Re: Crash in dissect_smb2_command

[Richard Sharpe <realrichardsharpe () gmail com>]

On Mon, Sep 26, 2016 at 6:53 AM, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:
> On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <Paul.Offord () advance7 com>
> wrote:
> > Hi,
> >
> > Between 2.2 and the latest git a change seems to have been made to
> > dissect_smb2_getinfo_request().  It now returns an integer based on the
> > difference between two dissected values:
> >
> >                offset = getinfo_offset + getinfo_size;
> >
> >                return offset;
> >
> > Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a
> > zero offset is returned.  On return to dissect_smb2_command there’s some
> > fiddling around until we get to:

Yeah, I think Uri's change 4ec5cbe2d4583f0a09f91ea82e5ff298460a370d
looks wrong.

offset tracks where you are in the TVB and should be returned for most
functions as the number of bytes you consumed. It should not be
calculated like that.

getinfo_offset and getinfo_size are things that are displayed from the
request, but should not be used to indicate how many bytes were
consumed. I would get rid of that offset = calculation but there is
also the case that a subsequent change seems to have noticed that
dissect_smb2_fid does not actually return how many bytes it consumed.
If that is a fixed number of bytes, there needs to be an offset += N;
after the call to dissect_smb2_fid.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe