Wireshark-bugs: [Wireshark-bugs] [Bug 7363] Wireshark is unable to dissect Security Descriptors
Date: Tue, 12 Jun 2012 21:48:01 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7363

--- Comment #7 from Richard Sharpe <[email protected]> 2012-06-12 21:48:00 PDT ---
The second patch:

[[email protected] wireshark.h3-mods]$ diff -up
../wireshark/epan/dissectors/packet-smb.c  epan/dissectors/packet-smb.c 
--- ../wireshark/epan/dissectors/packet-smb.c    2012-06-10 12:30:03.667342881
-0700
+++ epan/dissectors/packet-smb.c    2012-06-12 20:06:31.639400584 -0700
@@ -5783,8 +5783,9 @@ dissect_locking_andx_request(tvbuff_t *t
     }

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -5875,8 +5876,9 @@ dissect_locking_andx_response(tvbuff_t *
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -6080,8 +6082,9 @@ dissect_open_andx_request(tvbuff_t *tvb,
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -6248,8 +6251,9 @@ dissect_open_andx_response(tvbuff_t *tvb
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -6408,8 +6412,9 @@ dissect_read_andx_request(tvbuff_t *tvb,
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -6604,8 +6609,9 @@ dissect_read_andx_response(tvbuff_t *tvb
     END_OF_SMB

     if (cmd != 0xff) {   /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -6838,8 +6844,9 @@ dissect_write_andx_request(tvbuff_t *tvb
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -6924,8 +6931,9 @@ dissect_write_andx_response(tvbuff_t *tv
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -7329,8 +7337,9 @@ dissect_session_setup_andx_request(tvbuf
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         pinfo->private_data = si;
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }
@@ -7464,8 +7473,9 @@ dissect_session_setup_andx_response(tvbu
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         pinfo->private_data = si;
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }
@@ -7506,8 +7516,9 @@ dissect_empty_andx(tvbuff_t *tvb, packet
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -7705,8 +7716,9 @@ dissect_tree_connect_andx_request(tvbuff
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -7857,8 +7869,9 @@ dissect_tree_connect_andx_response(tvbuf
     END_OF_SMB

     if (cmd != 0xff) {     /* there is an andX command */
-        if (andxoffset < offset)
+        if (andxoffset < offset) {
             THROW(ReportedBoundsError);
+        }
         dissect_smb_command(tvb, pinfo, andxoffset, smb_tree, cmd, FALSE);
     }

@@ -8517,8 +8530,10 @@ dissect_nt_trans_data_request(tvbuff_t *
     DISSECTOR_ASSERT(si);

     if(parent_tree){
-        tvb_ensure_bytes_exist(tvb, offset, bc);
-        item = proto_tree_add_text(parent_tree, tvb, offset, bc,
+        guint32 bytes = 0;
+        bytes = tvb_length_remaining(tvb, offset);
+        /*tvb_ensure_bytes_exist(tvb, offset, bc);*/
+        item = proto_tree_add_text(parent_tree, tvb, offset, bytes,
                 "%s Data",
                 val_to_str_ext(ntd->subcmd, &nt_cmd_vals_ext, "Unknown NT
transaction (%u)"));
         tree = proto_item_add_subtree(item, ett_smb_nt_trans_data);
@@ -8564,6 +8579,11 @@ dissect_nt_trans_data_request(tvbuff_t *

         offset = dissect_nt_sec_desc(
             tvb, offset, pinfo, tree, NULL, TRUE, bc, ami);
+
+        if (offset < (old_offset + bc)) {
+            offset = old_offset + bc;
+        }
+
         break;
     case NT_TRANS_NOTIFY:
         break;

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.