Wireshark mailing list archives
Some random patches I use...
From: "Stefan (metze) Metzmacher" <metze () samba org>
Date: Fri, 29 Jan 2010 15:10:54 +0100
Hi, I'm using a few patches in my private git branch of wireshark. It would be nice if they could go upstream. metze
From a7036ec95c9be3de5ef29a31cfa1392a22aa3075 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze () samba org>
Date: Tue, 15 Sep 2009 01:54:18 +0200
Subject: [PATCH 1/7] packet-dcerpc-nt.c: fix a crash bug
metze
---
epan/dissectors/packet-dcerpc-nt.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/epan/dissectors/packet-dcerpc-nt.c b/epan/dissectors/packet-dcerpc-nt.c
index 6810044..edec878 100644
--- a/epan/dissectors/packet-dcerpc-nt.c
+++ b/epan/dissectors/packet-dcerpc-nt.c
@@ -1207,11 +1207,11 @@ void cb_wstr_postprocess(packet_info *pinfo, proto_tree *tree _U_,
proto_item_append_text(item, ": %s", s);
item = GET_ITEM_PARENT(item);
levels--;
- if (levels > 0) {
+ if (item && levels > 0) {
proto_item_append_text(item, ": %s", s);
item = GET_ITEM_PARENT(item);
levels--;
- while (levels > 0) {
+ while (item && levels > 0) {
proto_item_append_text(item, " %s", s);
item = GET_ITEM_PARENT(item);
levels--;
--
1.6.3.3
From 6206827630aee4f7c15c666b9f75eb78afeb7308 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze () samba org>
Date: Tue, 9 Jun 2009 12:51:52 +0200
Subject: [PATCH 2/7] packet-smb2.c: fix handling of compounded SMB2 PDUs
metze
---
epan/dissectors/packet-smb2.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c
index 64c55d5..d32d31c 100644
--- a/epan/dissectors/packet-smb2.c
+++ b/epan/dissectors/packet-smb2.c
@@ -5455,9 +5455,6 @@ dissect_smb2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, gboolea
if (chain_offset > 0) {
tvbuff_t *next_tvb;
- if (chain_offset < offset) {
- THROW(ReportedBoundsError);
- }
proto_item_set_len(item, chain_offset);
next_tvb = tvb_new_subset_remaining(tvb, chain_offset);
--
1.6.3.3
From 224d1eff0fe6c51074f22254c8d323c5e49ca2e3 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze () samba org>
Date: Thu, 27 Aug 2009 10:51:34 +0200
Subject: [PATCH 3/7] packet-spnego: fix decryption of DCERPC packets in decrypt_gssapi_krb_cfx_wrap()
There the checksum and the encrypted data are no 2 different buffers
and we need to combine them before we try to rotate and decrypt them.
metze
---
asn1/spnego/packet-spnego-template.c | 45 ++++++++++++++++++++++++-------
epan/dissectors/packet-spnego.c | 49 +++++++++++++++++++++++++--------
2 files changed, 72 insertions(+), 22 deletions(-)
diff --git a/asn1/spnego/packet-spnego-template.c b/asn1/spnego/packet-spnego-template.c
index c1a6120..d0d1860 100644
--- a/asn1/spnego/packet-spnego-template.c
+++ b/asn1/spnego/packet-spnego-template.c
@@ -692,7 +692,15 @@ rrc_rotate(void *data, int len, guint16 rrc, int unrotate)
#define KRB5_KU_USAGE_INITIATOR_SIGN 25
static void
-decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16
rrc _U_, int keytype, unsigned int usage)
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
+ packet_info *pinfo,
+ tvbuff_t *checksum_tvb,
+ tvbuff_t *encrypted_tvb,
+ guint16 ec,
+ guint16 rrc,
+ gboolean is_dce,
+ int keytype,
+ unsigned int usage)
{
int res;
char *rotated;
