diff options
| author | Guy Harris <guy@alum.mit.edu> | 2001-09-28 22:43:57 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2001-09-28 22:43:57 +0000 |
| commit | 44e672ab42e83bf7f1d1926f5e2461e91ec138d2 (patch) | |
| tree | 11d3008e5fb57bae3b1ed856e05791447cfffecc | |
| parent | 434a3ded4cdd018188b3d307d9f056d525d2e22b (diff) | |
| download | wireshark-44e672ab42e83bf7f1d1926f5e2461e91ec138d2.tar.gz wireshark-44e672ab42e83bf7f1d1926f5e2461e91ec138d2.tar.bz2 wireshark-44e672ab42e83bf7f1d1926f5e2461e91ec138d2.zip | |
From Todd Sabin: dissect the auth info in connection oriented dcerpc
packets.
Make a "dissect_netbios_payload()" routine, called from the
NetBIOS-over-802.2 (NBF), NetBIOS-over-IPX, and NetBIOS-over-TCP
dissectors. Take Todd Sabin's changes to add a heuristic dissector list
to the NBSS dissector, and apply them to "dissect_netbios_payload()"
instead. Make the SMB dissector heuristic, returning FALSE if it
doesn't see 0xFF S M B at the beginning of the packet, and have
"dissect_netbios_payload()" first try the heuristic dissector list, then
try the SMB dissector if no other heuristic dissector claims the packet,
then just dissect the payload as data.
From Todd Sabin: have the DCE/RPC dissector register as a heuristic
dissector for NetBIOS.
svn path=/trunk/; revision=3969
| -rw-r--r-- | packet-dcerpc.c | 94 | ||||
| -rw-r--r-- | packet-nbipx.c | 21 | ||||
| -rw-r--r-- | packet-nbns.c | 36 | ||||
| -rw-r--r-- | packet-netbios.c | 62 | ||||
| -rw-r--r-- | packet-netbios.h | 7 | ||||
| -rw-r--r-- | packet-smb.c | 28 | ||||
| -rw-r--r-- | packet-smb.h | 7 |
7 files changed, 168 insertions, 87 deletions
diff --git a/packet-dcerpc.c b/packet-dcerpc.c index 7bc11cb490..95003692ce 100644 --- a/packet-dcerpc.c +++ b/packet-dcerpc.c @@ -2,7 +2,7 @@ * Routines for DCERPC packet disassembly * Copyright 2001, Todd Sabin <tas@webspan.net> * - * $Id: packet-dcerpc.c,v 1.8 2001/09/03 10:33:05 guy Exp $ + * $Id: packet-dcerpc.c,v 1.9 2001/09/28 22:43:56 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -102,6 +102,11 @@ static int hf_dcerpc_cn_num_results = -1; static int hf_dcerpc_cn_ack_result = -1; static int hf_dcerpc_cn_ack_reason = -1; static int hf_dcerpc_cn_cancel_count = -1; +static int hf_dcerpc_auth_type = -1; +static int hf_dcerpc_auth_level = -1; +static int hf_dcerpc_auth_pad_len = -1; +static int hf_dcerpc_auth_rsrvd = -1; +static int hf_dcerpc_auth_ctx_id = -1; static int hf_dcerpc_dg_flags1 = -1; static int hf_dcerpc_dg_flags1_rsrvd_01 = -1; static int hf_dcerpc_dg_flags1_last_frag = -1; @@ -442,6 +447,50 @@ dcerpc_try_handoff (packet_info *pinfo, proto_tree *tree, return 0; } +static int +dissect_dcerpc_cn_auth (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tree, + e_dce_cn_common_hdr_t *hdr) +{ + int offset; + guint8 auth_pad_len; + /* + * If the full packet is here, and we've got an auth len, and it's + * valid, then dissect the auth info + */ + if (tvb_length (tvb) >= hdr->frag_len + && hdr->auth_len + && (hdr->auth_len + 8 <= hdr->frag_len)) { + + offset = hdr->frag_len - (hdr->auth_len + 8); + + offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_type, NULL); + offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_level, NULL); + offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_pad_len, &auth_pad_len); + offset = dissect_dcerpc_uint8 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_rsrvd, NULL); + offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, + hf_dcerpc_auth_ctx_id, NULL); + + proto_tree_add_text (dcerpc_tree, tvb, offset, hdr->auth_len, "Auth Data"); + + /* figure out where the auth padding starts */ + offset = hdr->frag_len - (hdr->auth_len + 8 + auth_pad_len); + if (offset > 0 && auth_pad_len) { + proto_tree_add_text (dcerpc_tree, tvb, offset, + auth_pad_len, "Auth padding"); + return hdr->auth_len + 8 + auth_pad_len; + } else { + return hdr->auth_len + 8; + } + } else { + return 0; + } +} + + /* * Connection oriented packet types @@ -525,6 +574,8 @@ dissect_dcerpc_cn_bind (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, hf_dcerpc_cn_bind_trans_ver, &trans_ver); + dissect_dcerpc_cn_auth (tvb, pinfo, dcerpc_tree, hdr); + if (check_col (pinfo->fd, COL_INFO)) { col_add_fstr (pinfo->fd, COL_INFO, "%s: UUID %08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x ver %d.%d", hdr->ptype == PDU_BIND ? "Bind" : "Alter Ctx", @@ -597,6 +648,8 @@ dissect_dcerpc_cn_bind_ack (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerp &reason); } + dissect_dcerpc_cn_auth (tvb, pinfo, dcerpc_tree, hdr); + if (check_col (pinfo->fd, COL_INFO)) { if (num_results == 1 && result == 0) { col_add_fstr (pinfo->fd, COL_INFO, "%s ack: accept max_xmit: %d max_recv: %d", @@ -621,7 +674,7 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr guint16 ctx_id; guint16 opnum; e_uuid_t obj_id; - + int auth_sz = 0; int offset = 16; offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, @@ -652,6 +705,8 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr offset += 16; } + auth_sz = dissect_dcerpc_cn_auth (tvb, pinfo, dcerpc_tree, hdr); + if (check_col (pinfo->fd, COL_INFO)) { col_add_fstr (pinfo->fd, COL_INFO, "Request: opnum: %d ctx_id:%d", opnum, ctx_id); @@ -675,7 +730,10 @@ dissect_dcerpc_cn_rqst (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr value->ver, &value->uuid); /* handoff this call */ - dcerpc_try_handoff (pinfo, tree, tvb, offset, + dcerpc_try_handoff (pinfo, tree, + tvb_new_subset (tvb, offset, + hdr->frag_len - offset - auth_sz, + hdr->frag_len - offset - auth_sz), 0, &value->uuid, value->ver, opnum, TRUE); } @@ -688,7 +746,7 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr { conversation_t *conv; guint16 ctx_id; - + int auth_sz = 0; int offset = 16; offset = dissect_dcerpc_uint32 (tvb, offset, pinfo, dcerpc_tree, hdr->drep, @@ -702,6 +760,8 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr /* padding */ offset++; + auth_sz = dissect_dcerpc_cn_auth (tvb, pinfo, dcerpc_tree, hdr); + if (check_col (pinfo->fd, COL_INFO)) { col_add_fstr (pinfo->fd, COL_INFO, "Response: call_id: %d ctx_id:%d", hdr->call_id, ctx_id); @@ -714,7 +774,10 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr } else { dcerpc_call_value *value = dcerpc_call_lookup (hdr->call_id, conv); if (value) { - dcerpc_try_handoff (pinfo, tree, tvb, offset, + dcerpc_try_handoff (pinfo, tree, + tvb_new_subset (tvb, offset, + hdr->frag_len - offset - auth_sz, + hdr->frag_len - offset - auth_sz), 