pipe_reassembled_length,
+ { "Reassembled SMB Pipe length", "pipe.reassembled.length", FT_UINT32,
+ BASE_DEC, NULL, 0x0, "The total length of the reassembled payload", HFILL }},
};
static gint *ett[] = {
&ett_smb_pipe,