X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=epan%2Fdissectors%2Fpacket-ndps.c;h=3cdcab7555ae297195aaef634ea02116342dd432;hb=f43d6a4ad269eb46d3a6af366e65ca939dac2d9f;hp=67a21fe96c48e6e81fe429cc730470d378bf4819;hpb=1f8aba07a5d3e9b5de2eec996ed7e52a8a2fb839;p=obnox%2Fwireshark%2Fwip.git diff --git a/epan/dissectors/packet-ndps.c b/epan/dissectors/packet-ndps.c index 67a21fe96c..3cdcab7555 100644 --- a/epan/dissectors/packet-ndps.c +++ b/epan/dissectors/packet-ndps.c @@ -5,8 +5,8 @@ * * $Id$ * - * Ethereal - Network traffic analyzer - * By Gerald Combs + * Wireshark - Network traffic analyzer + * By Gerald Combs * Copyright 1998 Gerald Combs * * This program is free software; you can redistribute it and/or @@ -32,13 +32,17 @@ #include #include #include +#include +#include #include "packet-ipx.h" #include "packet-tcp.h" #include #include "packet-ndps.h" -#include "reassemble.h" +#include +#include -#define NDPS_PACKET_INIT_COUNT 200 +/* Limit the number of items we can add to the tree. */ +#define NDPS_MAX_ITEMS 50 /* Tables for reassembly of fragments. */ static GHashTable *ndps_fragment_table = NULL; @@ -53,7 +57,7 @@ static guint32 tid = 1; static gboolean ndps_show_oids=FALSE; /* Global Attribute for evaluation of Values */ -static char *global_attribute_name=NULL; +static const char *global_attribute_name=NULL; static void dissect_ndps_request(tvbuff_t*, packet_info*, proto_tree*, guint32, guint32, int); @@ -339,6 +343,7 @@ static int hf_notify_lease_exp_time = -1; static int hf_notify_printer_uri = -1; static int hf_level = -1; static int hf_interval = -1; +static int hf_ndps_other_error_string = -1; static int hf_spx_ndps_program = -1; static int hf_spx_ndps_version = -1; @@ -355,6 +360,10 @@ static dissector_handle_t ndps_data_handle; /* desegmentation of NDPS over TCP */ static gboolean ndps_desegment = TRUE; +/* global item and value for passing expert data */ +static proto_item *expert_item; +static guint32 expert_status; + static const value_string true_false[] = { { 0x00000000, "Accept" }, { 0x00000001, "Deny" }, @@ -1203,6 +1212,22 @@ static const value_string ndps_attribute_enum[] = { static const value_string ndps_error_types[] = { { 0x00000000, "Ok" }, { 0x00000001, "Error" }, + { 0x01000001, "Invalid Parameter" }, + { 0x01000002, "Parameter Value Unrecognized" }, + { 0x01000003, "Call Back Error" }, + { 0x01000004, "Standard IO Error" }, + { 0x01000005, "NDS Error" }, + { 0x01000006, "Unicode Error" }, + { 0x01000007, "Invalid Operator" }, + { 0x01000009, "Parameter Value Unsupported" }, + { 0x0100000a, "Windows Error" }, + { 0x0100000b, "WSA Last Error" }, + { 0x0100000c, "SLP Error" }, + { 0x0100000d, "NetWare Client Error" }, + { 0x03000005, "NDS Error with Position" }, + { 0x030a0001, "No Memory" }, + { 0x030a0009, "Artificial Memory Limit" }, + { 0x030a000c, "Memory Allocated with Wrong NLM ID" }, { 0xFFFFFC18, "Broker Out of Memory" }, /* Broker Errors */ { 0xFFFFFC17, "Broker Bad NetWare Version" }, { 0xFFFFFC16, "Broker Wrong Command Line Arguments" }, @@ -1525,6 +1550,395 @@ static const value_string ndps_error_types[] = { { 0xFFFFFC6F, "Database Object Exists" }, { 0xFFFFFC6E, "Database Descriptor In Use" }, { 0xFFFFFC6D, "Database Descriptor Being Deleted" }, + { 0xffffffff, "(-1) Insufficient Space" }, + { 0xffffff89, "(-119) Buffer too Small" }, + { 0xffffff88, "(-120) RR Volume Flag Not Set" }, + { 0xffffff87, "(-121) No Items Found" }, + { 0xffffff86, "(-122) Connection Already Temporary" }, + { 0xffffff85, "(-123) Connection Already Logged In" }, + { 0xffffff84, "(-124) Connection Not Authenticated" }, + { 0xffffff83, "(-125) Connection Not Logged In" }, + { 0xffffff82, "(-126) NCP Boundary Check Failed" }, + { 0xffffff81, "(-127) Lock Waiting" }, + { 0xffffff80, "(-128) Lock Fail" }, + { 0xffffff7f, "(-129) Out of Handles" }, + { 0xffffff7e, "(-130) No Open Privilege" }, + { 0xffffff7d, "(-131) Hard IO Error" }, + { 0xffffff7c, "(-132) No Create Privilege" }, + { 0xffffff7b, "(-133) No Create Delete Privilege" }, + { 0xffffff7a, "(-134) Create Duplicate When Read Only" }, + { 0xffffff79, "(-135) Create File with Invalid Name" }, + { 0xffffff78, "(-136) Invalid File Handle" }, + { 0xffffff77, "(-137) No Search Privilege" }, + { 0xffffff76, "(-138) No Delete Privilege" }, + { 0xffffff75, "(-139) No Rename Privilege" }, + { 0xffffff74, "(-140) No Set Privilege" }, + { 0xffffff73, "(-141) Some File in Use" }, + { 0xffffff72, "(-142) All File in Use" }, + { 0xffffff71, "(-143) Some Read Only" }, + { 0xffffff70, "(-144) All Read Only" }, + { 0xffffff6f, "(-145) Some names Exist" }, + { 0xffffff6e, "(-146) All Names Exist" }, + { 0xffffff6d, "(-147) No Read Privilege" }, + { 0xffffff6c, "(-148) No Write Privilege" }, + { 0xffffff6b, "(-149) File Detached" }, + { 0xffffff6a, "(-150) No Alloc Space/Target Not a Subdirectory/Insuffficient Memory" }, + { 0xffffff69, "(-151) No Spool Space" }, + { 0xffffff68, "(-152) Invalid Volume" }, + { 0xffffff67, "(-153) Directory Full" }, + { 0xffffff66, "(-154) Rename Across Volume" }, + { 0xffffff65, "(-155) Bad Directory Handle" }, + { 0xffffff64, "(-156) Invalid Path/No Such Extension" }, + { 0xffffff63, "(-157) No Directory Handles" }, + { 0xffffff62, "(-158) Bad File Name" }, + { 0xffffff61, "(-159) Directory Active" }, + { 0xffffff60, "(-160) Directory Not Empty" }, + { 0xffffff5f, "(-161) Directory IO Error" }, + { 0xffffff5e, "(-162) IO Locked" }, + { 0xffffff5d, "(-163) Transaction Restarted" }, + { 0xffffff5c, "(-164) Rename Directory Invalid" }, + { 0xffffff5b, "(-165) Invalid Open/Create Mode" }, + { 0xffffff5a, "(-166) Already in Use" }, + { 0xffffff59, "(-167) Invalid Resource Tag" }, + { 0xffffff58, "(-168) Access Denied" }, + { 0xffffff44, "(-188) Login Signing Required" }, + { 0xffffff43, "(-189) Login Encryption Required" }, + { 0xffffff42, "(-190) Invalid Data Stream" }, + { 0xffffff41, "(-191) Invalid Name Space" }, + { 0xffffff40, "(-192) No Accounting Privileges" }, + { 0xffffff3f, "(-193) No Account Balance" }, + { 0xffffff3e, "(-194) Credit Limit Exceeded" }, + { 0xffffff3d, "(-195) Too Many Holds" }, + { 0xffffff3c, "(-196) Accounting Disabled" }, + { 0xffffff3b, "(-197) Intruder Login Lockout" }, + { 0xffffff3a, "(-198) No Console Rights" }, + { 0xffffff30, "(-208) Queue IO Failure" }, + { 0xffffff2f, "(-209) No Queue" }, + { 0xffffff2e, "(-210) No Queue Server" }, + { 0xffffff2d, "(-211) No Queue Rights" }, + { 0xffffff2c, "(-212) Queue Full" }, + { 0xffffff2b, "(-213) No Queue Job" }, + { 0xffffff2a, "(-214) No Queue Job Rights/Unencrypted Not Allowed" }, + { 0xffffff29, "(-215) Queue In Service/Duplicate Password" }, + { 0xffffff28, "(-216) Queue Not Active/Password Too Short" }, + { 0xffffff27, "(-217) Queue Station Not Server/Maximum Logins Exceeded" }, + { 0xffffff26, "(-218) Queue Halted/Bad Login Time" }, + { 0xffffff25, "(-219) Queue Maximum Servers/Node Address Violation" }, + { 0xffffff24, "(-220) Login Account Expired" }, + { 0xffffff22, "(-222) Bad Password" }, + { 0xffffff21, "(-223) Password Expired" }, + { 0xffffff20, "(-224) No Login Connection Available" }, + { 0xffffff18, "(-232) Write to Group Property" }, + { 0xffffff17, "(-233) Member Already Exists" }, + { 0xffffff16, "(-234) No Such Member" }, + { 0xffffff15, "(-235) Property Not Group" }, + { 0xffffff14, "(-236) No Such Value Set" }, + { 0xffffff13, "(-237) Property Already Exists" }, + { 0xffffff12, "(-238) Object Already Exists" }, + { 0xffffff11, "(-239) Illegal Name" }, + { 0xffffff10, "(-240) Illegal Wildcard" }, + { 0xffffff0f, "(-241) Bindery Security" }, + { 0xffffff0e, "(-242) No Object Read Rights" }, + { 0xffffff0d, "(-243) No Object Rename Rights" }, + { 0xffffff0c, "(-244) No Object Delete Rights" }, + { 0xffffff0b, "(-245) No Object Create Rights" }, + { 0xffffff0a, "(-246) No Property Delete Rights" }, + { 0xffffff09, "(-247) No Property Create Rigths" }, + { 0xffffff08, "(-248) No Property Write Rights" }, + { 0xffffff07, "(-249) No Propery Read Rights" }, + { 0xffffff06, "(-250) Temp Remap" }, + { 0xffffff05, "(-251) Unknown Request/No Such Property" }, + { 0xffffff04, "(-252) Message Queue Full/Target Already Has Message/No Such Object" }, + { 0xffffff03, "(-253) Bad Station Number" }, + { 0xffffff02, "(-254) Bindery Locked/Directory Locked/Spool Delete/Trustee not Found/Timeout" }, + { 0xffffff01, "(-255) Hard Failure" }, + { 0xfffffed3, "(-301) Not Enough Memory" }, + { 0xfffffed2, "(-302) Bad Key" }, + { 0xfffffed1, "(-303) Bad Context" }, + { 0xfffffed0, "(-304) Buffer Full" }, + { 0xfffffecf, "(-305) List Empty" }, + { 0xfffffece, "(-306) Bad Syntax" }, + { 0xfffffecd, "(-307) Buffer Empty" }, + { 0xfffffecc, "(-308) Bad Verb" }, + { 0xfffffecb, "(-309) Expected Identifier" }, + { 0xfffffeca, "(-310) Expected Equals" }, + { 0xfffffec9, "(-311) Attribute Type Expected" }, + { 0xfffffec8, "(-312) Attribute Type Not Expected" }, + { 0xfffffec7, "(-313) Filter Tree Empty" }, + { 0xfffffec6, "(-314) Invalid Object Name" }, + { 0xfffffec5, "(-315) Expected RDN Delimiter" }, + { 0xfffffec4, "(-316) Too Many Tokens" }, + { 0xfffffec3, "(-317) Inconsistent MultiAVA" }, + { 0xfffffec2, "(-318) Country Name Too Long" }, + { 0xfffffec1, "(-319) Internal Error" }, + { 0xfffffec0, "(-320) Can't Add Root" }, + { 0xfffffebf, "(-321) Unable to Attach" }, + { 0xfffffebe, "(-322) Invalid Iteration Handle" }, + { 0xfffffebd, "(-323) Buffer Zero Length" }, + { 0xfffffebc, "(-324) Invalid Replica Type" }, + { 0xfffffebb, "(-325) Invalid Attribute Syntax" }, + { 0xfffffeba, "(-326) Invalid Filter Syntax" }, + { 0xfffffeb8, "(-328) Unicode Error during Context Creation" }, + { 0xfffffeb7, "(-329) Invalid Union Tag" }, + { 0xfffffeb6, "(-330) Invalid Server Response" }, + { 0xfffffeb5, "(-331) Null Pointer" }, + { 0xfffffeb4, "(-332) No Server Found" }, + { 0xfffffeb3, "(-333) No Connection" }, + { 0xfffffeb2, "(-334) RDN Too Long" }, + { 0xfffffeb1, "(-335) Duplicate Type" }, + { 0xfffffeb0, "(-336) Data Store Failure" }, + { 0xfffffeaf, "(-337) Not Logged In" }, + { 0xfffffeae, "(-338) Invalid Password Characters" }, + { 0xfffffead, "(-339) Failed Server Authentication" }, + { 0xfffffeac, "(-340) Transport Failed" }, + { 0xfffffeab, "(-341) No Such Syntax" }, + { 0xfffffeaa, "(-342) Invalid DS Name" }, + { 0xfffffea9, "(-343) Attribute Name Too Long" }, + { 0xfffffea8, "(-344) Invalid TDS" }, + { 0xfffffea7, "(-345) Invalid DS Version" }, + { 0xfffffea6, "(-346) Unicode Translation" }, + { 0xfffffea5, "(-347) Schema Name Too Long" }, + { 0xfffffea4, "(-348) Unicode File Not Found" }, + { 0xfffffea3, "(-349) Unicode Already Loaded" }, + { 0xfffffea2, "(-350) Not Context Owner" }, + { 0xfffffea1, "(-351) Attempt to Authenticate" }, + { 0xfffffea0, "(-352) No Writable Replicas" }, + { 0xfffffe9f, "(-353) DN Too Long" }, + { 0xfffffe9e, "(-354) Rename Not Allowed" }, + { 0xfffffe9d, "(-355) Not NDS for NT" }, + { 0xfffffe9c, "(-356) NDS for NT - No Domain" }, + { 0xfffffe9b, "(-357) NDS for NT - Sync Disabled" }, + { 0xfffffe9a, "(-358) Iterator Invalid Handle" }, + { 0xfffffe99, "(-359) Iterator Invalid Position" }, + { 0xfffffe98, "(-360) Iterator Invalid Search Data" }, + { 0xfffffe97, "(-361) Iterator Invalid Scope" }, + { 0xfffffda7, "(-601) No Such Entry" }, + { 0xfffffda6, "(-602) No Such Value" }, + { 0xfffffda5, "(-603) No Such Attribute" }, + { 0xfffffda4, "(-604) No Such Class" }, + { 0xfffffda3, "(-605) No Such Partition" }, + { 0xfffffda2, "(-606) Entry Already Exists" }, + { 0xfffffda1, "(-607) Not Effective Class" }, + { 0xfffffda0, "(-608) Illegal Attribute" }, + { 0xfffffd9f, "(-609) Missing Mandatory" }, + { 0xfffffd9e, "(-610) Illegal DS Name" }, + { 0xfffffd9d, "(-611) Illegal Containment" }, + { 0xfffffd9c, "(-612) Can't Have Multiple Values" }, + { 0xfffffd9b, "(-613) Syntax Violation" }, + { 0xfffffd9a, "(-614) Duplicate Value" }, + { 0xfffffd99, "(-615) Attribute Already Exists" }, + { 0xfffffd98, "(-616) Maximum Entries Exist" }, + { 0xfffffd97, "(-617) Database Format" }, + { 0xfffffd96, "(-618) Inconsistent Database" }, + { 0xfffffd95, "(-619) Invalid Comparison" }, + { 0xfffffd94, "(-620) Comparison Failed" }, + { 0xfffffd93, "(-621) Transaction Tracking Disabled" }, + { 0xfffffd92, "(-622) Invalid Transport" }, + { 0xfffffd91, "(-623) Syntax Invalid in Name" }, + { 0xfffffd90, "(-624) Replica Already Exists" }, + { 0xfffffd8f, "(-625) Transport Failure" }, + { 0xfffffd8e, "(-626) All Referrals Failed" }, + { 0xfffffd8d, "(-627) Can't Remove Naming Value" }, + { 0xfffffd8c, "(-628) Object Class Violation" }, + { 0xfffffd8b, "(-629) Entry is Not Leaf" }, + { 0xfffffd8a, "(-630) Different Tree" }, + { 0xfffffd89, "(-631) Illegal Replica Type" }, + { 0xfffffd88, "(-632) System Failure" }, + { 0xfffffd87, "(-633) Invalid Entry for Root" }, + { 0xfffffd86, "(-634) No Referrals" }, + { 0xfffffd85, "(-635) Remote Failure" }, + { 0xfffffd84, "(-636) Unreachable Server" }, + { 0xfffffd83, "(-637) Previous Move in Progress" }, + { 0xfffffd82, "(-638) No Character Mapping" }, + { 0xfffffd81, "(-639) Incomplete Authentication" }, + { 0xfffffd80, "(-640) Invalid Certificate" }, + { 0xfffffd7f, "(-641) Invalid Request" }, + { 0xfffffd7e, "(-642) Invalid Iteration" }, + { 0xfffffd7d, "(-643) Schema is Non-removable" }, + { 0xfffffd7c, "(-644) Schema is in Use" }, + { 0xfffffd7b, "(-645) Class Already Exists" }, + { 0xfffffd7a, "(-646) Bad Naming Attributes" }, + { 0xfffffd79, "(-647) Not Root Partition" }, + { 0xfffffd78, "(-648) Insufficient Stack" }, + { 0xfffffd77, "(-649) Insufficient Buffer" }, + { 0xfffffd76, "(-650) Ambiguous Containment" }, + { 0xfffffd75, "(-651) Ambiguous Naming" }, + { 0xfffffd74, "(-652) Duplicate Mandatory" }, + { 0xfffffd73, "(-653) Duplicate Optional" }, + { 0xfffffd72, "(-654) Partition Busy" }, + { 0xfffffd71, "(-655) Multiple Replicas" }, + { 0xfffffd70, "(-656) Crucial Replica" }, + { 0xfffffd6f, "(-657) Schema Sync in Progress" }, + { 0xfffffd6e, "(-658) Skulk in Progress" }, + { 0xfffffd6d, "(-659) Time Not Synchronized" }, + { 0xfffffd6c, "(-660) Record in Use" }, + { 0xfffffd6b, "(-661) DS Volume Not Mounted" }, + { 0xfffffd6a, "(-662) DS Volume IO Failure" }, + { 0xfffffd69, "(-663) DS Locked" }, + { 0xfffffd68, "(-664) Old Epoch" }, + { 0xfffffd67, "(-665) New Epoch" }, + { 0xfffffd66, "(-666) Incompatible DS Version" }, + { 0xfffffd65, "(-667) Partition Root" }, + { 0xfffffd64, "(-668) Entry Not Container" }, + { 0xfffffd63, "(-669) Failed Authentication" }, + { 0xfffffd62, "(-670) Invalid Context" }, + { 0xfffffd61, "(-671) No Such Parent" }, + { 0xfffffd60, "(-672) No Access" }, + { 0xfffffd5f, "(-673) Replica Not On" }, + { 0xfffffd5e, "(-674) Invalid Name Service" }, + { 0xfffffd5d, "(-675) Invalid Task" }, + { 0xfffffd5c, "(-676) Invalide Connection Handle" }, + { 0xfffffd5b, "(-677) Invalid Identity" }, + { 0xfffffd5a, "(-678) Duplicate ACL" }, + { 0xfffffd59, "(-679) Partition Already Exists" }, + { 0xfffffd58, "(-680) Transport Modified" }, + { 0xfffffd57, "(-681) Alias of an Alias" }, + { 0xfffffd56, "(-682) Auditing Failed" }, + { 0xfffffd55, "(-683) Invalid API Version" }, + { 0xfffffd54, "(-684) Secure NCP Violation" }, + { 0xfffffd53, "(-685) Move in Progress" }, + { 0xfffffd52, "(-686) Not a Leaf Partition" }, + { 0xfffffd51, "(-687) Cannot Abort" }, + { 0xfffffd50, "(-688) Cache Overflow" }, + { 0xfffffd4f, "(-689) Invalid Subordinate Count" }, + { 0xfffffd4e, "(-690) Invalid RDN" }, + { 0xfffffd4d, "(-691) Modification Time Not Current" }, + { 0xfffffd4c, "(-692) Incorrect Base Class" }, + { 0xfffffd4b, "(-693) Missing Reference" }, + { 0xfffffd4a, "(-694) Lost Entry" }, + { 0xfffffd49, "(-695) Agent Already Registered" }, + { 0xfffffd48, "(-696) DS Loader Busy" }, + { 0xfffffd47, "(-697) DS Cannot Reload" }, + { 0xfffffd46, "(-698) Replica in Skulk" }, + { 0xfffffd45, "(-699) Fatal" }, + { 