Wireshark-bugs: [Wireshark-bugs] [Bug 2524] New: SMB dissector incorrectly handling FID reuse fo
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2524
Summary: SMB dissector incorrectly handling FID reuse for NT
Create AndX command.
Product: Wireshark
Version: unspecified
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: kyle.kloepper@xxxxxxxxxxxx
Build Information:
Version 0.99.8 (SVN Rev 24492)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 7.0, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio V19-devel,
with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
This is a bug with the SMB dissector.
CONTEXT:
1. Capture network traffic with multiple opens. A good traffic source for this
is the Samba4 smbtorture test RAW-BENCH-OPEN.
2. Examine the NT Create Andx Requests and Responses.
3. Specifically look at the [FID: ...] information.
BUG:
When a file is opened the server assigns a FID number. This FID can be reused.
Moreover this FID can be reused for different files on the same connection.
The SMB dissector treats FIDs as unique for a connection. So if an FID is
reused all previous references to that FID in the trace are given the incorrect
file information. The most recent use of an FID takes precedence.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.