diff options
| author | guy <guy> | 2001-01-15 03:23:58 +0000 |
|---|---|---|
| committer | guy <guy> | 2001-01-15 03:23:58 +0000 |
| commit | 64e81f2917f6865dff8df96e18cec1b8bf2fa836 (patch) | |
| tree | da7631253189165b1e6cbedf9486ab253ce7d10e /print-smb.c | |
| parent | 1e73a0fd9df4c3352bb72344afdae8ccd6146c09 (diff) | |
| download | tcpdump-64e81f2917f6865dff8df96e18cec1b8bf2fa836.tar.gz | |
Handle IPX socket 0x553, which is some kind of NetBIOS-over-IPX socket.
(We call it "nwlink-dgm" for now; Ethereal calls it a NWLink SMB
datagram.)
Don't throw every LLC frame with unknown SAPs at the NetBIOS-over-IPX
dissector; just throw the frames for IPX sockets 0x455 and 0x553 at it,
as those appear to be the sockets used (if there are any others, please
add them to the IPX dissector - putting it back in the LLC dissector
won't help, as all IPX frames, including LLC frames, should now be
handed to the IPX dissector).
Do better bounds checking in "ipx_netbios_print()" and
"netbeui_print()", i.e. don't go past the end of the captured data in
the packet when looking for the 0xFF S M B signature.
Diffstat (limited to 'print-smb.c')
| -rw-r--r-- | print-smb.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/print-smb.c b/print-smb.c index 85e2b437..f3002e09 100644 --- a/print-smb.c +++ b/print-smb.c @@ -11,7 +11,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.7 2000-12-05 06:42:47 guy Exp $"; + "@(#) $Header: /tcpdump/master/tcpdump/print-smb.c,v 1.8 2001-01-15 03:24:00 guy Exp $"; #endif #include <stdio.h> @@ -1003,12 +1003,18 @@ void netbeui_print(u_short control, const uchar *data, const uchar *maxbuf) goto out; } + /* If there isn't enough data for "\377SMB", don't look for it. */ + if (!TTEST2(data2[3], 4)) + goto out; + if (memcmp(data2,"\377SMB",4)==0) { print_smb(data2,maxbuf); } else { int i; for (i=0;i<128;i++) { - if (&data2[i] >= maxbuf) + if (!TTEST2(data2[i], 4)) + break; + if (&data2[i+3] >= maxbuf) break; if (memcmp(&data2[i],"\377SMB",4)==0) { printf("found SMB packet at %d\n", i); @@ -1026,12 +1032,20 @@ out: /* print IPX-Netbios frames */ -void ipx_netbios_print(const uchar *data, const uchar *maxbuf) +void ipx_netbios_print(const uchar *data, u_int length) { - /* this is a hack till I work out how to parse the rest of the IPX stuff */ + /* this is a hack till I work out how to parse the rest of the + NetBIOS-over-IPX stuff */ int i; + const uchar *maxbuf; + + maxbuf = data + length; startbuf = data; - for (i=0;i<128;i++) + for (i=0;i<128;i++) { + if (!TTEST2(data[i], 4)) + break; + if (&data[i+3] >= maxbuf) + break; if (memcmp(&data[i],"\377SMB",4)==0) { fdata(data,"\n>>> IPX transport ",&data[i]); if (data != NULL) @@ -1040,6 +1054,7 @@ void ipx_netbios_print(const uchar *data, const uchar *maxbuf) fflush(stdout); break; } + } if (i==128) fdata(data,"\n>>> Unknown IPX ",maxbuf); } |