0xfffffd44, "(-700) Obsolete API" }, + { 0xfffffd43, "(-701) Synchronization Disabled" }, + { 0xfffffd42, "(-702) Invalid Parameter" }, + { 0xfffffd41, "(-703) Duplicate Template" }, + { 0xfffffd40, "(-704) No Master Replica" }, + { 0xfffffd3f, "(-705) Duplicate Containment" }, + { 0xfffffd3e, "(-706) Not a Sibling" }, + { 0xfffffd3d, "(-707) Invalid Signature" }, + { 0xfffffd3c, "(-708) Invalid Response" }, + { 0xfffffd3b, "(-709) Insufficient Sockets" }, + { 0xfffffd3a, "(-710) Database Read Fail" }, + { 0xfffffd39, "(-711) Invalid Code Page" }, + { 0xfffffd38, "(-712) Invalid Escape Character" }, + { 0xfffffd37, "(-713) Invalide Delimiters" }, + { 0xfffffd36, "(-714) Not Implemented" }, + { 0xfffffd35, "(-715) Checksum Failure" }, + { 0xfffffd34, "(-716) Checksumming Not Supported" }, + { 0xfffffd33, "(-717) CRC Failure" }, + { 0xfffffd32, "(-718) Invalid Entry Handle" }, + { 0xfffffd31, "(-719) Invalid Value Handle" }, + { 0xfffffd30, "(-720) Connection Denied" }, + { 0xfffffd2f, "(-721) No Such Federation Link" }, + { 0xfffffd2e, "(-722) Operetational Schema Mismatch" }, + { 0xfffffd2d, "(-723) Stream Not Found" }, + { 0xfffffd2c, "(-724) DClient Unavailable" }, + { 0xfffffd2b, "(-725) MASV No Access" }, + { 0xfffffd2a, "(-726) MASV Invalid Request" }, + { 0xfffffd29, "(-727) MASV Failure" }, + { 0xfffffd28, "(-728) MASV Already Exists" }, + { 0xfffffd27, "(-729) MASV Not Found" }, + { 0xfffffd26, "(-730) MASV Bad Range" }, + { 0xfffffd25, "(-731) Value Data" }, + { 0xfffffd24, "(-732) Database Locked" }, + { 0xfffffd21, "(-735) Nothing to Abort" }, + { 0xfffffd20, "(-736) End of Stream" }, + { 0xfffffd1f, "(-737) No Such Template" }, + { 0xfffffd1e, "(-738) SAS Locked" }, + { 0xfffffd1d, "(-739) Invalid SAS Version" }, + { 0xfffffd1c, "(-740) SAS Already Registered" }, + { 0xfffffd1b, "(-741) Name Type Not Supported" }, + { 0xfffffd1a, "(-742) Wrong DS Version" }, + { 0xfffffd19, "(-743) Invalid Control Function" }, + { 0xfffffd18, "(-744) Invalid Control State" }, + { 0xfffffd17, "(-745) Cache in Use" }, + { 0xfffffd16, "(-746) Zero Creation Time" }, + { 0xfffffd15, "(-747) Would Block" }, + { 0xfffffd14, "(-748) Connection Timeout" }, + { 0xfffffd13, "(-749) Too Many Referrals" }, + { 0xfffffd12, "(-750) Operation Cancelled" }, + { 0xfffffd11, "(-751) Unknown Target" }, + { 0xfffffd10, "(-752) GUID Failure" }, + { 0xfffffd0f, "(-753) Incompatible OS" }, + { 0xfffffd0e, "(-754) Callback Cancel" }, + { 0xfffffd0d, "(-755) Invalid Synchronization Data" }, + { 0xfffffd0c, "(-756) Stream Exists" }, + { 0xfffffd0b, "(-757) Auxiliary Has Containment" }, + { 0xfffffd0a, "(-758) Auxiliary Not Container" }, + { 0xfffffd09, "(-759) Auxiliary Not Effective" }, + { 0xfffffd08, "(-760) Auxiliary On Alias" }, + { 0xfffffd07, "(-761) Have Seen State" }, + { 0xfffffd06, "(-762) Verb Locked" }, + { 0xfffffd05, "(-763) Verb Exceeds Table Length" }, + { 0xfffffd04, "(-764) BOF Hit" }, + { 0xfffffd03, "(-765) EOF Hit" }, + { 0xfffffd02, "(-766) Incompatible Replica Version" }, + { 0xfffffd01, "(-767) Query Timeout" }, + { 0xfffffd00, "(-768) Query Maximum Count" }, + { 0xfffffcff, "(-769) Duplicate Naming" }, + { 0xfffffcfe, "(-770) No Transaction Active" }, + { 0xfffffcfd, "(-771) Transaction Active" }, + { 0xfffffcfc, "(-772) Illegal Transaction Operation" }, + { 0xfffffcfb, "(-773) Iterator Syntax" }, + { 0xfffffcfa, "(-774) Repairing DIB" }, + { 0xfffffcf9, "(-775) Invalid OID Format" }, + { 0xfffffcf8, "(-776) Attempted to perform an NDS operation, and the DS agent on this server is closing" }, + { 0xfffffcf7, "(-777) Attempted to modify an object's attribute that is not stored on the sparse replica" }, + { 0xfffffcf6, "(-778) VpVector and VpvUser which must be correlated, are out of sync" }, + { 0xfffffcf5, "(-779) Error Cannot Go Remote" }, + { 0xfffffcf4, "(-780) Request not Supported" }, + { 0xfffffcf3, "(-781) Entry Not Local" }, + { 0xfffffcf2, "(-782) Root Unreachable" }, + { 0xfffffcf1, "(-783) VRDIM Not Initialized" }, + { 0xfffffcf0, "(-784) Wait Timeout" }, + { 0xfffffcef, "(-785) DIB Error" }, + { 0xfffffcee, "(-786) DIB IO Failure" }, + { 0xfffffced, "(-787) Illegal Schema Attribute" }, + { 0xfffffcec, "(-788) Error Schema Partition" }, + { 0xfffffceb, "(-789) Invalid Template" }, + { 0xfffffcea, "(-790) Error Opening File" }, + { 0xfffffce9, "(-791) Error Direct Opening File" }, + { 0xfffffce8, "(-792) Error Creating File" }, + { 0xfffffce7, "(-793) Error Direct Creating File" }, + { 0xfffffce6, "(-794) Error Reading File" }, + { 0xfffffce5, "(-795) Error Direct Reading File" }, + { 0xfffffce4, "(-796) Error Writing File" }, + { 0xfffffce3, "(-797) Error Direct Writing File" }, + { 0xfffffce2, "(-798) Error Positioning in File" }, + { 0xfffffce1, "(-799) Error Getting File Size" }, + { 0xffffe88f, "(-6001) Error Truncating File" }, + { 0xffffe88e, "(-6002) Error Parsing File Name" }, + { 0xffffe88d, "(-6003) Error Closing File" }, + { 0xffffe88c, "(-6004) Error Getting File Info" }, + { 0xffffe88b, "(-6005) Error Expanding File" }, + { 0xffffe88a, "(-6006) Error Getting Free Blocks" }, + { 0xffffe889, "(-6007) Error Checking File Existence" }, + { 0xffffe888, "(-6008) Error Deleting File" }, + { 0xffffe887, "(-6009) Error Renaming File" }, + { 0xffffe886, "(-6010) Error Initializing IO System" }, + { 0xffffe885, "(-6011) Error Flushing File" }, + { 0xffffe884, "(-6012) Error Setting Up for Read" }, + { 0xffffe883, "(-6013) Error Setting up for Write" }, + { 0xffffe882, "(-6014) Error Old View" }, + { 0xffffe881, "(-6015) Server in Skulk" }, + { 0xffffe880, "(-6016) Error Returning Partial Results" }, + { 0xffffe87f, "(-6017) No Such Schema" }, + { 0xffffe87e, "(-6018) Serial Number Mismatch" }, + { 0xffffe87d, "(-6019) Bad Referal Database Serial Number" }, + { 0xffffe87c, "(-6020) Bad Referal Serial Number" }, + { 0xffffe87b, "(-6021) Invalid File Sequence" }, + { 0xffffe87a, "(-6022) Error Referal Trans Gap" }, + { 0xffffe879, "(-6023) Bad Referal File Number" }, + { 0xffffe878, "(-6024) Referal File Not Found" }, + { 0xffffe877, "(-6025) Error Backup Active" }, + { 0xffffe876, "(-6026) Referal Device Full" }, + { 0xffffe875, "(-6027) Unsupported Version" }, + { 0xffffe874, "(-6028) Error Must Wait Checkpoint" }, + { 0xffffe873, "(-6029) Attribute Maintenance in Progress" }, + { 0xffffe872, "(-6030) Error Abort Transaction" }, { 0, NULL } }; @@ -1586,86 +2000,62 @@ align_4(tvbuff_t *tvb, int aoffset) return 0; } +/* + * XXX - is there something in the packet to indicate whether a string + * is ASCII or Unicode, or is it a characteristic of the attribute? + * Currently, we use a heuristic - if the length is odd, we assume + * it's ASCII (as it's a length in bytes, not characters), otherwise if + * if the length is 2, we assume it's ASCII (as strings are null- + * terminated, so a Unicode string would have to be at least 4 bytes), + * otherwise if the second byte of the string is 0, we assume it's + * Unicode (as an ASCII string would, in that case, have at least two + * characters before the terminating NUL). + */ static int -ndps_string(tvbuff_t* tvb, int hfinfo, proto_tree *ndps_tree, int offset, char *stringval, size_t buflen) +ndps_string(tvbuff_t* tvb, int hfinfo, proto_tree *ndps_tree, int offset, char **stringval) { - int foffset = offset; - guint32 str_length; - char buffer[1024]; - guint32 i; - guint16 c_char; - guint32 length_remaining = 0; - - if (stringval == NULL) { - stringval = buffer; - buflen = sizeof buffer; - } - str_length = tvb_get_ntohl(tvb, foffset); - foffset += 4; - length_remaining = tvb_length_remaining(tvb, foffset); - if(str_length > (guint)length_remaining || str_length > 1024) - { - proto_tree_add_string(ndps_tree, hfinfo, tvb, foffset, - length_remaining + 4, ""); - foffset += length_remaining; - return foffset; - } - if(str_length == 0) - { - proto_tree_add_string(ndps_tree, hfinfo, tvb, offset, - 4, ""); - return foffset; - } - for ( i = 0; i < str_length; i++ ) - { - c_char = tvb_get_guint8(tvb, foffset ); - if (c_char<0x20 || c_char>0x7e) - { - if (c_char != 0x00) - { - c_char = 0x2e; - if (i < buflen - 1) - stringval[i] = c_char & 0xff; - } - else - { - i--; - str_length--; - } - } - else - { - if (i < buflen - 1) - stringval[i] = c_char & 0xff; - } - foffset++; - length_remaining--; - - if(length_remaining==1) - { - i++; - break; - } - } - stringval[i] = '\0'; - - str_length = tvb_get_ntohl(tvb, offset); - proto_tree_add_string(ndps_tree, hfinfo, tvb, offset+4, - str_length, stringval); - foffset += align_4(tvb, foffset); + int foffset = offset; + guint32 str_length; + char *string; + + str_length = tvb_get_ntohl(tvb, foffset); + foffset += 4; + if(str_length == 0) + { + proto_tree_add_string(ndps_tree, hfinfo, tvb, offset, 4, ""); + if (stringval != NULL) + *stringval = ep_strdup(""); return foffset; + } + if (str_length <= 2 || (str_length & 0x01) || tvb_get_guint8(tvb, foffset + 1) != 0) { + /* + * ASCII. + */ + string = tvb_get_string(tvb, foffset, str_length); + } else { + /* + * Unicode. + */ + string = tvb_get_ephemeral_faked_unicode(tvb, foffset, str_length/2, TRUE); + } + foffset += str_length; + proto_tree_add_string(ndps_tree, hfinfo, tvb, offset, str_length + 4, string); + foffset += align_4(tvb, foffset); + if (stringval != NULL) + *stringval = string; + return foffset; } static int objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) { guint32 length; - char *label=NULL; + const char *label=NULL; guint32 label_value=0; proto_tree *atree; proto_item *aitem; gboolean found=TRUE; - + length = tvb_get_ntohl(tvb, foffset); if (length==0) { @@ -1681,7 +2071,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 9: label_value = tvb_get_ntohl(tvb, foffset+5); label = match_strval(label_value, object_ids_7); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1692,7 +2082,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 10: label_value = tvb_get_ntohl(tvb, foffset+6); label = match_strval(label_value, object_ids_8); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1703,7 +2093,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 11: label_value = tvb_get_ntohl(tvb, foffset+7); label = match_strval(label_value, object_ids_9); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1714,7 +2104,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 12: label_value = tvb_get_ntohl(tvb, foffset+8); label = match_strval(label_value, object_ids_10); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1725,7 +2115,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 13: label_value = tvb_get_ntohl(tvb, foffset+9); label = match_strval(label_value, object_ids_11); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1736,7 +2126,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 14: label_value = tvb_get_ntohl(tvb, foffset+10); label = match_strval(label_value, object_ids_12); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1747,7 +2137,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 15: label_value = tvb_get_ntohl(tvb, foffset+11); label = match_strval(label_value, object_ids_13); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1758,7 +2148,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 16: label_value = tvb_get_ntohl(tvb, foffset+12); label = match_strval(label_value, object_ids_14); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1769,7 +2159,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 17: label_value = tvb_get_ntohl(tvb, foffset+13); label = match_strval(label_value, object_ids_15); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1780,7 +2170,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 18: label_value = tvb_get_ntohl(tvb, foffset+14); label = match_strval(label_value, object_ids_16); - if (label==NULL) + if (label==NULL) { aitem = proto_tree_add_text(ndps_tree, tvb, foffset, length, "Unknown ID"); found=FALSE; @@ -1793,7 +2183,7 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) found=FALSE; break; } - if (!found) + if (!found) { label_value = 1; label = match_strval(label_value, object_ids_7); @@ -1805,13 +2195,15 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 1; length = tvb_get_guint8(tvb, foffset); foffset += 1; + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(atree, hf_ndps_oid, tvb, foffset, length, FALSE); foffset += length; } else { - if (!found) + if (!found) { + tvb_ensure_bytes_exist(tvb, foffset, length); foffset += length; } else @@ -1819,10 +2211,15 @@ objectidentifier(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 1; length = tvb_get_guint8(tvb, foffset); foffset += 1; + tvb_ensure_bytes_exist(tvb, foffset, length); foffset += length; } } global_attribute_name = label; + /* XXX - There's probably a better way to handle this */ + if ((int) (foffset+(length%2)) < 0) { + THROW(ReportedBoundsError); + } return foffset+(length%2); } @@ -1841,7 +2238,7 @@ name_or_id(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) break; case 2: /* Local */ - foffset = ndps_string(tvb, hf_local_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_local_object_name, ndps_tree, foffset, NULL); break; } foffset += align_4(tvb, foffset); @@ -1858,12 +2255,12 @@ qualifiedname(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; if (qualified_name_type != 0) { if (qualified_name_type == 1) { - foffset = ndps_string(tvb, hf_printer_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_printer_name, ndps_tree, foffset, NULL); } else { - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); } } return foffset; @@ -1875,22 +2272,22 @@ objectidentification(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) guint32 object_type=0; proto_tree *atree; proto_item *aitem; - - object_type = tvb_get_ntohl(tvb, foffset); + + object_type = tvb_get_ntohl(tvb, foffset); aitem = proto_tree_add_item(ndps_tree, hf_obj_id_type, tvb, foffset, 4, FALSE); atree = proto_item_add_subtree(aitem, ett_ndps); foffset += 4; switch(object_type) { case 0: /* Printer Contained Object ID */ - foffset = ndps_string(tvb, hf_printer_name, atree, foffset, NULL, 0); - proto_tree_add_item(atree, hf_ndps_object, tvb, foffset, + foffset = ndps_string(tvb, hf_printer_name, atree, foffset, NULL); + proto_tree_add_item(atree, hf_ndps_object, tvb, foffset, 4, FALSE); foffset += 4; break; case 1: /* Document Identifier */ - foffset = ndps_string(tvb, hf_printer_name, atree, foffset, NULL, 0); - proto_tree_add_item(atree, hf_ndps_document_number, tvb, foffset, + foffset = ndps_string(tvb, hf_printer_name, atree, foffset, NULL); + proto_tree_add_item(atree, hf_ndps_document_number, tvb, foffset, 4, FALSE); foffset += 4; break; @@ -1898,7 +2295,7 @@ objectidentification(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset = objectidentifier(tvb, atree, foffset); break; case 3: /* Object Name */ - foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL); if (foffset > tvb_length_remaining(tvb, foffset)) { return foffset; } @@ -1908,18 +2305,18 @@ objectidentification(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset = name_or_id(tvb, atree, foffset); break; case 5: /* Simple Name */ - foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL); break; case 6: /* Printer Configuration Object ID */ - foffset = ndps_string(tvb, hf_printer_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_printer_name, atree, foffset, NULL); break; case 7: /* Qualified Name */ foffset = qualifiedname(tvb, ndps_tree, foffset); break; case 8: /* Event Object ID */ - foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL); foffset = objectidentifier(tvb, atree, foffset); - proto_tree_add_item(atree, hf_ndps_event_type, tvb, foffset, + proto_tree_add_item(atree, hf_ndps_event_type, tvb, foffset, 4, FALSE); foffset += 4; default: @@ -1932,33 +2329,37 @@ static int print_address(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) { guint32 address_type=0; - guint32 address=0; guint32 address_len=0; - address_type = tvb_get_ntohl(tvb, foffset); + address_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_address, tvb, foffset, 4, address_type); foffset += 4; address_len = tvb_get_ntohl(tvb, foffset); proto_tree_add_item(ndps_tree, hf_address_len, tvb, foffset, 4, FALSE); foffset += 4; + /* + * XXX - are these address types the same as the NDS_PTYPE_ #defines + * in packet-ncp2222.inc? + * + * XXX - should this code - and the code in packet-ncp2222.inc to + * dissect addresses - check the length for the types it supports? + */ switch(address_type) { case 0x00000000: - proto_tree_add_item(ndps_tree, hf_ndps_net, tvb, foffset, 4, FALSE); - proto_tree_add_item(ndps_tree, hf_ndps_node, tvb, foffset+4, 6, FALSE); - proto_tree_add_item(ndps_tree, hf_ndps_socket, tvb, foffset+10, 2, FALSE); - foffset += address_len; - break; + proto_tree_add_item(ndps_tree, hf_ndps_net, tvb, foffset, 4, FALSE); + proto_tree_add_item(ndps_tree, hf_ndps_node, tvb, foffset+4, 6, FALSE); + proto_tree_add_item(ndps_tree, hf_ndps_socket, tvb, foffset+10, 2, FALSE); + break; case 0x00000001: - proto_tree_add_item(ndps_tree, hf_ndps_port, tvb, foffset, 2, FALSE); - address = tvb_get_letohl(tvb, foffset+2); - proto_tree_add_ipv4(ndps_tree, hf_ndps_ip, tvb, foffset+2, 4, address); - foffset += address_len; - break; + proto_tree_add_item(ndps_tree, hf_ndps_port, tvb, foffset, 2, FALSE); + proto_tree_add_item(ndps_tree, hf_ndps_ip, tvb, foffset+2, 4, FALSE); + break; default: - foffset += tvb_get_ntohl(tvb, foffset -4); break; } + tvb_ensure_bytes_exist(tvb, foffset, address_len); + foffset += address_len; return foffset+(address_len%4); } @@ -1967,7 +2368,7 @@ address_item(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) { guint32 address_type=0; - address_type = tvb_get_ntohl(tvb, foffset); + address_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_address_type, tvb, foffset, 4, address_type); foffset += 4; switch(address_type) @@ -1987,7 +2388,7 @@ address_item(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 10: case 11: case 12: - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); break; case 13: proto_tree_add_item(ndps_tree, hf_ndps_attrib_boolean, tvb, foffset, 4, FALSE); @@ -2003,7 +2404,7 @@ address_item(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 16: case 17: default: - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); break; } return foffset; @@ -2025,18 +2426,23 @@ credentials(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) switch (cred_type) { case 0: - foffset = ndps_string(tvb, hf_ndps_user_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_user_name, ndps_tree, foffset, NULL); number_of_items=tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_num_passwords, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Password %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(atree, hf_ndps_password, tvb, foffset, length, FALSE); } proto_item_set_end(aitem, tvb, foffset); @@ -2048,20 +2454,21 @@ credentials(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_certified, tvb, foffset, length, FALSE); } foffset += length; break; case 2: - foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, NULL); foffset += 2; proto_tree_add_item(ndps_tree, hf_ndps_connection, tvb, foffset, 2, FALSE); foffset += 2; break; case 3: length=tvb_get_ntohl(tvb, foffset); - foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, NULL, 0); - if (length == 0) + foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, NULL); + if (length == 0) { foffset += 2; } @@ -2075,19 +2482,19 @@ credentials(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } proto_tree_add_item(ndps_tree, hf_ndps_connection, tvb, foffset, 2, FALSE); foffset += 2; - foffset = ndps_string(tvb, hf_ndps_user_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_user_name, ndps_tree, foffset, NULL); break; case 4: - foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, NULL); foffset += 2; proto_tree_add_item(ndps_tree, hf_ndps_connection, tvb, foffset, 2, FALSE); foffset += 2; - foffset = ndps_string(tvb, hf_ndps_user_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_user_name, ndps_tree, foffset, NULL); foffset += 8; /* Don't know what these 8 bytes signify */ proto_tree_add_item(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, FALSE); foffset += 4; /* XXX - what does this count? */ - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); break; default: break; @@ -2118,6 +2525,10 @@ event_object_set(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Event %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); proto_tree_add_item(btree, hf_ndps_event_type, tvb, foffset, 4, FALSE); @@ -2144,6 +2555,10 @@ event_object_set(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Item %u", j); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = objectidentifier(tvb, ctree, foffset); @@ -2173,16 +2588,23 @@ cardinal_seq(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Cardinal %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } + tvb_ensure_bytes_exist(tvb, foffset, length); foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); proto_item_set_end(aitem, tvb, foffset); } return foffset; @@ -2192,7 +2614,7 @@ cardinal_seq(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) static int server_entry(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) { - char server_name[1024]; + char *server_name; guint32 number_of_items; guint32 i; guint32 data_type; @@ -2203,22 +2625,26 @@ server_entry(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Server Info"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, server_name, sizeof server_name); - proto_item_append_text(aitem, ": %s", server_name); + foffset = ndps_string(tvb, hf_ndps_server_name, ndps_tree, foffset, &server_name); + proto_item_append_text(aitem, ": %s", format_text(server_name, strlen(server_name))); proto_tree_add_item(atree, hf_ndps_server_type, tvb, foffset, 4, FALSE); foffset += 4; foffset = print_address(tvb, atree, foffset); - number_of_items = tvb_get_ntohl(tvb, foffset); + number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(atree, hf_ndps_num_servers, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Info %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); data_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_item(btree, hf_ndps_data_item_type, tvb, foffset, 4, FALSE); foffset += 4; - switch (data_type) + switch (data_type) { case 0: /* Int8 */ proto_tree_add_item(btree, hf_info_int, tvb, foffset, 1, FALSE); @@ -2238,7 +2664,7 @@ server_entry(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) break; case 4: /* String */ case 5: /* Bytes */ - foffset = ndps_string(tvb, hf_info_string, btree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_info_string, btree, foffset, NULL); break; default: break; @@ -2275,7 +2701,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) guint32 dimension; guint32 location; guint32 cardinal; - char *label; + const char *label; guint32 label_value; proto_tree *atree; proto_item *aitem; @@ -2288,7 +2714,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) label = match_strval(label_value, object_ids_7); global_attribute_name = label; } - attribute_type = tvb_get_ntohl(tvb, foffset); + attribute_type = tvb_get_ntohl(tvb, foffset); if (ndps_show_oids) { proto_tree_add_item(ndps_tree, hf_obj_attribute_type, tvb, foffset, 4, FALSE); @@ -2309,7 +2735,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 102: /* File Path */ case 103: /* Uniform Resource Identifier */ case 108: /* Extended Resource Identifier */ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); break; case 4: /* Message */ case 5: /* Error Message */ @@ -2322,6 +2748,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = name_or_id(tvb, atree, foffset); @@ -2330,7 +2760,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) break; case 7: /* Distinguished Name String*/ case 79: /* File Reference */ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); foffset = name_or_id(tvb, ndps_tree, foffset); break; case 8: /* Distinguished Name String Seq */ @@ -2339,9 +2769,13 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Name %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL); foffset = name_or_id(tvb, atree, foffset); proto_item_set_end(aitem, tvb, foffset); } @@ -2357,7 +2791,8 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 57: /* Job Priority */ case 72: /* Sides */ case 95: /* Enumeration */ - if (strcmp(global_attribute_name,"(Novell) Attribute PRINTER SECURITY LEVEL")==0) + if (global_attribute_name != NULL && + strcmp(global_attribute_name,"(Novell) Attribute PRINTER SECURITY LEVEL")==0) { proto_tree_add_item(ndps_tree, hf_print_security, tvb, foffset, 4, FALSE); foffset += 4; @@ -2372,10 +2807,11 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 14: /* Cardinal Seq */ length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_info_int32, tvb, foffset, length, FALSE); } + tvb_ensure_bytes_exist(tvb, foffset, length); foffset += length; break; case 16: /* Integer Range */ @@ -2401,6 +2837,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_n64, tvb, foffset, 8, FALSE); @@ -2438,6 +2878,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Object %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = objectidentifier(tvb, atree, foffset); @@ -2450,9 +2894,13 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Name %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } break; @@ -2497,7 +2945,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) proto_tree_add_item(ndps_tree, hf_ndps_ydimension_n64, tvb, foffset, 8, FALSE); foffset += 8; } - proto_tree_add_item(ndps_tree, hf_ndps_dim_flag, tvb, foffset, 8, FALSE); + proto_tree_add_item(ndps_tree, hf_ndps_dim_flag, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_ndps_n64, tvb, foffset, 8, FALSE); foffset += 8; @@ -2512,6 +2960,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Location %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_n64, tvb, foffset, 8, FALSE); @@ -2544,6 +2996,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Area %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_xmin_n64, tvb, foffset, 8, FALSE); @@ -2613,7 +3069,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset = qualifiedname(tvb, ndps_tree, foffset); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -2627,6 +3083,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Address Item %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = address_item(tvb, atree, foffset); @@ -2637,6 +3097,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Event %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_event_type, tvb, foffset, 4, FALSE); @@ -2658,6 +3122,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } foffset = objectidentifier(tvb, atree, foffset); } foffset += 4; @@ -2673,6 +3141,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Object %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); @@ -2686,7 +3158,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 56: /* Octet String */ case 63: /* Job Password */ case 66: /* Print Checkpoint */ - foffset = ndps_string(tvb, hf_info_string, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_info_string, ndps_tree, foffset, NULL); break; case 59: /* Method Delivery Address */ proto_tree_add_item(ndps_tree, hf_ndps_delivery_add_type, tvb, foffset, 4, FALSE); @@ -2698,10 +3170,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 1: /*DISTINGUISHED_NAME*/ case 2: /*TEXT*/ case 3: /*OCTET_STRING*/ - foffset = ndps_string(tvb, hf_info_string, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_info_string, ndps_tree, foffset, NULL); break; case 4: /*DIST_NAME_STRING*/ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); foffset = name_or_id(tvb, ndps_tree, foffset); break; case 5: /*RPC_ADDRESS*/ @@ -2744,16 +3216,22 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); proto_item_set_end(aitem, tvb, foffset); } break; @@ -2766,6 +3244,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Ignored Attribute %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); ignored_type = tvb_get_ntohl(tvb, foffset); @@ -2792,7 +3274,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } else { - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); } break; case 69: /* Medium Substitution */ @@ -2800,8 +3282,8 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset = name_or_id(tvb, ndps_tree, foffset); break; case 70: /* Font Substitution */ - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); break; case 71: /* Resource Context Seq */ number_of_items = tvb_get_ntohl(tvb, foffset); @@ -2809,6 +3291,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Resource %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); resource_type = tvb_get_ntohl(tvb, foffset); @@ -2820,7 +3306,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } else { - foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL); } proto_item_set_end(aitem, tvb, foffset); } @@ -2831,6 +3317,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Page Select %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_page_flag, tvb, foffset, 4, FALSE); @@ -2845,7 +3335,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } if (identifier_type == 1) { - foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL); } if (identifier_type == 2) { @@ -2863,7 +3353,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } if (identifier_type == 1) { - foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL); } if (identifier_type == 2) { @@ -2882,12 +3372,16 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } else { - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_page_flag, tvb, foffset, 4, FALSE); @@ -2902,7 +3396,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } if (identifier_type == 1) { - foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, atree, foffset, NULL); } if (identifier_type == 2) { @@ -2926,10 +3420,12 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); } else { - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); foffset = name_or_id(tvb, ndps_tree, foffset); } break; @@ -3025,6 +3521,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Page Information %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_page_order, tvb, foffset, 4, FALSE); @@ -3052,32 +3552,44 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Category %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); } number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_num_values, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Value %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); proto_item_set_end(aitem, tvb, foffset); } break; @@ -3106,16 +3618,16 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) break; case 87: /* Finishing */ case 88: /* Print Contained Object ID */ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, 4, FALSE); foffset += 4; break; case 89: /* Print Config Object ID */ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); foffset = qualifiedname(tvb, ndps_tree, foffset); break; case 90: /* Typed Name */ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_level, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_interval, tvb, foffset, 4, FALSE); @@ -3187,6 +3699,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Name %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = qualifiedname(tvb, atree, foffset); @@ -3210,6 +3726,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Colorant %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = name_or_id(tvb, atree, foffset); @@ -3223,18 +3743,22 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Printer %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_printer_type, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_printer_manuf, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_type, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_printer_manuf, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; break; case 100: /* Event Object ID */ - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); foffset = objectidentifier(tvb, ndps_tree, foffset); proto_tree_add_item(ndps_tree, hf_ndps_event_type, tvb, foffset, 4, FALSE); foffset += 4; @@ -3271,9 +3795,13 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Object %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -3284,6 +3812,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_octet_string, tvb, foffset, length, FALSE); } foffset += length; @@ -3292,16 +3821,20 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_octet_string, tvb, foffset, length, FALSE); } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); break; case 107: /* Octet String Integer Pair */ length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_octet_string, tvb, foffset, length, FALSE); } foffset += length; @@ -3321,6 +3854,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_octet_string, tvb, foffset, length, FALSE); } foffset += length; @@ -3336,20 +3870,23 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) case 0: /*MHS ADDR*/ case 1: /*DISTINGUISHED_NAME*/ case 2: /*TEXT*/ - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); break; case 3: /*OCTET_STRING*/ length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_octet_string, tvb, foffset, length, FALSE); } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); break; case 4: /*DIST_NAME_STRING*/ - foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, ndps_tree, foffset, NULL); foffset = name_or_id(tvb, ndps_tree, foffset); break; case 5: /*RPC_ADDRESS*/ @@ -3365,9 +3902,13 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Event %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_object_name, atree, foffset, NULL); foffset = objectidentifier(tvb, atree, foffset); proto_tree_add_item(atree, hf_ndps_event_type, tvb, foffset, 4, FALSE); foffset += 4; @@ -3380,6 +3921,10 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Object %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = objectidentifier(tvb, atree, foffset); @@ -3391,7 +3936,7 @@ attribute_value(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) foffset += 4; proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); break; default: break; @@ -3412,11 +3957,15 @@ commonarguments(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Common Arguments"); atree = proto_item_add_subtree(aitem, ett_ndps); - number_of_items = tvb_get_ntohl(tvb, foffset); + number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(atree, hf_ndps_num_args, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Argument %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, atree, foffset); @@ -3434,33 +3983,33 @@ res_add_input_data(tvbuff_t* tvb, proto_tree *ndps_tree, int foffset) resource_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_res_type, tvb, foffset, 4, resource_type); foffset += 4; - switch (resource_type) + switch (resource_type) { case 0: /* Print Drivers */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL); break; case 1: /* Printer Definitions */ - foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL); break; case 2: /* Banner Page Files */ - foffset = ndps_string(tvb, hf_ndps_banner_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_banner_name, ndps_tree, foffset, NULL); break; case 3: /* Font Types */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_font_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL); break; case 4: /* Generic Files/ Archive */ case 5: /* Printer Driver Archive */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_archive_type, tvb, foffset, 4, FALSE); foffset += 4; break; @@ -3487,11 +4036,11 @@ static const fragment_items ndps_frag_items = { static dissector_handle_t ndps_data_handle; -/* NDPS packets come in request/reply pairs. The request packets tell the +/* NDPS packets come in request/reply pairs. The request packets tell the * Function and Program numbers. The response, unfortunately, only * identifies itself via the Exchange ID; you have to know what type of NDPS - * request the request packet contained in order to successfully parse the - * response. A global method for doing this does not exist in ethereal yet + * request the request packet contained in order to successfully parse the + * response. A global method for doing this does not exist in wireshark yet * (NFS also requires it), so for now the NDPS section will keep its own hash * table keeping track of NDPS packets. * @@ -3520,11 +4069,9 @@ typedef struct { } ndps_req_hash_value; static GHashTable *ndps_req_hash = NULL; -static GMemChunk *ndps_req_hash_keys = NULL; -static GMemChunk *ndps_req_hash_values = NULL; /* Hash Functions */ -gint +static gint ndps_equal(gconstpointer v, gconstpointer v2) { const ndps_req_hash_key *val1 = (const ndps_req_hash_key*)v; @@ -3537,7 +4084,7 @@ ndps_equal(gconstpointer v, gconstpointer v2) return 0; } -guint +static guint ndps_hash(gconstpointer v) { const ndps_req_hash_key *ndps_key = (const ndps_req_hash_key*)v; @@ -3545,7 +4092,7 @@ ndps_hash(gconstpointer v) } /* Initializes the hash table and the mem_chunk area each time a new - * file is loaded or re-loaded in ethereal */ + * file is loaded or re-loaded in wireshark */ static void ndps_init_protocol(void) { @@ -3555,20 +4102,8 @@ ndps_init_protocol(void) if (ndps_req_hash) g_hash_table_destroy(ndps_req_hash); - if (ndps_req_hash_keys) - g_mem_chunk_destroy(ndps_req_hash_keys); - if (ndps_req_hash_values) - g_mem_chunk_destroy(ndps_req_hash_values); ndps_req_hash = g_hash_table_new(ndps_hash, ndps_equal); - ndps_req_hash_keys = g_mem_chunk_new("ndps_req_hash_keys", - sizeof(ndps_req_hash_key), - NDPS_PACKET_INIT_COUNT * sizeof(ndps_req_hash_key), - G_ALLOC_ONLY); - ndps_req_hash_values = g_mem_chunk_new("ndps_req_hash_values", - sizeof(ndps_req_hash_value), - NDPS_PACKET_INIT_COUNT * sizeof(ndps_req_hash_value), - G_ALLOC_ONLY); } /* After the sequential run, we don't need the ncp_request hash and keys @@ -3582,15 +4117,11 @@ ndps_postseq_cleanup(void) g_hash_table_destroy(ndps_req_hash); ndps_req_hash = NULL; } - if (ndps_req_hash_keys) { - g_mem_chunk_destroy(ndps_req_hash_keys); - ndps_req_hash_keys = NULL; - } /* Don't free the ncp_req_hash_values, as they're * needed during random-access processing of the proto_tree.*/ } -ndps_req_hash_value* +static ndps_req_hash_value* ndps_hash_insert(conversation_t *conversation, guint32 ndps_xport) { ndps_req_hash_key *request_key; @@ -3598,24 +4129,24 @@ ndps_hash_insert(conversation_t *conversation, guint32 ndps_xport) /* Now remember the request, so we can find it if we later a reply to it. */ - request_key = g_mem_chunk_alloc(ndps_req_hash_keys); + request_key = se_alloc(sizeof(ndps_req_hash_key)); request_key->conversation = conversation; request_key->ndps_xport = ndps_xport; - request_value = g_mem_chunk_alloc(ndps_req_hash_values); + request_value = se_alloc(sizeof(ndps_req_hash_value)); request_value->ndps_prog = 0; request_value->ndps_func = 0; request_value->ndps_frame_num = 0; request_value->ndps_frag = FALSE; request_value->ndps_end_frag = 0; - + g_hash_table_insert(ndps_req_hash, request_key, request_value); return request_value; } /* Returns the ncp_rec*, or NULL if not found. */ -ndps_req_hash_value* +static ndps_req_hash_value* ndps_hash_lookup(conversation_t *conversation, guint32 ndps_xport) { ndps_req_hash_key request_key; @@ -3738,7 +4269,7 @@ dissect_ndps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree) if(ndps_hfname != 0) { proto_tree_add_item(ndps_tree, ndps_hfname, tvb, foffset, 4, FALSE); - if (ndps_func_string != NULL) + if (ndps_func_string != NULL) { if (check_col(pinfo->cinfo, COL_INFO)) col_append_str(pinfo->cinfo, COL_INFO, (const gchar*) ndps_func_string); @@ -3754,7 +4285,7 @@ dissect_ndps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree) } static guint -get_ndps_pdu_len(tvbuff_t *tvb, int offset) +get_ndps_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) { return tvb_get_ntohs(tvb, offset +2) + 4; } @@ -3770,7 +4301,7 @@ dissect_ndps_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); - + if (tree) { ti = proto_tree_add_item(tree, proto_ndps, tvb, 0, -1, FALSE); ndps_tree = proto_item_add_subtree(ti, ett_ndps); @@ -3779,14 +4310,14 @@ dissect_ndps_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } /* - * Defrag logic + * Defrag logic * - * SPX EOM not being set indicates we are inside or at the - * beginning of a fragment. But when the end of the fragment + * SPX EOM not being set indicates we are inside or at the + * beginning of a fragment. But when the end of the fragment * is encounterd the flag is set. So we must mark what the * frame number is of the end fragment so that we will be * able to redissect if the user clicks on the packet - * or resorts/filters the trace. + * or resorts/filters the trace. * * Once we are certain that we are in a fragment sequence * then we can just process each fragment in this conversation @@ -3796,7 +4327,7 @@ dissect_ndps_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * We will be able to easily determine if a conversation is a fragment * with the exception of the last packet in the fragment. So remember * the last fragment packet number. - */ + */ static void ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { @@ -3815,23 +4346,23 @@ ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) return; } /* Has this already been dissected? */ - if (!pinfo->fd->flags.visited) + if (!pinfo->fd->flags.visited) { /* Lets see if this is a new conversation */ - conversation = find_conversation(&pinfo->src, &pinfo->dst, + conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->srcport, 0); - - if (conversation == NULL) + + if (conversation == NULL) { /* It's not part of any conversation - create a new one. */ - conversation = conversation_new(&pinfo->src, &pinfo->dst, + conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->srcport, 0); /* Create new request value hash */ request_value = ndps_hash_insert(conversation, (guint32) pinfo->srcport); } /* So now we need to get the request info for this conversation */ request_value = ndps_hash_lookup(conversation, (guint32) pinfo->srcport); - if (request_value == NULL) + if (request_value == NULL) { /* We haven't seen a packet with this conversation yet so create one. */ request_value = ndps_hash_insert(conversation, (guint32) pinfo->srcport); @@ -3844,14 +4375,20 @@ ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* Get request value data */ request_value = p_get_proto_data(pinfo->fd, proto_ndps); } + if (!request_value) + { + /* Can't find the original request packet so this is not any fragment packet */ + dissect_ndps(tvb, pinfo, tree); + return; + } /* Check to see of this is a fragment. If so then mark as a fragment. */ if (!spx_info->eom) { request_value->ndps_frag = TRUE; } /* Now we process the fragments */ - if (request_value->ndps_frag || (request_value->ndps_end_frag == pinfo->fd->num)) + if (request_value->ndps_frag || (request_value->ndps_end_frag == pinfo->fd->num)) { - /* + /* * Fragment */ tid = (pinfo->srcport+pinfo->destport); @@ -3859,11 +4396,13 @@ ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (tvb_bytes_exist(tvb, 0, len)) { fd_head = fragment_add_seq_next(tvb, 0, pinfo, tid, ndps_fragment_table, ndps_reassembled_table, len, !spx_info->eom); - if (fd_head != NULL) + if (fd_head != NULL) { /* Is this the last fragment? EOM will indicate */ - if (fd_head->next != NULL && spx_info->eom) + if (fd_head->next != NULL && spx_info->eom) { + proto_item *frag_tree_item; + next_tvb = tvb_new_real_data(fd_head->data, fd_head->len, fd_head->len); tvb_set_child_real_data_tvbuff(tvb, @@ -3872,19 +4411,19 @@ ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) next_tvb, "Reassembled NDPS"); /* Show all fragments. */ - if (tree) + if (tree) { show_fragment_seq_tree(fd_head, &ndps_frag_items, tree, pinfo, - next_tvb); + next_tvb, &frag_tree_item); tid++; } /* Remember this fragment number so we can dissect again */ request_value->ndps_end_frag = pinfo->fd->num; - } - else + } + else { /* This is either a beggining or middle fragment on second dissection */ next_tvb = tvb_new_subset(tvb, 0, -1, -1); @@ -3897,7 +4436,7 @@ ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } } } - else + else { /* Fragment from first pass of dissection */ if (check_col(pinfo->cinfo, COL_INFO)) @@ -3910,7 +4449,7 @@ ndps_defrag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) next_tvb = NULL; } } - else + else { /* * There are no bytes so Dissect this @@ -3959,7 +4498,7 @@ dissect_ndps_ipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); - + if (tree) { ti = proto_tree_add_item(tree, proto_ndps, tvb, 0, -1, FALSE); ndps_tree = proto_item_add_subtree(ti, ett_ndps); @@ -4004,7 +4543,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_tree *dtree; proto_item *ditem; - if (!pinfo->fd->flags.visited) + if (!pinfo->fd->flags.visited) { /* This is the first time we've looked at this packet. Keep track of the Program and connection whence the request @@ -4014,14 +4553,14 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g to have all packets over the same connection treated as being part of a single conversation so that we can let the user select that conversation to be displayed.) */ - - conversation = find_conversation(&pinfo->src, &pinfo->dst, + + conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->srcport, 0); - if (conversation == NULL) + if (conversation == NULL) { /* It's not part of any conversation - create a new one. */ - conversation = conversation_new(&pinfo->src, &pinfo->dst, + conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, (guint32) pinfo->srcport, (guint32) pinfo->srcport, 0); } @@ -4047,10 +4586,14 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Security %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); - if (length!=0) + if (length==4) { proto_tree_add_uint(atree, hf_bind_security, tvb, foffset, 4, length); } @@ -4060,7 +4603,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset = qualifiedname(tvb, ndps_tree, foffset); break; case 0x00000003: /* Unbind */ - proto_tree_add_item(ndps_tree, hf_ndps_object, tvb, foffset, + proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); break; case 0x00000004: /* Print */ @@ -4069,10 +4612,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g print_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_print_arg, tvb, foffset, 4, print_type); foffset += 4; - switch (print_type) + switch (print_type) { case 0: /* Create Job */ - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_sub_complete, tvb, foffset, 4, FALSE); foffset += 4; aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Transfer Method"); @@ -4082,6 +4625,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); @@ -4090,6 +4637,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Value %u", j); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = attribute_value(tvb, ctree, foffset); @@ -4107,6 +4658,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Type %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); @@ -4121,6 +4676,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Value %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); if (doc_content==0) @@ -4134,16 +4693,18 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_tree_add_item(btree, hf_ndps_data, tvb, foffset, -1, FALSE); return; } - if (length!