Wireshark-dev: Re: [Wireshark-dev] smb2.msg_id defined as signed 64-bit integer - bug?
From: Paul Offord <[email protected]>
Date: Sat, 17 Sep 2016 17:20:53 +0000
Yeh - sure I accept that.  I raised it because I've written a post-dissector that uses the smb2.msg_id value.  I assumed it was a 64-bit unsigned integer and it caused my code to crash.  I tracked it down to an assertion failure due to smb2.msg_id being a gint64 and me using fvalue_get_uinteger64() to get the value.

Or look at it the other way.  I'm helping get Wireshark ready for the 22nd century.

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Richard Sharpe
Sent: 17 September 2016 17:36
To: Developer support list for Wireshark <[email protected]>
Subject: Re: [Wireshark-dev] smb2.msg_id defined as signed 64-bit integer - bug?

On Sat, Sep 17, 2016 at 7:12 AM, Paul Offord <[email protected]> wrote:
> In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a 
> signed 64-bit integer.
>

As Graham alreay said, sure create a bug or submit a change directly.

However, even at 1 SMB message per microsecond, that is still around
10^43 seconds before we ever see an issue, or around 10^37 days ...
we've got time. (Message IDs start at 1, I believe.)

>
> packet-smb2.h
>
> ------------------
>
> typedef struct _smb2_info_t {
>
>                guint16 opcode;
>
>                guint32 ioctl_function;
>
>                guint32 status;
>
>                guint32 tid;
>
>                guint64 sesid;
>
>                gint64  msg_id;
>
>                guint32 flags;
>
>                smb2_eo_file_info_t       *eo_file_info; /* eo_smb extra info
> */
>
>                smb2_conv_info_t           *conv;
>
>                smb2_saved_info_t         *saved;
>
>                smb2_tid_info_t                              *tree;
>
>                smb2_sesid_info_t           *session;
>
>                smb2_fid_info_t                              *file;
>
>                proto_tree *top_tree;
>
> } smb2_info_t;
>
>
>
> packet-smb2.c
>
> ------------------
>
>                               { &hf_smb2_msg_id,
>
>                                              { "Message ID", 
> "smb2.msg_id", FT_INT64, BASE_DEC,
>
>                                              NULL, 0, "SMB2 Message 
> ID", HFILL }
>
>                               },
>
>
>
>
>
> I believe MessageId should be an unsigned 64-bit integer.  Although 
> the [MS-SMB2] document isn’t specific, Microsoft Message Analyzer 
> defines the field as UInt64.
>
>
>
> It’s not a big deal but it does mean that filtering for a range of 
> MessageIds won’t work as expected for very large values.
>
>
>
> Is it OK for me to report this as a bug through Bugzilla?
>
>
>
> Best regards…Paul
>
>
> ______________________________________________________________________
>
> This message contains confidential information and is intended only 
> for the individual named. If you are not the named addressee you 
> should not disseminate, distribute or copy this e-mail. Please notify 
> the sender immediately by e-mail if you have received this e-mail by 
> mistake and delete this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do 
> not necessarily represent those of Advance Seven Ltd. E-mail 
> transmission cannot be guaranteed to be secure or error-free as 
> information could be intercepted, corrupted, lost, destroyed, arrive 
> late or incomplete, or contain viruses. The sender therefore does not 
> accept liability for any errors or omissions in the contents of this 
> message, which arise as a result of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at 
> Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com 
> ______________________________________________________________________
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <[email protected]>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              
> mailto:[email protected]?subject=unsubscribe



--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

______________________________________________________________________

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.

Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________