Wireshark mailing list archives
Re: Crash in dissect_smb2_command
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Mon, 26 Sep 2016 07:23:13 -0700
On Mon, Sep 26, 2016 at 6:53 AM, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:
On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <Paul.Offord () advance7 com> wrote:Hi, Between 2.2 and the latest git a change seems to have been made to dissect_smb2_getinfo_request(). It now returns an integer based on the difference between two dissected values: offset = getinfo_offset + getinfo_size; return offset; Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a zero offset is returned. On return to dissect_smb2_command there’s some fiddling around until we get to:
Yeah, I think Uri's change 4ec5cbe2d4583f0a09f91ea82e5ff298460a370d looks wrong. offset tracks where you are in the TVB and should be returned for most functions as the number of bytes you consumed. It should not be calculated like that. getinfo_offset and getinfo_size are things that are displayed from the request, but should not be used to indicate how many bytes were consumed. I would get rid of that offset = calculation but there is also the case that a subsequent change seems to have noticed that dissect_smb2_fid does not actually return how many bytes it consumed. If that is a fixed number of bytes, there needs to be an offset += N; after the call to dissect_smb2_fid. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Crash in dissect_smb2_command Paul Offord (Sep 25)
- Re: Crash in dissect_smb2_command Jeff Morriss (Sep 26)
- Re: Crash in dissect_smb2_command Richard Sharpe (Sep 26)
- Re: Crash in dissect_smb2_command Paul Offord (Sep 26)
- Re: Crash in dissect_smb2_command Jeff Morriss (Sep 26)