=0) + if (length==4) { proto_tree_add_item(btree, hf_ndps_included_doc, tvb, foffset, length, FALSE); } foffset += length; foffset += (length%2); + if ((int) foffset <= 0) + THROW(ReportedBoundsError); } else { - foffset = ndps_string(tvb, hf_ndps_ref_name, btree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_ref_name, btree, foffset, NULL); foffset = name_or_id(tvb, btree, foffset); } proto_item_set_end(bitem, tvb, foffset); @@ -4160,6 +4721,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); @@ -4168,6 +4733,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Value %u", j); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = attribute_value(tvb, ctree, foffset); @@ -4185,6 +4754,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Document Attributes */ @@ -4192,7 +4765,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g } break; case 1: /* Add Job */ - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_sub_complete, tvb, foffset, 4, FALSE); @@ -4204,6 +4777,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Method %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); /* Transfer Method */ @@ -4219,6 +4796,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Type %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); /* Document Type */ @@ -4233,6 +4814,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Document Attributes */ @@ -4241,7 +4826,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_item_set_end(aitem, tvb, foffset); break; case 2: /* Close Job */ - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; break; @@ -4252,7 +4837,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g case 0x00000005: /* Modify Job */ proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_ndps_document_number, tvb, foffset, 4, FALSE); @@ -4264,6 +4849,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Modification %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Job Modifications */ @@ -4277,6 +4866,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Modification %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Document Modifications */ @@ -4287,7 +4880,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g case 0x00000006: /* Cancel Job */ proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_ndps_document_number, tvb, foffset, 4, FALSE); @@ -4323,6 +4916,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_context, tvb, foffset, length, FALSE); } foffset += length; @@ -4334,6 +4928,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Attribute %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = attribute_value(tvb, atree, foffset); @@ -4360,6 +4958,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Option %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentification(tvb, btree, foffset); @@ -4370,7 +4972,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g filter_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_filter, tvb, foffset, 4, filter_type); foffset += 4; - /*if (filter_type == 0 || filter_type == 3 ) + /*if (filter_type == 0 || filter_type == 3 ) { foffset = filteritem(tvb, ndps_tree, foffset); } @@ -4383,6 +4985,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } foffset = filteritem(tvb, ndps_tree, foffset); } proto_item_set_end(aitem, tvb, foffset); @@ -4400,13 +5006,17 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); proto_item_set_end(bitem, tvb, foffset); } proto_item_set_end(aitem, tvb, foffset); /* End of NWDPObjectIdentifierSet */ - if (number_of_items == 0) + if (number_of_items == 0) { break; } @@ -4421,7 +5031,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job ID"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4445,7 +5055,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job ID"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4453,7 +5063,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g } else { - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); } /* Start of nameorid */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Interrupt Message Option"); @@ -4464,7 +5074,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Interrupting Job"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4482,7 +5092,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job ID"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4490,7 +5100,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g } else { - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); } /* Start of nameorid */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Pause Message Option"); @@ -4506,7 +5116,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job ID"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4555,6 +5165,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Object Attribute Set */ @@ -4613,10 +5227,14 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } /* Start of NWDPPrtContainedObjectId */ bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Job ID"); btree = proto_item_add_subtree(bitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, btree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, btree, foffset, NULL); proto_tree_add_item(btree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(bitem, tvb, foffset); @@ -4631,6 +5249,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Attribute %u", j); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = attribute_value(tvb, ctree, foffset); /* Object Attribute Set */ @@ -4646,6 +5268,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Attribute %u", j); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = attribute_value(tvb, ctree, foffset); /* Object Attribute Set */ @@ -4681,6 +5307,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Modification %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Object Attribute Set */ @@ -4696,7 +5326,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; proto_tree_add_item(ndps_tree, hf_shutdown_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); /* Start of NameorID */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Shutdown Message Option"); atree = proto_item_add_subtree(aitem, ett_ndps); @@ -4707,7 +5337,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g case 0x00000014: /* Startup PA */ proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); /* Start of NameorID */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Startup Message Option"); atree = proto_item_add_subtree(aitem, ett_ndps); @@ -4722,7 +5352,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job Identification"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4730,7 +5360,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Reference Job ID"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -4786,7 +5416,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_tree_add_item(ndps_tree, hf_ndps_persistence, tvb, foffset, 4, FALSE); foffset += 4; foffset = qualifiedname(tvb, ndps_tree, foffset); - foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_ndps_language_id, tvb, foffset, 4, FALSE); foffset += 4; /* Start of NameorID */ @@ -4803,6 +5433,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Address %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = address_item(tvb, btree, foffset); @@ -4832,10 +5466,11 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } + tvb_ensure_bytes_exist(tvb, foffset, length); foffset += length; proto_item_set_end(aitem, tvb, foffset); } @@ -4908,7 +5543,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g integer_type_flag = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_integer_type_flag, tvb, foffset, 4, integer_type_flag); foffset += 4; - if (integer_type_flag!=0) + if (integer_type_flag!=0) { proto_tree_add_item(ndps_tree, hf_ndps_integer_type_value, tvb, foffset, 4, FALSE); foffset += 4; @@ -4922,6 +5557,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_context, tvb, foffset, length, FALSE); } foffset += length; @@ -4946,7 +5582,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; proto_tree_add_item(ndps_tree, hf_ndps_ds_info_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_printer_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_printer_name, ndps_tree, foffset, NULL); aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "DS Object Name"); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = qualifiedname(tvb, atree, foffset); @@ -4968,6 +5604,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_guid, tvb, foffset, length, FALSE); } foffset += length; @@ -4984,7 +5621,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g atree = proto_item_add_subtree(aitem, ett_ndps); foffset = qualifiedname(tvb, atree, foffset); proto_item_set_end(aitem, tvb, foffset); - foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_ndps_language_id, tvb, foffset, 4, FALSE); foffset += 4; /* Start of NameorID */ @@ -5001,6 +5638,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Address %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = address_item(tvb, btree, foffset); @@ -5020,6 +5661,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); @@ -5033,7 +5678,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; proto_tree_add_item(ndps_tree, hf_notify_lease_exp_time, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_notify_printer_uri, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_notify_printer_uri, ndps_tree, foffset, NULL); /* End of Eventhandling2 */ break; case 0x00000024: /* ListEventProfiles2 */ @@ -5076,7 +5721,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g integer_type_flag = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_integer_type_flag, tvb, foffset, 4, integer_type_flag); foffset += 4; - if (integer_type_flag!=0) + if (integer_type_flag!=0) { proto_tree_add_item(ndps_tree, hf_ndps_integer_type_value, tvb, foffset, 4, FALSE); foffset += 4; @@ -5090,6 +5735,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_context, tvb, foffset, length, FALSE); } foffset += length; @@ -5114,11 +5760,15 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Security %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_bind_security, tvb, foffset, length, FALSE); } @@ -5141,10 +5791,15 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(atree, hf_ndps_item_bytes, tvb, foffset, length, FALSE); } foffset += length; @@ -5174,11 +5829,15 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Security %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_bind_security, tvb, foffset, length, FALSE); } @@ -5197,7 +5856,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* NoOp */ break; case 0x00000005: /* Register Registry */ - foffset = ndps_string(tvb, hf_ndps_registry_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_registry_name, ndps_tree, foffset, NULL); foffset = print_address(tvb, ndps_tree, foffset); break; case 0x00000007: /* Registry Update */ @@ -5208,6 +5867,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Entry %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = server_entry(tvb, btree, foffset); @@ -5221,6 +5884,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Entry %u", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = server_entry(tvb, btree, foffset); @@ -5234,13 +5901,13 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g local_servers_type = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_list_local_servers_type, tvb, foffset, 4, local_servers_type); foffset += 4; - if (local_servers_type==0) + if (local_servers_type==0) { /* Start of integeroption */ integer_type_flag = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_integer_type_flag, tvb, foffset, 4, integer_type_flag); foffset += 4; - if (integer_type_flag!=0) + if (integer_type_flag!=0) { proto_tree_add_item(ndps_tree, hf_ndps_integer_type_value, tvb, foffset, 4, FALSE); foffset += 4; @@ -5254,6 +5921,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_context, tvb, foffset, length, FALSE); } foffset += length; @@ -5277,11 +5945,15 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Security %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_bind_security, tvb, foffset, length, FALSE); } @@ -5295,13 +5967,17 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* NoOp */ break; case 0x00000003: /* Register Supplier */ - foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL); /* Start of QualifiedName Set*/ number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Supplier Alias %u", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = qualifiedname(tvb, atree, foffset); @@ -5331,7 +6007,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_item_set_end(aitem, tvb, foffset); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -5351,6 +6027,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Address %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = address_item(tvb, btree, foffset); @@ -5380,10 +6060,11 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } + tvb_ensure_bytes_exist(tvb, foffset, length); foffset += length; proto_item_set_end(aitem, tvb, foffset); } @@ -5456,7 +6137,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g integer_type_flag = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_integer_type_flag, tvb, foffset, 4, integer_type_flag); foffset += 4; - if (integer_type_flag!=0) + if (integer_type_flag!=0) { proto_tree_add_item(ndps_tree, hf_ndps_integer_type_value, tvb, foffset, 4, FALSE); foffset += 4; @@ -5470,6 +6151,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_context, tvb, foffset, length, FALSE); } foffset += length; @@ -5489,6 +6171,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Item %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); /* Start of ReportEventItem */ @@ -5525,6 +6211,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g ctree = proto_item_add_subtree(citem, ett_ndps); for (j = 1 ; j <= number_of_items; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(ctree, tvb, foffset, -1, "[Truncated]"); + break; + } ditem = proto_tree_add_text(ctree, tvb, foffset, -1, "Modification %d", j); dtree = proto_item_add_subtree(ditem, ett_ndps); foffset = attribute_value(tvb, dtree, foffset); /* Object Attribute Set */ @@ -5532,7 +6222,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g } proto_item_set_end(citem, tvb, foffset); /* End of AttributeSet */ - foffset = ndps_string(tvb, hf_ndps_message, btree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_message, btree, foffset, NULL); proto_tree_add_item(btree, hf_time, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(bitem, tvb, foffset); @@ -5548,6 +6238,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Destination %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); /* Start of Destination */ @@ -5566,7 +6260,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g /* End of Destination */ } /* End of DestinationSet */ - foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_supplier_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_ndps_event_type, tvb, foffset, 4, FALSE); foffset += 4; aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Containing Class"); @@ -5601,14 +6295,18 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); - foffset = attribute_value(tvb, btree, foffset); + foffset = attribute_value(tvb, btree, foffset); proto_item_set_end(bitem, tvb, foffset); } proto_item_set_end(aitem, tvb, foffset); /* End of AttributeSet */ - foffset = ndps_string(tvb, hf_ndps_message, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_message, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_time, tvb, foffset, 4, FALSE); foffset += 4; aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Account"); @@ -5617,7 +6315,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_item_set_end(aitem, tvb, foffset); break; case 0x0000000c: /* Add Delivery Method */ - foffset = ndps_string(tvb, hf_ndps_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_file_name, ndps_tree, foffset, NULL); break; case 0x0000000d: /* Remove Delivery Method */ /* Start of NameorID */ @@ -5638,7 +6336,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g integer_type_flag = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_integer_type_flag, tvb, foffset, 4, integer_type_flag); foffset += 4; - if (integer_type_flag!=0) + if (integer_type_flag!=0) { proto_tree_add_item(ndps_tree, hf_ndps_integer_type_value, tvb, foffset, 4, FALSE); foffset += 4; @@ -5653,6 +6351,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_context, tvb, foffset, length, FALSE); } foffset += length; @@ -5690,11 +6389,15 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Security %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(atree, hf_bind_security, tvb, foffset, length, FALSE); } @@ -5719,6 +6422,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length=tvb_get_ntohl(tvb, foffset); @@ -5743,7 +6450,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_tree_add_item(ndps_tree, hf_ndps_resource_list_type, tvb, foffset, 4, FALSE); resource_type = tvb_get_ntohl(tvb, foffset); foffset += 4; - switch (resource_type) + switch (resource_type) { case 0: /* Print Drivers */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); @@ -5751,7 +6458,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g break; case 1: /* Printer Definitions */ case 2: /* Printer Definitions Short */ - foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL); break; case 3: /* Banner Page Files */ proto_tree_add_item(ndps_tree, hf_banner_type, tvb, foffset, 4, FALSE); @@ -5768,20 +6475,20 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g case 9: /* Generic Files */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_printer_type, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_printer_manuf, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_inf_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_type, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_printer_manuf, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, ndps_tree, foffset, NULL); field_len = tvb_get_ntohl(tvb, foffset); foffset += 4; proto_tree_add_item(ndps_tree, hf_printer_id, tvb, foffset, field_len, FALSE); break; case 6: /* Printer Definition File */ case 10: /* Printer Definition File 2 */ - foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_printer_type, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_printer_manuf, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_inf_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_type, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_printer_manuf, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, ndps_tree, foffset, NULL); field_len = tvb_get_ntohl(tvb, foffset); foffset += 4; proto_tree_add_item(ndps_tree, hf_printer_id, tvb, foffset, field_len, FALSE); @@ -5791,14 +6498,14 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; proto_tree_add_item(ndps_tree, hf_font_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_font_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_font_name, ndps_tree, foffset, NULL); break; case 8: /* Generic Type */ case 11: /* Printer Driver Types 2 */ case 13: /* Printer Driver Types Archive */ - foffset = ndps_string(tvb, hf_ndps_printer_manuf, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_printer_type, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_inf_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_manuf, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_printer_type, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, ndps_tree, foffset, NULL); break; case 14: /* Languages Available */ break; @@ -5812,33 +6519,33 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g proto_tree_add_item(ndps_tree, hf_res_type, tvb, foffset, 4, FALSE); resource_type = tvb_get_ntohl(tvb, foffset); foffset += 4; - switch (resource_type) + switch (resource_type) { case 0: /* Print Drivers */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL); break; case 1: /* Printer Definitions */ - foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_vendor_dir, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL); break; case 2: /* Banner Page Files */ - foffset = ndps_string(tvb, hf_ndps_banner_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_banner_name, ndps_tree, foffset, NULL); break; case 3: /* Font Types */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(ndps_tree, hf_font_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, ndps_tree, foffset, NULL); break; case 4: /* Generic Files/ Archive */ case 5: /* Printer Driver Archive */ proto_tree_add_item(ndps_tree, hf_os_type, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_archive_type, tvb, foffset, 4, FALSE); foffset += 4; break; @@ -5874,6 +6581,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_session, tvb, foffset, 4, FALSE); @@ -5882,7 +6593,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g btree = proto_item_add_subtree(bitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(btree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -5914,7 +6625,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentifier(tvb, btree, foffset); foffset = attribute_value(tvb, atree, foffset); - foffset = ndps_string(tvb, hf_ndps_message, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_message, atree, foffset, NULL); proto_tree_add_item(atree, hf_time, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(bitem, tvb, foffset); @@ -5931,6 +6642,10 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Object %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_session, tvb, foffset, 4, FALSE); @@ -5939,7 +6654,7 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g btree = proto_item_add_subtree(bitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(btree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -5979,11 +6694,15 @@ dissect_ndps_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, g btree = proto_item_add_subtree(bitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { - foffset = attribute_value(tvb, btree, foffset); + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } + foffset = attribute_value(tvb, btree, foffset); } proto_item_set_end(bitem, tvb, foffset); /* End of AttributeSet */ - foffset = ndps_string(tvb, hf_ndps_message, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_message, atree, foffset, NULL); proto_tree_add_item(atree, hf_time, tvb, foffset, 4, FALSE); foffset += 4; bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Account"); @@ -6018,7 +6737,8 @@ ndps_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset ndps_problem_type = tvb_get_ntohl(tvb, foffset); if (check_col(pinfo->cinfo, COL_INFO)) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - proto_tree_add_uint(ndps_tree, hf_ndps_problem_type, tvb, foffset, 4, ndps_problem_type); + expert_item = proto_tree_add_uint(ndps_tree, hf_ndps_problem_type, tvb, foffset, 4, ndps_problem_type); + expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "Fault: %s", val_to_str(ndps_problem_type, error_type_enum, "Unknown NDPS Error (0x%08x)")); foffset += 4; switch(ndps_problem_type) { @@ -6072,6 +6792,7 @@ ndps_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset foffset += 4; proto_tree_add_item(ndps_tree, hf_ndps_other_error_2, tvb, foffset, 4, FALSE); foffset += 4; + foffset = ndps_string(tvb, hf_ndps_other_error_string, ndps_tree, foffset, NULL); break; case 2: /* Access Error */ proto_tree_add_item(ndps_tree, hf_problem_type, tvb, foffset, 4, FALSE); @@ -6151,11 +6872,15 @@ ndps_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset foffset = objectidentification(tvb, ndps_tree, foffset); break; case 6: /* Attribute Error */ - number_of_items = tvb_get_ntohl(tvb, foffset); + number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_num_attributes, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_problem_type, tvb, foffset, 4, FALSE); @@ -6206,11 +6931,15 @@ ndps_error(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset static int return_code(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset) { - proto_tree_add_item(ndps_tree, hf_ndps_return_code, tvb, foffset, 4, FALSE); + expert_status = tvb_get_ntohl(tvb, foffset); + expert_item = proto_tree_add_item(ndps_tree, hf_ndps_return_code, tvb, foffset, 4, FALSE); + if (expert_status != 0) { + expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "Fault: %s", val_to_str(expert_status, ndps_error_types, "Unknown NDPS Error (0x%08x)")); + } foffset += 4; if (check_col(pinfo->cinfo, COL_INFO) && tvb_get_ntohl(tvb, foffset-4) != 0) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - if (tvb_get_ntohl(tvb, foffset-4) == 0) + if (tvb_get_ntohl(tvb, foffset-4) == 0) { return foffset; } @@ -6244,10 +6973,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int guint32 error_val=0; guint32 resource_type=0; gint length_remaining; - + if (!pinfo->fd->flags.visited) { /* Find the conversation whence the request would have come. */ - conversation = find_conversation(&pinfo->src, &pinfo->dst, + conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, PT_NCP, (guint32) pinfo->destport, (guint32) pinfo->destport, 0); if (conversation != NULL) { /* find the record telling us the request made that caused @@ -6263,7 +6992,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int if (request_value) { ndps_prog = request_value->ndps_prog; ndps_func = request_value->ndps_func; - proto_tree_add_uint_format(ndps_tree, hf_ndps_reqframe, tvb, 0, + proto_tree_add_uint_format(ndps_tree, hf_ndps_reqframe, tvb, 0, 0, request_value->ndps_frame_num, "Response to Request in Frame Number: %u", request_value->ndps_frame_num); @@ -6278,7 +7007,11 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int } if(ndps_func == 1 || ndps_func == 2) { - proto_tree_add_item(ndps_tree, hf_ndps_rpc_acc_stat, tvb, foffset, 4, FALSE); + expert_item = proto_tree_add_item(ndps_tree, hf_ndps_rpc_acc_stat, tvb, foffset, 4, FALSE); + expert_status = tvb_get_ntohl(tvb, foffset); + if (expert_status != 0) { + expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "Fault: %s", val_to_str(expert_status, accept_stat, "Unknown NDPS Error (0x%08x)")); + } foffset += 4; if (tvb_length_remaining(tvb,foffset) < 4 ) { if (check_col(pinfo->cinfo, COL_INFO)) @@ -6297,9 +7030,11 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_tree_add_uint(ndps_tree, hf_ndps_error_val, tvb, foffset, 4, error_val); foffset += 4; /* Some functions return an error with no data, 0 is ok */ - if (match_strval(tvb_get_ntohl(tvb, foffset), ndps_error_types) && tvb_length_remaining(tvb,foffset) < 8 && (tvb_get_ntohl(tvb, foffset)!=0)) + if (match_strval(tvb_get_ntohl(tvb, foffset), ndps_error_types) && tvb_length_remaining(tvb,foffset) < 8 && (tvb_get_ntohl(tvb, foffset)!=0)) { - proto_tree_add_item(ndps_tree, hf_ndps_return_code, tvb, foffset, 4, FALSE); + expert_status = tvb_get_ntohl(tvb, foffset); + expert_item = proto_tree_add_item(ndps_tree, hf_ndps_return_code, tvb, foffset, 4, FALSE); + expert_add_info_format(pinfo, expert_item, PI_RESPONSE_CODE, PI_ERROR, "Fault: %s", val_to_str(expert_status, ndps_error_types, "Unknown NDPS Error (0x%08x)")); if (check_col(pinfo->cinfo, COL_INFO)) col_append_str(pinfo->cinfo, COL_INFO, "- Error"); return; @@ -6312,7 +7047,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int switch(ndps_func) { case 0x00000001: /* Bind PSM */ - proto_tree_add_item(ndps_tree, hf_ndps_oid, tvb, foffset, 4, FALSE); + proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); foffset += 4; if(error_val != 0) { @@ -6330,7 +7065,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_item_set_end(aitem, tvb, foffset); break; case 0x00000002: /* Bind PA */ - proto_tree_add_item(ndps_tree, hf_ndps_oid, tvb, foffset, 4, FALSE); + proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); foffset += 4; if(error_val != 0) { @@ -6342,12 +7077,12 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_tree_add_item(ndps_tree, hf_ndps_session, tvb, foffset, 4, FALSE); foffset += 4; } - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); break; case 0x00000003: /* Unbind */ break; case 0x00000004: /* Print */ - foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ndps_tree, foffset, NULL); proto_tree_add_item(ndps_tree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; if(error_val != 0) @@ -6368,6 +7103,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Object Attribute Set */ @@ -6391,6 +7130,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Option %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); length=tvb_get_ntohl(tvb, foffset); @@ -6420,6 +7163,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Result %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = objectidentification(tvb, btree, foffset); @@ -6428,6 +7175,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Attribute %d", j); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = objectidentifier(tvb, ctree, foffset); @@ -6437,6 +7188,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (k = 1 ; k <= number_of_items3; k++ ) { + if (k > NDPS_MAX_ITEMS) { + proto_tree_add_text(ctree, tvb, foffset, -1, "[Truncated]"); + break; + } ditem = proto_tree_add_text(ctree, tvb, foffset, -1, "Value %d", k); dtree = proto_item_add_subtree(ditem, ett_ndps); foffset = attribute_value(tvb, dtree, foffset); @@ -6462,7 +7217,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int /* Start of NWDPPrtContainedObjectId */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Job ID"); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -6475,6 +7230,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Attribute %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Object Attribute Set */ @@ -6515,12 +7274,16 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Job %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); /* Start of NWDPPrtContainedObjectId */ citem = proto_tree_add_text(btree, tvb, foffset, -1, "Old Job"); ctree = proto_item_add_subtree(citem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, ctree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ctree, foffset, NULL); proto_tree_add_item(ctree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(citem, tvb, foffset); @@ -6528,7 +7291,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int /* Start of NWDPPrtContainedObjectId */ citem = proto_tree_add_text(btree, tvb, foffset, -1, "New Job"); ctree = proto_item_add_subtree(citem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_pa_name, ctree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_pa_name, ctree, foffset, NULL); proto_tree_add_item(ctree, hf_local_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(citem, tvb, foffset); @@ -6541,6 +7304,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int ctree = proto_item_add_subtree(citem, ett_ndps); for (j = 1 ; j <= number_of_items2; j++ ) { + if (j > NDPS_MAX_ITEMS) { + proto_tree_add_text(ctree, tvb, foffset, -1, "[Truncated]"); + break; + } ditem = proto_tree_add_text(ctree, tvb, foffset, -1, "Object %d", j); dtree = proto_item_add_subtree(ditem, ett_ndps); foffset = attribute_value(tvb, dtree, foffset); /* Object Attribute Set */ @@ -6566,6 +7333,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Object %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, btree, foffset); /* Object Attribute Set */ @@ -6588,6 +7359,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Object %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = attribute_value(tvb, atree, foffset); /* Object Attribute Set */ @@ -6611,7 +7386,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int case 0x0000001d: /* List Event Profiles */ length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -6626,7 +7401,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset = qualifiedname(tvb, atree, foffset); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -6647,6 +7422,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Address %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = address_item(tvb, btree, foffset); @@ -6659,6 +7438,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_continuation_option, tvb, foffset, length, FALSE); } foffset += length; @@ -6693,6 +7473,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Event %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); /* Start of Eventhandling2 */ @@ -6703,7 +7487,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Consumer Name"); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = qualifiedname(tvb, btree, foffset); - foffset = ndps_string(tvb, hf_ndps_supplier_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_supplier_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_ndps_language_id, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(bitem, tvb, foffset); @@ -6721,6 +7505,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int btree = proto_item_add_subtree(bitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Address %d", i); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = address_item(tvb, ctree, foffset); @@ -6740,6 +7528,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } citem = proto_tree_add_text(btree, tvb, foffset, -1, "Attribute %d", i); ctree = proto_item_add_subtree(citem, ett_ndps); foffset = objectidentifier(tvb, ctree, foffset); @@ -6753,13 +7545,14 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; proto_tree_add_item(atree, hf_notify_lease_exp_time, tvb, foffset, 4, FALSE); foffset += 4; - foffset = ndps_string(tvb, hf_notify_printer_uri, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_notify_printer_uri, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); /* End of Eventhandling2 */ length = tvb_get_ntohl(tvb, foffset); /* Added on 10-17-03 */ foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_continuation_option, tvb, foffset, length, FALSE); } foffset += length; @@ -6784,11 +7577,15 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset = return_code(tvb, pinfo, ndps_tree, foffset); break; case 0x00000003: /* List Services */ - number_of_items = tvb_get_ntohl(tvb, foffset); + number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_num_services, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Service %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_service_type, tvb, foffset, 4, FALSE); @@ -6803,8 +7600,8 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_tree_add_item(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, FALSE); /* XXX - what does this count? */ foffset += 4; - foffset = ndps_string(tvb, hf_ndps_broker_name, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_broker_name, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); foffset = return_code(tvb, pinfo, ndps_tree, foffset); break; case 0x00000008: /* Get Broker Session Information */ @@ -6821,12 +7618,17 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Attribute %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(atree, hf_ndps_attribute_set, tvb, foffset, length, FALSE); } proto_item_set_end(aitem, tvb, foffset); @@ -6844,11 +7646,15 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int break; case 0x00000008: /* List Local Servers */ case 0x00000009: /* List Servers */ - number_of_items = tvb_get_ntohl(tvb, foffset); + number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); foffset = server_entry(tvb, atree, foffset); @@ -6858,27 +7664,33 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_continuation_option, tvb, foffset, length, FALSE); } foffset += length; foffset = return_code(tvb, pinfo, ndps_tree, foffset); break; case 0x0000000a: /* List Known Registries */ - number_of_items = tvb_get_ntohl(tvb, foffset); + number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_item(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, FALSE); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_item(ndps_tree, hf_ndps_client_server_type, tvb, foffset, 4, FALSE); atree = proto_item_add_subtree(aitem, ett_ndps); foffset += 4; - foffset = ndps_string(tvb, hf_ndps_registry_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_registry_name, atree, foffset, NULL); foffset = print_address(tvb, atree, foffset); } length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_continuation_option, tvb, foffset, length, FALSE); } foffset += length; @@ -6911,12 +7723,17 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Attribute %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); length = tvb_get_ntohl(tvb, foffset); foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(atree, hf_ndps_attribute_set, tvb, foffset, length, FALSE); } proto_item_set_end(aitem, tvb, foffset); @@ -6963,7 +7780,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_item_set_end(aitem, tvb, foffset); length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_ndps_attribute_value, tvb, foffset, length, FALSE); } @@ -6983,6 +7800,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Address %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = address_item(tvb, btree, foffset); @@ -6996,6 +7817,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_continuation_option, tvb, foffset, length, FALSE); } foffset += length; @@ -7005,7 +7827,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int /* Start of IntegerSeq */ length = tvb_get_ntohl(tvb, foffset); foffset += 4; - if (length!=0) + if (length==4) { proto_tree_add_item(ndps_tree, hf_ndps_language_id, tvb, foffset, length, FALSE); } @@ -7029,6 +7851,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } /* Start of DeliveryMethod */ aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Method %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); @@ -7039,9 +7865,9 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += align_4(tvb, foffset); proto_item_set_end(bitem, tvb, foffset); /* End of NameorID */ - foffset = ndps_string(tvb, hf_ndps_method_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_method_ver, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_method_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_method_ver, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_file_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_ndps_admin_submit, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -7057,9 +7883,9 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int atree = proto_item_add_subtree(aitem, ett_ndps); foffset = name_or_id(tvb, atree, foffset); /* End of NameorID */ - foffset = ndps_string(tvb, hf_ndps_method_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_method_ver, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_method_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_method_ver, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_file_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_ndps_admin_submit, tvb, foffset, 4, FALSE); foffset += 4; proto_item_set_end(aitem, tvb, foffset); @@ -7071,6 +7897,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Address %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); foffset = address_item(tvb, btree, foffset); @@ -7083,8 +7913,8 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_tree_add_item(ndps_tree, hf_ndps_item_count, tvb, foffset, 4, FALSE); /* XXX - what does this count? */ foffset += 4; - foffset = ndps_string(tvb, hf_ndps_broker_name, ndps_tree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_broker_name, ndps_tree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_tree, ndps_tree, foffset, NULL); foffset = return_code(tvb, pinfo, ndps_tree, foffset); break; case 0x00000011: /* Get Notify Session Information */ @@ -7106,6 +7936,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (length!=0) { + tvb_ensure_bytes_exist(tvb, foffset, length); proto_tree_add_item(ndps_tree, hf_ndps_attribute_set, tvb, foffset, length, FALSE); } break; @@ -7121,7 +7952,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (check_col(pinfo->cinfo, COL_INFO) && tvb_get_ntohl(tvb, foffset-4) != 0) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - if (tvb_get_ntohl(tvb, foffset-4) != 0) + if (tvb_get_ntohl(tvb, foffset-4) != 0) { break; } @@ -7130,7 +7961,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int proto_tree_add_item(ndps_tree, hf_ndps_resource_list_type, tvb, foffset, 4, FALSE); resource_type = tvb_get_ntohl(tvb, foffset); foffset += 4; - switch (resource_type) + switch (resource_type) { case 0: /* Print Drivers */ case 1: /* Printer Definitions */ @@ -7140,23 +7971,27 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Definition %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); if (tvb_get_ntohl(tvb, foffset)==0) { /* Offset for old type support */ foffset += 2; } foffset += 4; /* Item always == 1 */ - foffset = ndps_string(tvb, hf_ndps_printer_manuf, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_manuf, atree, foffset, NULL); if (tvb_get_ntohl(tvb, foffset)==0) { foffset += 2; } foffset += 4; - foffset = ndps_string(tvb, hf_ndps_printer_type, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_type, atree, foffset, NULL); if (tvb_get_ntohl(tvb, foffset)==0) { foffset += 2; } foffset += 4; - foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } break; @@ -7166,9 +8001,13 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Banner %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_banner_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_banner_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } break; @@ -7178,9 +8017,13 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Font %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_font_type_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_font_type_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } break; @@ -7190,9 +8033,13 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Font File %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_font_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_font_file_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } break; @@ -7204,11 +8051,15 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "File %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } break; @@ -7218,11 +8069,15 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Definition %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_inf_file_name, atree, foffset, NULL); proto_item_set_end(aitem, tvb, foffset); } number_of_items = tvb_get_ntohl(tvb, foffset); @@ -7230,9 +8085,13 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Item %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_def_file_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_def_file_name, atree, foffset, NULL); number_of_items2 = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(atree, hf_ndps_num_win31_keys, tvb, foffset, 4, number_of_items2); bitem = proto_tree_add_text(atree, tvb, foffset, 4, "Windows 3.1 Keys"); @@ -7240,7 +8099,11 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items2; i++ ) { - foffset = ndps_string(tvb, hf_ndps_windows_key, btree, foffset, NULL, 0); + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } + foffset = ndps_string(tvb, hf_ndps_windows_key, btree, foffset, NULL); } proto_item_set_end(bitem, tvb, foffset); number_of_items2 = tvb_get_ntohl(tvb, foffset); @@ -7250,19 +8113,27 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items2; i++ ) { - foffset = ndps_string(tvb, hf_ndps_windows_key, btree, foffset, NULL, 0); + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(btree, tvb, foffset, -1, "[Truncated]"); + break; + } + foffset = ndps_string(tvb, hf_ndps_windows_key, btree, foffset, NULL); } proto_item_set_end(bitem, tvb, foffset); proto_item_set_end(aitem, tvb, foffset); } break; case 10: /* Printer Definition File 2 */ - foffset = ndps_string(tvb, hf_ndps_def_file_name, ndps_tree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_def_file_name, ndps_tree, foffset, NULL); number_of_items = tvb_get_ntohl(tvb, foffset); proto_tree_add_uint(ndps_tree, hf_os_count, tvb, foffset, 4, number_of_items); foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "OS %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_os_type, tvb, foffset, 4, FALSE); @@ -7272,9 +8143,13 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items2; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Key %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_windows_key, btree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_windows_key, btree, foffset, NULL); proto_item_set_end(bitem, tvb, foffset); } proto_item_set_end(aitem, tvb, foffset); @@ -7288,12 +8163,16 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Type %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); - foffset = ndps_string(tvb, hf_ndps_printer_manuf, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_printer_type, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_file_name, atree, foffset, NULL, 0); - foffset = ndps_string(tvb, hf_ndps_prn_dir_name, atree, foffset, NULL, 0); + foffset = ndps_string(tvb, hf_ndps_printer_manuf, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_printer_type, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_file_name, atree, foffset, NULL); + foffset = ndps_string(tvb, hf_ndps_prn_dir_name, atree, foffset, NULL); proto_tree_add_item(atree, hf_archive_type, tvb, foffset, 4, FALSE); foffset += 4; proto_tree_add_item(atree, hf_archive_file_size, tvb, foffset, 4, FALSE); @@ -7307,6 +8186,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(ndps_tree, tvb, foffset, -1, "[Truncated]"); + break; + } aitem = proto_tree_add_text(ndps_tree, tvb, foffset, -1, "Language %d", i); atree = proto_item_add_subtree(aitem, ett_ndps); proto_tree_add_item(atree, hf_ndps_language_id, tvb, foffset, 4, FALSE); @@ -7323,7 +8206,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (check_col(pinfo->cinfo, COL_INFO) && tvb_get_ntohl(tvb, foffset-4) != 0) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - if (tvb_get_ntohl(tvb, foffset-4) != 0) + if (tvb_get_ntohl(tvb, foffset-4) != 0) { break; } @@ -7338,7 +8221,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (check_col(pinfo->cinfo, COL_INFO) && tvb_get_ntohl(tvb, foffset-4) != 0) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - if (tvb_get_ntohl(tvb, foffset-4) != 0) + if (tvb_get_ntohl(tvb, foffset-4) != 0) { break; } @@ -7362,7 +8245,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (check_col(pinfo->cinfo, COL_INFO) && tvb_get_ntohl(tvb, foffset-4) != 0) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - if (tvb_get_ntohl(tvb, foffset-4) != 0) + if (tvb_get_ntohl(tvb, foffset-4) != 0) { break; } @@ -7391,7 +8274,7 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int foffset += 4; if (check_col(pinfo->cinfo, COL_INFO) && tvb_get_ntohl(tvb, foffset-4) != 0) col_add_fstr(pinfo->cinfo, COL_INFO, "R NDPS - Error"); - if (tvb_get_ntohl(tvb, foffset-4) != 0) + if (tvb_get_ntohl(tvb, foffset-4) != 0) { break; } @@ -7402,6 +8285,10 @@ dissect_ndps_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ndps_tree, int atree = proto_item_add_subtree(aitem, ett_ndps); for (i = 1 ; i <= number_of_items; i++ ) { + if (i > NDPS_MAX_ITEMS) { + proto_tree_add_text(atree, tvb, foffset, -1, "[Truncated]"); + break; + } bitem = proto_tree_add_text(atree, tvb, foffset, -1, "Item %d", i); btree = proto_item_add_subtree(bitem, ett_ndps); length=tvb_get_ntohl(tvb, foffset); @@ -7443,7 +8330,7 @@ proto_register_ndps(void) { "Record Length", "ndps.record_length", FT_UINT16, BASE_DEC, NULL, 0x0, "Record Length", HFILL }}, - + { &hf_ndps_xid, { "Exchange ID", "ndps.xid", FT_UINT32, BASE_HEX, NULL, 0x0, @@ -7458,47 +8345,52 @@ proto_register_ndps(void) { "NDPS Program Number", "spx.ndps_program", FT_UINT32, BASE_HEX, VALS(spx_ndps_program_vals), 0x0, "NDPS Program Number", HFILL }}, - + { &hf_spx_ndps_version, { "Program Version", "spx.ndps_version", FT_UINT32, BASE_DEC, NULL, 0x0, - "Program Version", HFILL }}, - + "Program Version", HFILL }}, + { &hf_ndps_error, { "NDPS Error", "spx.ndps_error", FT_UINT32, BASE_HEX, NULL, 0x0, - "NDPS Error", HFILL }}, - + "NDPS Error", HFILL }}, + + { &hf_ndps_other_error_string, + { "Extended Error String", "ndps.ext_err_string", + FT_STRING, BASE_NONE, NULL, 0x0, + "Extended Error String", HFILL }}, + { &hf_spx_ndps_func_print, { "Print Program", "spx.ndps_func_print", FT_UINT32, BASE_HEX, VALS(spx_ndps_print_func_vals), 0x0, "Print Program", HFILL }}, - + { &hf_spx_ndps_func_notify, { "Notify Program", "spx.ndps_func_notify", FT_UINT32, BASE_HEX, VALS(spx_ndps_notify_func_vals), 0x0, "Notify Program", HFILL }}, - + { &hf_spx_ndps_func_delivery, { "Delivery Program", "spx.ndps_func_delivery", FT_UINT32, BASE_HEX, VALS(spx_ndps_deliver_func_vals), 0x0, "Delivery Program", HFILL }}, - + { &hf_spx_ndps_func_registry, { "Registry Program", "spx.ndps_func_registry", FT_UINT32, BASE_HEX, VALS(spx_ndps_registry_func_vals), 0x0, "Registry Program", HFILL }}, - + { &hf_spx_ndps_func_resman, { "ResMan Program", "spx.ndps_func_resman", FT_UINT32, BASE_HEX, VALS(spx_ndps_resman_func_vals), 0x0, "ResMan Program", HFILL }}, - + { &hf_spx_ndps_func_broker, { "Broker Program", "spx.ndps_func_broker", FT_UINT32, BASE_HEX, VALS(spx_ndps_broker_func_vals), 0x0, "Broker Program", HFILL }}, - + { &hf_ndps_num_objects, { "Number of Objects", "ndps.num_objects", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -7513,7 +8405,7 @@ proto_register_ndps(void) { "Server", "ndps.sbuffer", FT_UINT32, BASE_DEC, NULL, 0x0, "Server", HFILL }}, - + { &hf_ndps_rbuffer, { "Connection", "ndps.rbuffer", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -7523,7 +8415,7 @@ proto_register_ndps(void) { "Trustee Name", "ndps.user_name", FT_STRING, BASE_NONE, NULL, 0x0, "Trustee Name", HFILL }}, - + { &hf_ndps_broker_name, { "Broker Name", "ndps.broker_name", FT_STRING, BASE_NONE, NULL, 0x0, @@ -7548,7 +8440,7 @@ proto_register_ndps(void) { "Printer Name", "ndps.pa_name", FT_STRING, BASE_NONE, NULL, 0x0, "Printer Name", HFILL }}, - + { &hf_ndps_tree, { "Tree", "ndps.tree", FT_STRING, BASE_NONE, NULL, 0x0, @@ -7603,12 +8495,12 @@ proto_register_ndps(void) { "RPC Accept Status", "ndps.rpc_acc_stat", FT_UINT32, BASE_HEX, VALS(accept_stat), 0x0, "RPC Accept Status", HFILL }}, - + { &hf_ndps_rpc_rej_stat, { "RPC Reject Status", "ndps.rpc_rej_stat", FT_UINT32, BASE_HEX, VALS(reject_stat), 0x0, "RPC Reject Status", HFILL }}, - + { &hf_ndps_rpc_acc_results, { "RPC Accept Results", "ndps.rpc_acc_res", FT_UINT32, BASE_HEX, NULL, 0x0, @@ -7618,7 +8510,7 @@ proto_register_ndps(void) { "Problem Type", "ndps.rpc_prob_type", FT_UINT32, BASE_HEX, VALS(error_type_enum), 0x0, "Problem Type", HFILL }}, - + { &hf_security_problem_type, { "Security Problem", "ndps.rpc_sec_prob", FT_UINT32, BASE_HEX, VALS(security_problem_enum), 0x0, @@ -7628,27 +8520,27 @@ proto_register_ndps(void) { "Service Problem", "ndps.rpc_serv_prob", FT_UINT32, BASE_HEX, VALS(service_problem_enum), 0x0, "Service Problem", HFILL }}, - + { &hf_access_problem_type, { "Access Problem", "ndps.rpc_acc_prob", FT_UINT32, BASE_HEX, VALS(access_problem_enum), 0x0, "Access Problem", HFILL }}, - + { &hf_printer_problem_type, { "Printer Problem", "ndps.rpc_print_prob", FT_UINT32, BASE_HEX, VALS(printer_problem_enum), 0x0, "Printer Problem", HFILL }}, - + { &hf_selection_problem_type, { "Selection Problem", "ndps.rpc_sel_prob", FT_UINT32, BASE_HEX, VALS(selection_problem_enum), 0x0, "Selection Problem", HFILL }}, - + { &hf_doc_access_problem_type, { "Document Access Problem", "ndps.rpc_doc_acc_prob", FT_UINT32, BASE_HEX, VALS(doc_access_problem_enum), 0x0, "Document Access Problem", HFILL }}, - + { &hf_attribute_problem_type, { "Attribute Problem", "ndps.rpc_attr_prob", FT_UINT32, BASE_HEX, VALS(attribute_problem_enum), 0x0, @@ -7658,7 +8550,7 @@ proto_register_ndps(void) { "Update Problem", "ndps.rpc_update_prob", FT_UINT32, BASE_HEX, VALS(update_problem_enum), 0x0, "Update Problem", HFILL }}, - + { &hf_obj_id_type, { "Object ID Type", "ndps.rpc_obj_id_type", FT_UINT32, BASE_HEX, VALS(obj_identification_enum), 0x0, @@ -7668,7 +8560,7 @@ proto_register_ndps(void) { "OID Struct Size", "ndps.rpc_oid_struct_size", FT_UINT16, BASE_DEC, NULL, 0x0, "OID Struct Size", HFILL }}, - + { &hf_object_name, { "Object Name", "ndps.ndps_object_name", FT_STRING, BASE_NONE, NULL, 0x0, @@ -7679,6 +8571,11 @@ proto_register_ndps(void) FT_UINT32, BASE_HEX, NULL, 0x0, "Document Number", HFILL }}, + { &hf_ndps_doc_content, + { "Document Content", "ndps.ndps_doc_content", + FT_UINT32, BASE_HEX, NULL, 0x0, + "Document Content", HFILL }}, + { &hf_ndps_nameorid, { "Name or ID Type", "ndps.ndps_nameorid", FT_UINT32, BASE_HEX, VALS(nameorid_enum), 0x0, @@ -7703,7 +8600,7 @@ proto_register_ndps(void) { "Qualified Name Type", "ndps.ndps_qual_name_type2", FT_UINT32, BASE_HEX, VALS(qualified_name_enum2), 0x0, "Qualified Name Type", HFILL }}, - + { &hf_ndps_item_count, { "Number of Items", "ndps.ndps_item_count", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -7773,31 +8670,31 @@ proto_register_ndps(void) { "Number of Arguments", "ndps.num_argss", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Arguments", HFILL }}, - + { &hf_ndps_num_transfer_methods, { "Number of Transfer Methods", "ndps.num_transfer_methods", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Transfer Methods", HFILL }}, - + { &hf_ndps_num_doc_types, { "Number of Document Types", "ndps.num_doc_types", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Document Types", HFILL }}, - + { &hf_ndps_num_destinations, { "Number of Destinations", "ndps.num_destinations", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Destinations", HFILL }}, - + { &hf_ndps_qualifier, { "Qualifier", "ndps.ndps_qual", FT_UINT32, BASE_HEX, NULL, 0x0, "Qualifier", HFILL }}, { &hf_ndps_lib_error, - { "Lib Error", "ndps.ndps_lib_error", + { "Library Error", "ndps.ndps_lib_error", FT_UINT32, BASE_HEX, VALS(ndps_error_types), 0x0, - "Lib Error", HFILL }}, + "Library Error", HFILL }}, { &hf_ndps_other_error, { "Other Error", "ndps.ndps_other_error", @@ -8018,7 +8915,7 @@ proto_register_ndps(void) { "IP Address", "ndps.ip", FT_IPv4, BASE_DEC, NULL, 0x0, "IP Address", HFILL }}, - + { &hf_ndps_server_type, { "NDPS Server Type", "ndps.ndps_server_type", FT_UINT32, BASE_HEX, VALS(ndps_server_type_enum), 0x0, @@ -8028,12 +8925,12 @@ proto_register_ndps(void) { "Number of Services", "ndps.ndps_num_services", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Services", HFILL }}, - + { &hf_ndps_service_type, { "NDPS Service Type", "ndps.ndps_service_type", FT_UINT32, BASE_HEX, VALS(ndps_service_type_enum), 0x0, "NDPS Service Type", HFILL }}, - + { &hf_ndps_service_enabled, { "Service Enabled?", "ndps.ndps_service_enabled", FT_BOOLEAN, BASE_NONE, NULL, 0x0, @@ -8053,7 +8950,7 @@ proto_register_ndps(void) { "File Name", "ndps.file_name", FT_STRING, BASE_NONE, NULL, 0x0, "File Name", HFILL }}, - + { &hf_ndps_admin_submit, { "Admin Submit Flag?", "ndps.admin_submit_flag", FT_BOOLEAN, BASE_NONE, NULL, 0x0, @@ -8073,7 +8970,7 @@ proto_register_ndps(void) { "Answer Time", "ndps.answer_time", FT_UINT32, BASE_DEC, NULL, 0x0, "Answer Time", HFILL }}, - + { &hf_oid_asn1_type, { "ASN.1 Type", "ndps.asn1_type", FT_UINT16, BASE_DEC, NULL, 0x0, @@ -8088,17 +8985,17 @@ proto_register_ndps(void) { "Length", "ndps.ndps_len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length", HFILL }}, - + { &hf_limit_enc, { "Limit Encountered", "ndps.ndps_limit_enc", FT_UINT32, BASE_HEX, VALS(ndps_limit_enc_enum), 0x0, "Limit Encountered", HFILL }}, - + { &hf_ndps_delivery_add_count, { "Number of Delivery Addresses", "ndps.delivery_add_count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Delivery Addresses", HFILL }}, - + { &hf_ndps_delivery_add_type, { "Delivery Address Type", "ndps.ndps_delivery_add_type", FT_UINT32, BASE_HEX, VALS(ndps_delivery_add_enum), 0x0, @@ -8128,7 +9025,7 @@ proto_register_ndps(void) { "Resource Type", "ndps.ndps_resource_type", FT_UINT32, BASE_HEX, VALS(ndps_resource_enum), 0x0, "Resource Type", HFILL }}, - + { &hf_ndps_identifier_type, { "Identifier Type", "ndps.ndps_identifier_type", FT_UINT32, BASE_HEX, VALS(ndps_identifier_enum), 0x0, @@ -8138,7 +9035,7 @@ proto_register_ndps(void) { "Page Flag", "ndps.ndps_page_flag", FT_UINT32, BASE_HEX, NULL, 0x0, "Page Flag", HFILL }}, - + { &hf_ndps_media_type, { "Media Type", "ndps.ndps_media_type", FT_UINT32, BASE_HEX, VALS(ndps_media_enum), 0x0, @@ -8148,12 +9045,12 @@ proto_register_ndps(void) { "Page Size", "ndps.ndps_page_size", FT_UINT32, BASE_HEX, VALS(ndps_page_size_enum), 0x0, "Page Size", HFILL }}, - + { &hf_ndps_direction, { "Direction", "ndps.ndps_direction", FT_UINT32, BASE_HEX, VALS(ndps_pres_direction_enum), 0x0, "Direction", HFILL }}, - + { &hf_ndps_page_order, { "Page Order", "ndps.ndps_page_order", FT_UINT32, BASE_HEX, VALS(ndps_page_order_enum), 0x0, @@ -8193,12 +9090,12 @@ proto_register_ndps(void) { "X Dimension", "ndps.ndps_xdimension", FT_UINT32, BASE_HEX, NULL, 0x0, "X Dimension", HFILL }}, - + { &hf_ndps_ydimension, { "Y Dimension", "ndps.ndps_ydimension", FT_UINT32, BASE_HEX, NULL, 0x0, "Y Dimension", HFILL }}, - + { &hf_ndps_state_severity, { "State Severity", "ndps.ndps_state_severity", FT_UINT32, BASE_HEX, VALS(ndps_state_severity_enum), 0x0, @@ -8223,7 +9120,7 @@ proto_register_ndps(void) { "List Attribute Operation", "ndps.ndps_attrs_arg", FT_UINT32, BASE_HEX, VALS(ndps_attrs_arg_enum), 0x0, "List Attribute Operation", HFILL }}, - + { &hf_ndps_context_len, { "Context Length", "ndps.context_len", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -8243,7 +9140,7 @@ proto_register_ndps(void) { "Filter Item Operation", "ndps.ndps_filter_item", FT_UINT32, BASE_HEX, VALS(ndps_filter_item_enum), 0x0, "Filter Item Operation", HFILL }}, - + { &hf_ndps_substring_match, { "Substring Match", "ndps.ndps_substring_match", FT_UINT32, BASE_HEX, VALS(ndps_match_criteria_enum), 0x0, @@ -8268,12 +9165,12 @@ proto_register_ndps(void) { "Password", "ndps.password", FT_BYTES, BASE_NONE, NULL, 0x0, "Password", HFILL }}, - + { &hf_ndps_retrieve_restrictions, { "Retrieve Restrictions", "ndps.ndps_ret_restrict", FT_UINT32, BASE_DEC, NULL, 0x0, "Retrieve Restrictions", HFILL }}, - + { &hf_ndps_bind_security_option_count, { "Number of Bind Security Options", "ndps.ndps_bind_security_count", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -8283,7 +9180,7 @@ proto_register_ndps(void) { "Bind Security Options", "ndps.ndps_bind_security", FT_UINT32, BASE_DEC, NULL, 0x0, "Bind Security Options", HFILL }}, - + { &hf_ndps_max_items, { "Maximum Items in List", "ndps.ndps_max_items", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -8442,29 +9339,29 @@ proto_register_ndps(void) { &hf_ndps_segment_overlap, { "Segment overlap", "ndps.segment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Segment overlaps with other segments", HFILL }}, - + { &hf_ndps_segment_overlap_conflict, { "Conflicting data in segment overlap", "ndps.segment.overlap.conflict", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Overlapping segments contained conflicting data", HFILL }}, - + { &hf_ndps_segment_multiple_tails, { "Multiple tail segments found", "ndps.segment.multipletails", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Several tails were found when desegmenting the packet", HFILL }}, - + { &hf_ndps_segment_too_long_segment, { "Segment too long", "ndps.segment.toolongsegment", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Segment contained data past end of packet", HFILL }}, - + { &hf_ndps_segment_error, {"Desegmentation error", "ndps.segment.error", FT_FRAMENUM, BASE_NONE, NULL, 0x0, "Desegmentation error due to illegal segments", HFILL }}, - + { &hf_ndps_segment, { "NDPS Fragment", "ndps.fragment", FT_FRAMENUM, BASE_NONE, NULL, 0x0, "NDPS Fragment", HFILL }}, - + { &hf_ndps_segments, { "NDPS Fragments", "ndps.fragments", FT_NONE, BASE_NONE, NULL, 0x0, "NDPS Fragments", HFILL }}, @@ -8477,12 +9374,12 @@ proto_register_ndps(void) { "Get Status Flag", "ndps.get_status_flags", FT_UINT32, BASE_DEC, NULL, 0x0, "Get Status Flag", HFILL }}, - + { &hf_res_type, { "Resource Type", "ndps.res_type", FT_UINT32, BASE_DEC, VALS(ndps_res_type_enum), 0x0, "Resource Type", HFILL }}, - + { &hf_file_timestamp, { "File Time Stamp", "ndps.file_time_stamp", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -8566,37 +9463,37 @@ proto_register_ndps(void) { "Method Data?", "ndps.method_flag", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Method Data?", HFILL }}, - + { &hf_ndps_delivery_address_flag, { "Delivery Address Data?", "ndps.delivery_flag", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "Delivery Address Data?", HFILL }}, - + { &hf_ndps_list_profiles_type, { "List Profiles Type", "ndps.ndps_list_profiles_type", FT_UINT32, BASE_HEX, VALS(ndps_attrs_arg_enum), 0x0, "List Profiles Type", HFILL }}, - + { &hf_ndps_list_profiles_choice_type, { "List Profiles Choice Type", "ndps.ndps_list_profiles_choice_type", FT_UINT32, BASE_HEX, VALS(ndps_list_profiles_choice_enum), 0x0, "List Profiles Choice Type", HFILL }}, - + { &hf_ndps_list_profiles_result_type, { "List Profiles Result Type", "ndps.ndps_list_profiles_result_type", FT_UINT32, BASE_HEX, VALS(ndps_list_profiles_result_enum), 0x0, "List Profiles Result Type", HFILL }}, - + { &hf_ndps_integer_type_flag, { "Integer Type Flag", "ndps.ndps_integer_type_flag", FT_UINT32, BASE_HEX, NULL, 0x0, "Integer Type Flag", HFILL }}, - + { &hf_ndps_integer_type_value, { "Integer Type Value", "ndps.ndps_integer_type_value", FT_UINT32, BASE_HEX, NULL, 0x0, "Integer Type Value", HFILL }}, - + { &hf_ndps_continuation_option, { "Continuation Option", "ndps.ndps_continuation_option", FT_BYTES, BASE_HEX, NULL, 0x0, @@ -8666,7 +9563,7 @@ proto_register_ndps(void) { "Byte Value", "ndps.info_bytes", FT_BYTES, BASE_NONE, NULL, 0x0, "Byte Value", HFILL }}, - + { &hf_ndps_list_local_servers_type, { "Server Type", "ndps.ndps_list_local_server_type", FT_UINT32, BASE_HEX, VALS(ndps_list_local_servers_enum), 0x0, @@ -8706,7 +9603,7 @@ proto_register_ndps(void) { "Number of Delivery Methods", "ndps.delivery_method_count", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Delivery Methods", HFILL }}, - + { &hf_delivery_method_type, { "Delivery Method Type", "ndps.delivery_method_type", FT_UINT32, BASE_HEX, VALS(ndps_delivery_method_enum), 0x0, @@ -8741,12 +9638,12 @@ proto_register_ndps(void) { "Number of Values", "ndps.num_values", FT_UINT32, BASE_DEC, NULL, 0x0, "Number of Values", HFILL }}, - + { &hf_ndps_object_ids_7, { "Object ID Definition", "ndps.objectid_def7", FT_NONE, BASE_HEX, NULL, 0x0, "Object ID Definition", HFILL }}, - + { &hf_ndps_object_ids_8, { "Object ID Definition", "ndps.objectid_def8", FT_NONE, BASE_HEX, NULL, @@ -8801,7 +9698,7 @@ proto_register_ndps(void) { "Printer Security", "ndps.print_security", FT_UINT32, BASE_HEX, VALS(ndps_print_security), 0x0, "Printer Security", HFILL }}, - + { &hf_notify_time_interval, { "Notify Time Interval", "ndps.notify_time_interval", FT_UINT32, BASE_HEX, NULL, 0x0, @@ -8839,7 +9736,7 @@ proto_register_ndps(void) &ett_ndps_segment, }; module_t *ndps_module; - + proto_ndps = proto_register_protocol("Novell Distributed Print System", "NDPS", "ndps"); proto_register_field_array(proto_ndps, hf_ndps, array_length(hf_ndps)); proto_register_subtree_array(ett, array_length(ett)); @@ -8870,7 +9767,7 @@ proto_reg_handoff_ndps(void) ndps_handle = create_dissector_handle(dissect_ndps_ipx, proto_ndps); ndps_tcp_handle = create_dissector_handle(dissect_ndps_tcp, proto_ndps); - + dissector_add("spx.socket", SPX_SOCKET_PA, ndps_handle); dissector_add("spx.socket", SPX_SOCKET_BROKER, ndps_handle); dissector_add("spx.socket", SPX_SOCKET_SRS, ndps_handle);