@@ -705,10 +713,23 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
return;
}
- rotated = tvb_memdup(tvb, 0, tvb_length(tvb));
- res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+ datalen = tvb_length(checksum_tvb) + tvb_length(encrypted_tvb);
- next_tvb=tvb_new_child_real_data(tvb, rotated, tvb_length(tvb), tvb_reported_length(tvb));
+ rotated = g_malloc(datalen);
+
+ tvb_memcpy(checksum_tvb, rotated,
+ 0, tvb_length(checksum_tvb));
+ tvb_memcpy(encrypted_tvb, rotated + tvb_length(checksum_tvb),
+ 0, tvb_length(encrypted_tvb));
+
+ if (is_dce) {
+ rrc += ec;
+ }
+
+ res = rrc_rotate(rotated, datalen, rrc, TRUE);
+
+ next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
+ datalen, datalen);
tvb_set_free_cb(next_tvb, g_free);
add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
@@ -718,13 +739,13 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
if (output) {
char *outdata;
- outdata = g_memdup(output, tvb_length(tvb));
+ outdata = g_memdup(output, tvb_length(encrypted_tvb));
g_free(output);
- pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
+ pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
outdata,
- datalen-16,
- datalen-16);
+ tvb_length(encrypted_tvb),
+ tvb_length(encrypted_tvb));
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
return;
@@ -1062,21 +1083,25 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
- pinfo->gssapi_encrypted_tvb = tvb_new_subset_remaining(tvb, 16);
+{
+ tvbuff_t *checksum_tvb = tvb_new_subset(tvb, 16, checksum_size, checksum_size);
- if (flags & 0x0002) {
+ if (pinfo->gssapi_data_encrypted) {
if(pinfo->gssapi_encrypted_tvb){
decrypt_gssapi_krb_cfx_wrap(tree,
pinfo,
+ checksum_tvb,
pinfo->gssapi_encrypted_tvb,
ec,
rrc,
+ (pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
-1,
(flags & 0x0001)?
KRB5_KU_USAGE_ACCEPTOR_SEAL:
KRB5_KU_USAGE_INITIATOR_SEAL);
}
}
+}
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
/*
diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index 8a997c1..d6bbfc0 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -1191,7 +1191,15 @@ rrc_rotate(void *data, int len, guint16 rrc, int unrotate)
#define KRB5_KU_USAGE_INITIATOR_SIGN 25
static void
-decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff_t *tvb _U_, guint16 ec _U_, guint16
rrc _U_, int keytype, unsigned int usage)
+decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_,
+ packet_info *pinfo,
+ tvbuff_t *checksum_tvb,
+ tvbuff_t *encrypted_tvb,
+ guint16 ec,
+ guint16 rrc,
+ gboolean is_dce,
+ int keytype,
+ unsigned int usage)
{
int res;
char *rotated;
@@ -1204,10 +1212,23 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
return;
}
- rotated = tvb_memdup(tvb, 0, tvb_length(tvb));
- res = rrc_rotate(rotated, tvb_length(tvb), rrc, TRUE);
+ datalen = tvb_length(checksum_tvb) + tvb_length(encrypted_tvb);
- next_tvb=tvb_new_child_real_data(tvb, rotated, tvb_length(tvb), tvb_reported_length(tvb));
+ rotated = g_malloc(datalen);
+
+ tvb_memcpy(checksum_tvb, rotated,
+ 0, tvb_length(checksum_tvb));
+ tvb_memcpy(encrypted_tvb, rotated + tvb_length(checksum_tvb),
+ 0, tvb_length(encrypted_tvb));
+
+ if (is_dce) {
+ rrc += ec;
+ }
+
+ res = rrc_rotate(rotated, datalen, rrc, TRUE);
+
