Wireshark-dev: [Wireshark-dev] [PATCH] some DCERPC fixes
From: "Stefan (metze) Metzmacher" <metze@xxxxxxxxx>
Date: Thu, 23 Nov 2006 08:57:37 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this patch fixes some problems with encrypted DCERPC traffic can someone apply it? metze -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFZVRxm70gjA5TCD8RApJGAKDKfgMAexxcb1rkq/7q/xXv1rUDBwCgr297 yptBKz9DSh8c1DIGB/8DqwQ= =PYVS -----END PGP SIGNATURE-----
Index: epan/dissectors/packet-dcerpc.c
===================================================================
--- epan/dissectors/packet-dcerpc.c (Revision 19944)
+++ epan/dissectors/packet-dcerpc.c (Arbeitskopie)
@@ -2127,7 +2127,7 @@
dcerpc_dissect_fnct_t *volatile sub_dissect;
const char *volatile saved_proto;
void *volatile saved_private_data;
- guint length, reported_length;
+ guint length = 0, reported_length = 0;
tvbuff_t *volatile stub_tvb;
volatile guint auth_pad_len;
volatile int auth_pad_offset;
@@ -2183,8 +2183,9 @@
proc->dissect_rqst : proc->dissect_resp;
if (tree) {
- sub_item = proto_tree_add_item (tree, sub_proto->proto_id, tvb, 0,
- -1, FALSE);
+ sub_item = proto_tree_add_item (tree, sub_proto->proto_id,
+ (decrypted_tvb != NULL)?decrypted_tvb:tvb,
+ 0, -1, FALSE);
if (sub_item) {
sub_tree = proto_item_add_subtree (sub_item, sub_proto->ett);
@@ -2230,12 +2231,13 @@
init_ndr_pointer_list(pinfo);
+ length = tvb_length(decrypted_tvb);
+ reported_length = tvb_reported_length(decrypted_tvb);
+
/*
* Remove the authentication padding from the stub data.
*/
if (auth_info != NULL && auth_info->auth_pad_len != 0) {
- length = tvb_length(decrypted_tvb);
- reported_length = tvb_reported_length(decrypted_tvb);
if (reported_length >= auth_info->auth_pad_len) {
/*
* OK, the padding length isn't so big that it
@@ -2253,7 +2255,7 @@
if (length > reported_length)
length = reported_length;
- stub_tvb = tvb_new_subset(tvb, 0, length, reported_length);
+ stub_tvb = tvb_new_subset(decrypted_tvb, 0, length, reported_length);
auth_pad_len = auth_info->auth_pad_len;
auth_pad_offset = reported_length;
} else {
@@ -2266,6 +2268,8 @@
stub_tvb = NULL;
auth_pad_len = reported_length;
auth_pad_offset = 0;
+ length = 0;
+ reported_length = 0;
}
} else {
/*
@@ -2276,6 +2280,10 @@
auth_pad_offset = 0;
}
+ if (sub_item) {
+ proto_item_set_len(sub_item, length);
+ }
+
if (stub_tvb != NULL) {
/*
* Catch all exceptions other than BoundsError, so that even
@@ -2287,25 +2295,24 @@
* dissect; just re-throw that exception.
*/
TRY {
- offset = sub_dissect (decrypted_tvb, 0, pinfo, sub_tree,
+ offset = sub_dissect (stub_tvb, 0, pinfo, sub_tree,
drep);
- if(tree) {
+ if(tree && offset > 0) {
proto_item_set_len(sub_item, offset);
}
/* If we have a subdissector and it didn't dissect all
data in the tvb, make a note of it. */
- /* XXX - don't do this, as this could be just another RPC Req./Resp. in this PDU */
- /*if (tvb_reported_length_remaining(stub_tvb, offset) > 0) {
+ if (tvb_reported_length_remaining(stub_tvb, offset) > 0) {
if (check_col(pinfo->cinfo, COL_INFO))
col_append_fstr(pinfo->cinfo, COL_INFO,
"[Long frame (%d bytes)]",
tvb_reported_length_remaining(stub_tvb, offset));
- }*/
+ }
} CATCH(BoundsError) {
RETHROW;
} CATCH_ALL {
- show_exception(decrypted_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
+ show_exception(stub_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
} ENDTRY;
}
Attachment:
dcerpc-fix-01.diff.sig
Description: PGP signature
- Follow-Ups:
- Re: [Wireshark-dev] [PATCH] some DCERPC fixes
- From: Jaap Keuter
- Re: [Wireshark-dev] [PATCH] some DCERPC fixes
- From: Stefan (metze) Metzmacher
- Re: [Wireshark-dev] [PATCH] some DCERPC fixes
- Prev by Date: [Wireshark-dev] [PATCH] fix SMB_NETLOGON cmd 0x17,0x19
- Next by Date: [Wireshark-dev] [PATCH] gtk don't handle GDK_Up/GDK_Down as printable chars
- Previous by thread: Re: [Wireshark-dev] [PATCH] fix SMB_NETLOGON cmd 0x17,0x19
- Next by thread: Re: [Wireshark-dev] [PATCH] some DCERPC fixes
- Index(es):