Wireshark · Wireshark-dev: [Wireshark-dev] Some random patches I use...

Wireshark-dev: [Wireshark-dev] Some random patches I use...

From: "Stefan (metze) Metzmacher" <metze@xxxxxxxxx>

Date: Fri, 29 Jan 2010 15:10:54 +0100

Hi,

I'm using a few patches in my private git branch of wireshark.
It would be nice if they could go upstream.

metze

From a7036ec95c9be3de5ef29a31cfa1392a22aa3075 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@xxxxxxxxx>
Date: Tue, 15 Sep 2009 01:54:18 +0200
Subject: [PATCH 1/7] packet-dcerpc-nt.c: fix a crash bug

metze
---
 epan/dissectors/packet-dcerpc-nt.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c
index 6810044..edec878 100644
--- a/epan/dissectors/packet-dcerpc-nt.c
+++ b/epan/dissectors/packet-dcerpc-nt.c
@@ -1207,11 +1207,11 @@ void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
 		proto_item_append_text(item, ": %s", s);
 		item = GET_ITEM_PARENT(item);
 		levels--;
-		if (levels > 0) {
+		if (item && levels > 0) {
 			proto_item_append_text(item, ": %s", s);
 			item = GET_ITEM_PARENT(item);
 			levels--;
-			while (levels > 0) {
+			while (item && levels > 0) {
 				proto_item_append_text(item, " %s", s);
 				item = GET_ITEM_PARENT(item);
 				levels--;
-- 
1.6.3.3

From 6206827630aee4f7c15c666b9f75eb78afeb7308 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@xxxxxxxxx>
Date: Tue, 9 Jun 2009 12:51:52 +0200
Subject: [PATCH 2/7] packet-smb2.c: fix handling of compounded SMB2 PDUs

metze
---
 epan/dissectors/packet-smb2.c |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)

diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c
index 64c55d5..d32d31c 100644
--- a/epan/dissectors/packet-smb2.c
+++ b/epan/dissectors/packet-smb2.c
@@ -5455,9 +5455,6 @@ dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, gboolea
 	if (chain_offset > 0) {
 		tvbuff_t *next_tvb;
 
-		if (chain_offset < offset) {
-			THROW(ReportedBoundsError);
-		}
 		proto_item_set_len(item, chain_offset);
 
 		next_tvb = tvb_new_subset_remaining(tvb, chain_offset);
-- 
1.6.3.3

From 224d1eff0fe6c51074f22254c8d323c5e49ca2e3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@xxxxxxxxx>
Date: Thu, 27 Aug 2009 10:51:34 +0200
Subject: [PATCH 3/7] packet-spnego: fix decryption of DCERPC packets in decrypt_gssapi_krb_cfx_wrap()

There the checksum and the encrypted data are no 2 different buffers
and we need to combine them before we try to rotate and decrypt them.

metze
---
 asn1/spnego/packet-spnego-template.c |   45 ++++++++++++++++++++++++-------
 epan/dissectors/packet-spnego.c      |   49 +++++++++++++++++++++++++--------
 2 files changed, 72 insertions(+), 22 deletions(-)

diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c
index c1a6120..d0d1860 100644
--- a/asn1/spnego/packet-spnego-template.c
+++ b/asn1/spnego/packet-spnego-template.c
@@ -692,7 +692,15 @@ rrc_rotate(void *data, int len, guint16 rrc, int unrotate)
 #define KRB5_KU_USAGE_INITIATOR_SIGN	25
 
 static void
-decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16 rrc _U_, int keytype, unsigned int usage)
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
+			    packet_info *pinfo,
+			    tvbuff_t *checksum_tvb,
+			    tvbuff_t *encrypted_tvb,
+			    guint16 ec,
+			    guint16 rrc,
+			    gboolean is_dce,
+			    int keytype,
+			    unsigned int usage)
 {
 	int res;
 	char *rotated;
@@ -705,10 +713,23 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
 		return;
 	}
 