+ next_tvb=tvb_new_child_real_data(encrypted_tvb, rotated,
+ datalen, datalen);
tvb_set_free_cb(next_tvb, g_free);
add_new_data_source(pinfo, next_tvb, "GSSAPI CFX");
@@ -1217,13 +1238,13 @@ decrypt_gssapi_krb_cfx_wrap(proto_tree *tree _U_, packet_info *pinfo _U_, tvbuff
if (output) {
char *outdata;
- outdata = g_memdup(output, tvb_length(tvb));
+ outdata = g_memdup(output, tvb_length(encrypted_tvb));
g_free(output);
- pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(tvb,
+ pinfo->gssapi_decrypted_tvb=tvb_new_child_real_data(encrypted_tvb,
outdata,
- datalen-16,
- datalen-16);
+ tvb_length(encrypted_tvb),
+ tvb_length(encrypted_tvb));
add_new_data_source(pinfo, pinfo->gssapi_decrypted_tvb, "Decrypted GSS-Krb5");
tvb_set_free_cb(pinfo->gssapi_decrypted_tvb, g_free);
return;
@@ -1561,21 +1582,25 @@ dissect_spnego_krb5_cfx_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
}
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
- pinfo->gssapi_encrypted_tvb = tvb_new_subset_remaining(tvb, 16);
+{
+ tvbuff_t *checksum_tvb = tvb_new_subset(tvb, 16, checksum_size, checksum_size);
- if (flags & 0x0002) {
+ if (pinfo->gssapi_data_encrypted) {
if(pinfo->gssapi_encrypted_tvb){
decrypt_gssapi_krb_cfx_wrap(tree,
pinfo,
+ checksum_tvb,
pinfo->gssapi_encrypted_tvb,
ec,
rrc,
+ (pinfo->decrypt_gssapi_tvb==DECRYPT_GSSAPI_DCE)?TRUE:FALSE,
-1,
(flags & 0x0001)?
KRB5_KU_USAGE_ACCEPTOR_SEAL:
KRB5_KU_USAGE_INITIATOR_SEAL);
}
}
+}
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
/*
@@ -1959,7 +1984,7 @@ void proto_register_spnego(void) {
NULL, HFILL }},
/*--- End of included file: packet-spnego-hfarr.c ---*/
-#line 1375 "packet-spnego-template.c"
+#line 1400 "packet-spnego-template.c"
};
/* List of subtrees */
@@ -1981,7 +2006,7 @@ void proto_register_spnego(void) {
&ett_spnego_InitialContextToken_U,
/*--- End of included file: packet-spnego-ettarr.c ---*/
-#line 1385 "packet-spnego-template.c"
+#line 1410 "packet-spnego-template.c"
};
/* Register protocol */
--
1.6.3.3
From e84a06d439cf04942fc2c878f60a1cd9d136b163 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze () samba org>
Date: Fri, 29 Jan 2010 14:28:08 +0100
Subject: [PATCH 4/7] packet-winsrepl.c: handle the strange alignment after names
metze
---
epan/dissectors/packet-winsrepl.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/epan/dissectors/packet-winsrepl.c b/epan/dissectors/packet-winsrepl.c
index 4191b7d..57044f6 100644
--- a/epan/dissectors/packet-winsrepl.c
+++ b/epan/dissectors/packet-winsrepl.c
@@ -434,7 +434,11 @@ dissect_winsrepl_wins_name(tvbuff_t *winsrepl_tvb, packet_info *pinfo,
winsrepl_offset += name_len;
/* ALIGN to 4 Byte */
- winsrepl_offset += ((winsrepl_offset & (4-1)) == 0 ? 0 : (4 - (winsrepl_offset & (4-1))));
+ /* winsrepl_offset += ((winsrepl_offset & (4-1)) == 0 ? 0 : (4 - (winsrepl_offset & (4-1)))); */
+ /* Windows including w2k8 add 4 padding bytes, when it's already 4 byte
+ * alligned... This happens when the name has a "scope" part
+ */
+ winsrepl_offset += 4 - (winsrepl_offset & (4-1));
/* FLAGS */
/*
--
1.6.3.3
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Some random patches I use... Stefan (metze) Metzmacher (Jan 29)
- Re: Some random patches I use... Stephen Fisher (Jan 29)