0, &value->uuid, value->ver, value->opnum, FALSE); } @@ -727,6 +790,7 @@ dissect_dcerpc_cn_resp (tvbuff_t *tvb, packet_info *pinfo, proto_tree *dcerpc_tr static gboolean dissect_dcerpc_cn (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + static char nulls[4] = { 0 }; proto_item *ti = NULL; proto_item *tf = NULL; proto_tree *dcerpc_tree = NULL; @@ -737,6 +801,13 @@ dissect_dcerpc_cn (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* * Check if this looks like a C/O DCERPC call */ + /* + * when done over nbt, dcerpc requests are padded with 4 bytes of null + * data for some reason. + */ + if (tvb_bytes_exist (tvb, 0, 4) && tvb_memeql (tvb, 0, nulls, 4) == 0) { + tvb = tvb_new_subset (tvb, 4, -1, -1); + } if (!tvb_bytes_exist (tvb, 0, sizeof (hdr))) { return FALSE; } @@ -824,6 +895,8 @@ dissect_dcerpc_cn (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) break; default: + /* might as well dissect the auth info */ + dissect_dcerpc_cn_auth (tvb, pinfo, dcerpc_tree, &hdr); break; } return TRUE; @@ -1158,6 +1231,16 @@ proto_register_dcerpc (void) { "Ack reason", "dcerpc.cn_ack_reason", FT_UINT16, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_cn_cancel_count, { "Cancel count", "dcerpc.cn_cancel_count", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_auth_type, + { "Auth type", "dcerpc.auth_type", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_auth_level, + { "Auth level", "dcerpc.auth_level", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_auth_pad_len, + { "Auth pad len", "dcerpc.auth_pad_len", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_auth_rsrvd, + { "Auth Rsrvd", "dcerpc.auth_rsrvd", FT_UINT8, BASE_DEC, NULL, 0x0, "", HFILL }}, + { &hf_dcerpc_auth_ctx_id, + { "Auth Context ID", "dcerpc.auth_ctx_id", FT_UINT32, BASE_DEC, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_dg_flags1, { "Flags1", "dcerpc.dg_flags1", FT_UINT8, BASE_HEX, NULL, 0x0, "", HFILL }}, { &hf_dcerpc_dg_flags1_rsrvd_01, @@ -1244,5 +1327,6 @@ void proto_reg_handoff_dcerpc (void) { heur_dissector_add ("tcp", dissect_dcerpc_cn, proto_dcerpc); + heur_dissector_add ("netbios", dissect_dcerpc_cn, proto_dcerpc); heur_dissector_add ("udp", dissect_dcerpc_dg, proto_dcerpc); } diff --git a/packet-nbipx.c b/packet-nbipx.c index 9de39fb86d..0f36201313 100644 --- a/packet-nbipx.c +++ b/packet-nbipx.c @@ -2,12 +2,11 @@ * Routines for NetBIOS over IPX packet disassembly * Gilbert Ramirez <gram@xiexie.org> * - * $Id: packet-nbipx.c,v 1.38 2001/04/23 18:10:28 guy Exp $ + * $Id: packet-nbipx.c,v 1.39 2001/09/28 22:43:56 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> * Copyright 1998 Gerald Combs - * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -220,9 +219,6 @@ dissect_nbipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint8 name_type_flag; proto_tree *name_type_flag_tree; proto_item *tf; - tvbuff_t *next_tvb; - const guint8 *next_pd; - int next_offset; char name[(NETBIOS_NAME_LEN - 1)*4 + 1]; int name_type; gboolean has_payload; @@ -470,10 +466,8 @@ dissect_nbipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) proto_item_set_len(ti, offset); if (has_payload && tvb_offset_exists(tvb, offset)) { - next_tvb = tvb_new_subset(tvb, offset, -1, -1); - tvb_compat(next_tvb, &next_pd, &next_offset); - dissect_smb(next_pd, next_offset, pinfo->fd, tree, - tvb_length(next_tvb)); + dissect_netbios_payload(tvb, offset, pinfo, tree, + tvb_length_remaining(tvb, offset)); } } @@ -680,9 +674,6 @@ dissect_nmpi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) int name_type; char node_name[(NETBIOS_NAME_LEN - 1)*4 + 1]; int node_name_type = 0; - tvbuff_t *next_tvb; - const guint8 *next_pd; - int next_offset; if (check_col(pinfo->fd, COL_PROTOCOL)) col_set_str(pinfo->fd, COL_PROTOCOL, "NMPI"); @@ -776,10 +767,8 @@ dissect_nmpi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset += 1 + 1 + 2 + NETBIOS_NAME_LEN + NETBIOS_NAME_LEN; if (opcode == IMSLOT_SEND && tvb_offset_exists(tvb, offset)) { - next_tvb = tvb_new_subset(tvb, offset, -1, -1); - tvb_compat(next_tvb, &next_pd, &next_offset); - dissect_smb(next_pd, next_offset, pinfo->fd, tree, - tvb_length(next_tvb)); + dissect_netbios_payload(tvb, offset, pinfo, tree, + tvb_length_remaining(tvb, offset)); } } diff --git a/packet-nbns.c b/packet-nbns.c index 15a2c1116c..5b868ac2d7 100644 --- a/packet-nbns.c +++ b/packet-nbns.c @@ -4,7 +4,7 @@ * Gilbert Ramirez <gram@xiexie.org> * Much stuff added by Guy Harris <guy@alum.mit.edu> * - * $Id: packet-nbns.c,v 1.56 2001/09/17 02:07:00 guy Exp $ + * $Id: packet-nbns.c,v 1.57 2001/09/28 22:43:56 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -1284,16 +1284,7 @@ dissect_nbdgm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * only our stuff. */ proto_item_set_len(ti, offset); - { - const guint8 *next_pd; - int next_offset; - - next_tvb = tvb_new_subset(tvb, offset, -1, -1); - tvb_compat(next_tvb, &next_pd, &next_offset); - - dissect_smb(next_pd, next_offset, pinfo->fd, tree, - max_data); - } + dissect_netbios_payload(tvb, offset, pinfo, tree, max_data); break; case NBDS_ERROR: @@ -1383,7 +1374,6 @@ dissect_nbss_packet(tvbuff_t *tvb, int offset, packet_info *pinfo, int len; char name[(NETBIOS_NAME_LEN - 1)*4 + MAXDNAME]; int name_type; - tvbuff_t *next_tvb; msg_type = tvb_get_guint8(tvb, offset); @@ -1499,16 +1489,7 @@ dissect_nbss_packet(tvbuff_t *tvb, int offset, packet_info *pinfo, * only our stuff. */ proto_item_set_len(ti, offset); - { - const guint8 *next_pd; - int next_offset; - - next_tvb = tvb_new_subset(tvb, offset, -1, -1); - tvb_compat(next_tvb, &next_pd, &next_offset); - - dissect_smb(next_pd, next_offset, pinfo->fd, tree, - max_data - 4); - } + dissect_netbios_payload(tvb, offset, pinfo, tree, length); break; } @@ -1555,20 +1536,15 @@ dissect_nbss(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) #define RJSHACK 1 #ifdef RJSHACK - if (((msg_type != SESSION_REQUEST) && + if ((msg_type != SESSION_REQUEST) && (msg_type != POSITIVE_SESSION_RESPONSE) && (msg_type != NEGATIVE_SESSION_RESPONSE) && (msg_type != RETARGET_SESSION_RESPONSE) && (msg_type != SESSION_KEEP_ALIVE) && - (msg_type != SESSION_MESSAGE)) || - ((msg_type == SESSION_MESSAGE) && - (max_data < 8 || tvb_memeql(tvb, offset + 4, "\377SMB", 4) != 0))) { + (msg_type != SESSION_MESSAGE)) { /* - * Either the first byte isn't one of the known message types, - * or it's a session message but we either don't have enough - * data in the frame for the NBSS/CIFS header plus an SMB