Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: issue: SMB2: The value of "Fixed Part Length" seems wrong

From: kXuan <kxuanobj () gmail com>
Date: Wed, 25 Sep 2019 14:37:34 +0800
Hi Alexis,
    I submit this bug on https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16078 


Thanks,

Zhai Zhaoxuan

On 9/24/19 8:28 PM, Alexis La Goutte wrote:

Hi Zhai,
Can you open a issue on bug tracker and a pcap ? https://bugs.wireshark.org
You can also push a fix directly on Gerrit https://code.wireshark.org/review and look for help https://wiki.wireshark.org/Development/SubmittingPatches 

Cheers
On Tue, Sep 24, 2019 at 1:06 PM Xuan k <kxuanobj () gmail com <mailto:kxuanobj () gmail com>> wrote: 

    Hi everyone,

    I found a issue about SMB2 protocol. The wireshark gives a wrong
    value on "Fixed Part Length" field.

    This is a Close Request message:
    Close Request (0x06)
      StructureSize: 0x0018
        0000 0000 0001 100. = Fixed Part Length: 12
        .... .... .... ...0 = Dynamic Part: False
      Close Flags: 0x0000
      GUID handle File: Templates

    But the "Fixed Part Length" should be 24 in this message, not 12.

    It seems that the problem is caused by misusing the bit mask of
    struct header_field_info.
    The source line epan/dissectors/packet-smb2.c:10984 use a
    mask 0xFFFE to filter out the field.
    10982                 { &hf_smb2_buffer_code_len,
    10983                         { "Fixed Part Length",
    "smb2.buffer_code.length", FT_UINT16, BASE_DEC,
    10984                         NULL, 0xFFFE, "Length of fixed
    portion of PDU", HFILL }
    10985                 },

    But in function `proto_tree_set_uint` (epan/proto.c:5281), it
    shifts the numberic, and cause the numberic been divided by 2.

    hope this issue will be resolved soon.

    Thanks,
    Zhai Zhaoxuan


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: