At 12:54 AM 12/6/99 -0800, Guy Harris <gharris@xxxxxxxxxxxx> wrote:
>> Here is another trace with a tcp/SMB connection.
>> Packet 151 causes a segmentaion fault.
>> Whats the problem with this packet in WIN2001.TR1?
>
>I don't know - the current version of Ethereal in CVS doesn't seem to
>have a problem with that packet on my machine, at least, so perhaps a
>bug was fixed, or perhaps it's just a difference between the OSes or
>machines - but I *do* know that if I select packet 48 (a NetShareEnum
>response), Ethereal gets a bus error on my machine, with the stack
>trace:
[traceback deleted]
>Line 10081 of "packet-smb.c" is:
>
> proto_tree_add_text(share, loc_offset, 4, "Share Comment: %s", Comment);
>
>and Comment is:
>
> (gdb) print Comment
> $1 = 0xf681f7a2 <Address 0xf681f7a2 out of bounds>
>
>"Comment" is set by
>
> Comment = pd + SMB_offset + DataOffset + GWORD(pd, loc_offset);
>
>and "GWORD(pd, loc_offset)" is -294650112 at that point, so either
>"loc_offset" is past the end of the packet, "loc_offset" is pointing to
>a bogus location inside the packet, or the packet is corrupt.
No, there is a bug or two. I am not dealing with the convert field
properly. I should treat the comment pointer as a 16-bit value (discard the
top 16 bits) and subtract convert from the result.
I am also out by a few bytes as well, so I have to look at this some more.
Thanks for bringing it to my attention.
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