header, - * or we do but the message data doesn't begin with 0xFF S M B. + * The first byte isn't one of the known message types. * Assume it's a continuation message. */ if (check_col(pinfo->fd, COL_INFO)) { diff --git a/packet-netbios.c b/packet-netbios.c index d6b48a68f1..d21144ab86 100644 --- a/packet-netbios.c +++ b/packet-netbios.c @@ -5,7 +5,7 @@ * * derived from the packet-nbns.c * - * $Id: packet-netbios.c,v 1.35 2001/09/14 07:10:05 guy Exp $ + * $Id: packet-netbios.c,v 1.36 2001/09/28 22:43:56 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -954,6 +954,40 @@ void (*dissect_netb[])(tvbuff_t *, int, proto_tree *) = { dissect_netb_unknown, }; +static heur_dissector_list_t netbios_heur_subdissector_list; + +void +dissect_netbios_payload(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, int max_data) +{ + tvbuff_t *next_tvb; + const guint8 *next_pd; + int next_offset; + + next_tvb = tvb_new_subset(tvb, offset, -1, -1); + + /* + * Try the heuristic dissectors for NetBIOS. + */ + if (dissector_try_heuristic(netbios_heur_subdissector_list, + next_tvb, pinfo, tree)) + return; + + /* + * OK, none of them matched. Try the SMB dissector. + * (XXX - once the SMB dissector is tvbuffified, it should + * become a regular heuristic dissector.) + */ + tvb_compat(next_tvb, &next_pd, &next_offset); + + if (dissect_smb(next_pd, next_offset, pinfo->fd, tree, max_data)) + return; + + /* + * It's none of the above. Dissect it as data. + */ + dissect_data(next_tvb, 0, pinfo, tree); +} static void dissect_netbios(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) @@ -1036,28 +1070,8 @@ dissect_netbios(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) offset += hdr_len; /* move past header */ - /* Test for SMB data */ - - if (tvb_bytes_exist(tvb, offset, 4)){ /* if enough data */ - - if (( tvb_get_guint8( tvb, offset) == 0xff) && /* if SMB marker */ - ( tvb_get_guint8( tvb, offset + 1) == 'S') && - ( tvb_get_guint8( tvb, offset + 2) == 'M') && - ( tvb_get_guint8( tvb, offset + 3) == 'B')) { - - tvbuff_t *next_tvb; - const guint8 *next_pd; - int next_offset; - - next_tvb = tvb_new_subset(tvb, offset, -1, -1); - tvb_compat(next_tvb, &next_pd, &next_offset); - - /* decode SMB */ - dissect_smb( next_pd, next_offset, pinfo->fd, tree, - tvb_length_remaining(tvb, offset) - next_offset); - - } - } + dissect_netbios_payload(tvb, offset, pinfo, tree, + tvb_length_remaining(tvb, offset)); } @@ -1139,6 +1153,8 @@ void proto_register_netbios(void) proto_netbios = proto_register_protocol("NetBIOS", "NetBIOS", "netbios"); proto_register_subtree_array(ett, array_length(ett)); proto_register_field_array(proto_netbios, hf_netb, array_length(hf_netb)); + + register_heur_dissector_list("netbios", &netbios_heur_subdissector_list); } void diff --git a/packet-netbios.h b/packet-netbios.h index cfa903e0b5..a617f488ae 100644 --- a/packet-netbios.h +++ b/packet-netbios.h @@ -5,12 +5,11 @@ * * derived from the packet-nbns.c * - * $Id: packet-netbios.h,v 1.9 2001/01/15 04:39:28 guy Exp $ + * $Id: packet-netbios.h,v 1.10 2001/09/28 22:43:56 guy Exp $ * * Ethereal - Network traffic analyzer - * By Gerald Combs <gerald@zing.org> + * By Gerald Combs <gerald@ethereal.com> * Copyright 1998 Gerald Combs - * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -41,5 +40,7 @@ extern int get_netbios_name(tvbuff_t *tvb, int offset, extern char *netbios_name_type_descr(int name_type); extern void netbios_add_name( char* label, tvbuff_t *tvb, int offset, proto_tree *tree); +extern void dissect_netbios_payload(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, int max_data); #endif diff --git a/packet-smb.c b/packet-smb.c index 60c21db962..31e32ce3a6 100644 --- a/packet-smb.c +++ b/packet-smb.c @@ -2,7 +2,7 @@ * Routines for smb packet dissection * Copyright 1999, Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-smb.c,v 1.117 2001/09/28 08:39:59 guy Exp $ + * $Id: packet-smb.c,v 1.118 2001/09/28 22:43:56 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -12450,7 +12450,7 @@ static const value_string NT_errors[] = { #define SMB_FLAGS_DIRN 0x80 -void +gboolean dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data) { proto_tree *smb_tree = tree, *smb_hdr_tree = NULL, *flags_tree, *flags2_tree; @@ -12460,9 +12460,23 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int guint32 status; int SMB_offset = offset; struct smb_info si; + static const char smb_signature[4] = { 0xFF, 'S', 'M', 'B' }; + + /* Is dissection of SMB messages enabled? */ + if (!proto_is_protocol_enabled(proto_smb)) { + /* No. */ + return FALSE; + } - OLD_CHECK_DISPLAY_AS_DATA(proto_smb, pd, offset, fd, tree); + /* OK, is this an SMB message? */ + if (!BYTES_ARE_IN_FRAME(SMB_offset, 4)) + return FALSE; + if (memcmp(&pd[SMB_offset], smb_signature, 4) != 0) { + /* No. */ + return FALSE; + } + /* Yes. */ si.unicode = FALSE; si.ddisp = 0; @@ -12509,7 +12523,7 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int an NT error code or a DOS error code. */ if (!BYTES_ARE_IN_FRAME(SMB_offset + 10, 2)) - return; + return TRUE; flags2 = GSHORT(pd, SMB_offset + 10); @@ -12709,7 +12723,7 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int /* Now the TID, tree ID */ if (!BYTES_ARE_IN_FRAME(offset, 2)) - return; + return TRUE; tid = GSHORT(pd, offset); si.tid = tid; @@ -12725,7 +12739,7 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int /* Now the PID, Process ID */ if (!BYTES_ARE_IN_FRAME(offset, 2)) - return; + return TRUE; pid = GSHORT(pd, offset); si.pid = pid; @@ -12768,6 +12782,8 @@ dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int (dissect[cmd])(pd, offset, fd, tree, smb_tree, si, max_data, SMB_offset); + + return TRUE; } /*** External routines called during the registration process */ diff --git a/packet-smb.h b/packet-smb.h index f948d7cfac..637916dba5 100644 --- a/packet-smb.h +++ b/packet-smb.h @@ -1,11 +1,10 @@ /* packet-smb.h * - * $Id: packet-smb.h,v 1.2 2000/08/11 13:33:52 deniel Exp $ + * $Id: packet-smb.h,v 1.3 2001/09/28 22:43:57 guy Exp $ * * Ethereal - Network traffic analyzer - * By Gerald Combs <gerald@zing.org> + * By Gerald Combs <gerald@ethereal.com> * Copyright 1998 Gerald Combs - * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -25,6 +24,6 @@ #ifndef __PACKET_SMB_H__ #define __PACKET_SMB_H__ -void dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data); +gboolean dissect_smb(const u_char *pd, int offset, frame_data *fd, proto_tree *tree, int max_data); #endif |