Wireshark mailing list archives

Re: Anyone willing to solve this ancient MAPI bug?

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sat, 12 Mar 2016 13:41:38 +0100

On 11-03-16 17:25, Alexis La Goutte wrote:



On Thu, Mar 10, 2016 at 11:58 PM, Jaap Keuter <jaap.keuter () xs4all nl
<mailto:jaap.keuter () xs4all nl>> wrote:

    Hi all,

    There's a bug (with a long grey beard by now) in
    packet-dcerpc-mapi.c:mapi_dissect_bitmap_ulEventType() where it reads flags (16
    bits) and then goes on to add bits to the tree, including bits 30 and 31 (called
    fnevReserverForMapi and fnevExtended). I've got no idea what these should be, so
    if anyone can determine the correct bitmaps we can finally close this bug.

Hi Jaap,

There is a bug on bugtracker ? and there is somewhere a pcap ?

Cheers


Hi,

No, as far as I know there's no bug in Bugzilla(1), neither a pcap.
This is coming from Coverity(2), and it's the last of the open ancients(3).
It would be nice to get it out of the way.

I've done some digging and it comes from the MAPI IDL file where it lists the 32
bit bitmaps for a 16 bit bitmap(4).

Looking at the openchange exchange IDL file(5) this seems to be a bit different.

I've got no idea if there are still pending IDL changes, waiting to be handled.
It could be there are corrections in this area as well.

Thanks,
Jaap


(1) Since this is related to MAPI, hence (P)IDL and SAMBA there has been stuff
going on. Jelmer is the one trying to get stuff from SAMBA updated in Wireshark,
but as far as I know this is somewhat of an under-developed area of Wireshark.

(2) CID-280341

(3) The ancients are the Coverity issues which were there when they were ported
from the databases of the previous Coverity versions a couple of years ago.

(4)
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/pidl/mapi/mapi.idl;hb=HEAD#l1028

(5) https://github.com/openchange/openchange/blob/master/exchange.idl#L2117



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Anyone willing to solve this ancient MAPI bug? Jaap Keuter (Mar 10)
- Re: Anyone willing to solve this ancient MAPI bug? Alexis La Goutte (Mar 11)
  - Re: Anyone willing to solve this ancient MAPI bug? Jaap Keuter (Mar 12)