-	rotated = tvb_memdup(tvb, 0, tvb_length(tvb));
-	res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+	datalen = tvb_length(checksum_tvb) + tvb_length(encrypted_tvb);
 
-	next_tvb=tvb_new_child_real_data(tvb, rotated, tvb_length(tvb), tvb_reported_length(tvb));
+	rotated = g_malloc(datalen);
+
+	tvb_memcpy(checksum_tvb, rotated,
+		   0, tvb_length(checksum_tvb));
+	tvb_memcpy(encrypted_tvb, rotated + tvb_length(checksum_tvb),
+		   0, tvb_length(encrypted_tvb));
+
+	if (is_dce) {
+		rrc += ec;
+	}
+
+	res = rrc_rotate(rotated, datalen, rrc, TRUE);
+
+	next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
+					 datalen, datalen);
 	tvb_set_free_cb(next_tvb, g_free);
 	add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
 
@@ -718,13 +739,13 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
 	if (output) {
 		char *outdata;
 
-		outdata = g_memdup(output, tvb_length(tvb));
+		outdata = g_memdup(output, tvb_length(encrypted_tvb));
 		g_free(output);
 
-		pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
+		pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
 			outdata,
-			datalen-16,
-			datalen-16);
+			tvb_length(encrypted_tvb),
+			tvb_length(encrypted_tvb));
 		add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
 		tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
 		return;
@@ -1062,21 +1083,25 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 	}
 
 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
-	pinfo->gssapi_encrypted_tvb = tvb_new_subset_remaining(tvb, 16);
+{
+	tvbuff_t *checksum_tvb = tvb_new_subset(tvb, 16, checksum_size, checksum_size);
 
-	if (flags & 0x0002) {
+	if (pinfo->gssapi_data_encrypted) {
 		if(pinfo->gssapi_encrypted_tvb){
 			decrypt_gssapi_krb_cfx_wrap(tree,
 				pinfo,
+				checksum_tvb,
 				pinfo->gssapi_encrypted_tvb,
 				ec,
 				rrc,
+				(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
 				-1,
 				(flags & 0x0001)?
 				KRB5_KU_USAGE_ACCEPTOR_SEAL:
 				KRB5_KU_USAGE_INITIATOR_SEAL);
 		}
 	}
+}
 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
 
 	/*
diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index 8a997c1..d6bbfc0 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -1191,7 +1191,15 @@ rrc_rotate(void *data, int len, guint16 rrc, int unrotate)
 #define KRB5_KU_USAGE_INITIATOR_SIGN	25
 
 static void
-decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16 rrc _U_, int keytype, unsigned int usage)
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
+			    packet_info *pinfo,
+			    tvbuff_t *checksum_tvb,
+			    tvbuff_t *encrypted_tvb,
+			    guint16 ec,
+			    guint16 rrc,
+			    gboolean is_dce,
+			    int keytype,
+			    unsigned int usage)
 {
 	int res;
 	char *rotated;
@@ -1204,10 +1212,23 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
 		return;
 	}
 
-	rotated = tvb_memdup(tvb, 0, tvb_length(tvb));
-	res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+	datalen = tvb_length(checksum_tvb) + tvb_length(encrypted_tvb);
 
-	next_tvb=tvb_new_child_real_data(tvb, rotated, tvb_length(tvb), tvb_reported_length(tvb));
+	rotated = g_malloc(datalen);
+
+	tvb_memcpy(checksum_tvb, rotated,
+		   0, tvb_length(checksum_tvb));
+	tvb_memcpy(encrypted_tvb, rotated + tvb_length(checksum_tvb),
+		   0, tvb_length(encrypted_tvb));
+
+	if (is_dce) {
+		rrc += ec;
+	}
+
+	res = rrc_rotate(rotated, datalen, rrc, TRUE);
+
+	next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
+					 datalen, datalen);
 	tvb_set_free_cb(next_tvb, g_free);
 	add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
 
