ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2524] New: SMB dissector incorrectly handling FID reuse fo

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 6 May 2008 09:15:03 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2524

           Summary: SMB dissector incorrectly handling FID reuse for NT
                    Create AndX command.
           Product: Wireshark
           Version: unspecified
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: kyle.kloepper@xxxxxxxxxxxx


Build Information:
Version 0.99.8 (SVN Rev 24492)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 7.0, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio V19-devel,
with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
This is a bug with the SMB dissector.

CONTEXT:
1. Capture network traffic with multiple opens. A good traffic source for this
is the Samba4 smbtorture test RAW-BENCH-OPEN.
2. Examine the NT Create Andx Requests and Responses.
3. Specifically look at the [FID: ...] information.

BUG:
When a file is opened the server assigns a FID number. This FID can be reused.
Moreover this FID can be reused for different files on the same connection. 

The SMB dissector treats FIDs as unique for a connection. So if an FID is
reused all previous references to that FID in the trace are given the incorrect
file information. The most recent use of an FID takes precedence.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube