Wireshark mailing list archives
packet-smb not properly handling transact requests and responses ...
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 9 Jun 2012 15:12:39 -0700
Hi folks, So, in Samba bug https://bugzilla.samba.org/show_bug.cgi?id=8989 you will find two captures relating to the handling of NT TRANSACT SET SECURITY DESCRIPTOR. Wireshark does not handle the dissection of these correctly, and I suspect, normal SMB TRANSACT and SMB TRANSACT2 requests/responses. In dissect_smb, in the code for a normal bidirectional request or response we lookup, using g_hash_table_lookup, the sip for the pid_mid for the current frame. However, we look it up in the unmatched requests. By the time we see a secondary, the original request with that pid_mid is no longer unmatched, so we have a null sip. Later, when we call smb_trans_defragment on the secondary (so we can give this fragment to the original request), we do not have a sip, so we do nothing. It seems that in dissect_smb, if the request is an XXX_SECONDARY, we should look up the sip in the matched packets not the unmatched packets. What say ye? I will give that a try to see if I can make progress. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- packet-smb not properly handling transact requests and responses ... Richard Sharpe (Jun 09)
- Re: packet-smb not properly handling transact requests and responses ... Richard Sharpe (Jun 09)
- Re: packet-smb not properly handling transact requests and responses ... Richard Sharpe (Jun 09)
- Re: packet-smb not properly handling transact requests and responses ... Richard Sharpe (Jun 09)
- Re: packet-smb not properly handling transact requests and responses ... Richard Sharpe (Jun 09)
- Re: packet-smb not properly handling transact requests and responses ... Richard Sharpe (Jun 09)