@@ -1217,13 +1238,13 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
 	if (output) {
 		char *outdata;
 
-		outdata = g_memdup(output, tvb_length(tvb));
+		outdata = g_memdup(output, tvb_length(encrypted_tvb));
 		g_free(output);
 
-		pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
+		pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
 			outdata,
-			datalen-16,
-			datalen-16);
+			tvb_length(encrypted_tvb),
+			tvb_length(encrypted_tvb));
 		add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
 		tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
 		return;
@@ -1561,21 +1582,25 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 	}
 
 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
-	pinfo->gssapi_encrypted_tvb = tvb_new_subset_remaining(tvb, 16);
+{
+	tvbuff_t *checksum_tvb = tvb_new_subset(tvb, 16, checksum_size, checksum_size);
 
-	if (flags & 0x0002) {
+	if (pinfo->gssapi_data_encrypted) {
 		if(pinfo->gssapi_encrypted_tvb){
 			decrypt_gssapi_krb_cfx_wrap(tree,
 				pinfo,
+				checksum_tvb,
 				pinfo->gssapi_encrypted_tvb,
 				ec,
 				rrc,
+				(pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
 				-1,
 				(flags & 0x0001)?
 				KRB5_KU_USAGE_ACCEPTOR_SEAL:
 				KRB5_KU_USAGE_INITIATOR_SEAL);
 		}
 	}
+}
 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
 
 	/*
@@ -1959,7 +1984,7 @@ void proto_register_spnego(void) {
         NULL, HFILL }},
 
 /*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1375 "packet-spnego-template.c"
+#line 1400 "packet-spnego-template.c"
 	};
 
 	/* List of subtrees */
@@ -1981,7 +2006,7 @@ void proto_register_spnego(void) {
     &ett_spnego_InitialContextToken_U,
 
 /*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1385 "packet-spnego-template.c"
+#line 1410 "packet-spnego-template.c"
 	};
 
 	/* Register protocol */
-- 
1.6.3.3

From e84a06d439cf04942fc2c878f60a1cd9d136b163 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@xxxxxxxxx>
Date: Fri, 29 Jan 2010 14:28:08 +0100
Subject: [PATCH 4/7] packet-winsrepl.c: handle the strange alignment after names

metze
---
 epan/dissectors/packet-winsrepl.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/epan/dissectors/packet-winsrepl.c b/epan/dissectors/packet-winsrepl.c
index 4191b7d..57044f6 100644
--- a/epan/dissectors/packet-winsrepl.c
+++ b/epan/dissectors/packet-winsrepl.c
@@ -434,7 +434,11 @@ dissect_winsrepl_wins_name(tvbuff_t *winsrepl_tvb, packet_info *pinfo,
 	winsrepl_offset += name_len;
 
 	/* ALIGN to 4 Byte */
-	winsrepl_offset += ((winsrepl_offset & (4-1)) == 0 ? 0 : (4 - (winsrepl_offset & (4-1))));
+	/* winsrepl_offset += ((winsrepl_offset & (4-1)) == 0 ? 0 : (4 - (winsrepl_offset & (4-1)))); */
+	/* Windows including w2k8 add 4 padding bytes, when it's already 4 byte
+	 * alligned... This happens when the name has a "scope" part
+	 */
+	winsrepl_offset += 4 - (winsrepl_offset & (4-1));
 
 	/* FLAGS */
 	/*
-- 
1.6.3.3

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: [Wireshark-dev] Some random patches I use...
  - From: Stephen Fisher

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC
Next by Date: [Wireshark-dev] tshark -K option not handled correctly in --disable-wireshark build
Previous by thread: Re: [Wireshark-dev] Not able to lauch the Wireshark in windows Xp
Next by thread: Re: [Wireshark-dev] Some random patches I use...
Index(es):
- Date
- Thread