* or later
*/
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
+#include <config.h>
-#include <netdissect-stdinc.h>
+#include "netdissect-stdinc.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include "netdissect-ctype.h"
+
#include "netdissect.h"
#include "extract.h"
#include "smb.h"
+static int stringlen_is_set;
static uint32_t stringlen;
extern const u_char *startbuf;
/*
- * interpret a 32 bit dos packed date/time to some parameters
+ * Reset SMB state.
*/
-static void
-interpret_dos_date(uint32_t date, struct tm *tp)
+void
+smb_reset(void)
{
- uint32_t p0, p1, p2, p3;
-
- p0 = date & 0xFF;
- p1 = ((date & 0xFF00) >> 8) & 0xFF;
- p2 = ((date & 0xFF0000) >> 16) & 0xFF;
- p3 = ((date & 0xFF000000) >> 24) & 0xFF;
-
- tp->tm_sec = 2 * (p0 & 0x1F);
- tp->tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3);
- tp->tm_hour = (p1 >> 3) & 0xFF;
- tp->tm_mday = (p2 & 0x1F);
- tp->tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1;
- tp->tm_year = ((p3 >> 1) & 0xFF) + 80;
+ stringlen_is_set = 0;
+ stringlen = 0;
}
/*
- * common portion:
- * create a unix date from a dos date
+ * create a UNIX time_t from a 32-bit DOS packetd date/time, with
+ * the DOS date/time assumed to be local time in *our* location.
*/
static time_t
int_unix_date(uint32_t dos_date)
{
+ uint32_t p0, p1, p2, p3;
struct tm t;
if (dos_date == 0)
return(0);
- interpret_dos_date(dos_date, &t);
- t.tm_wday = 1;
- t.tm_yday = 1;
- t.tm_isdst = 0;
-
+ p0 = dos_date & 0xFF;
+ p1 = ((dos_date & 0xFF00) >> 8) & 0xFF;
+ p2 = ((dos_date & 0xFF0000) >> 16) & 0xFF;
+ p3 = ((dos_date & 0xFF000000) >> 24) & 0xFF;
+
+ t.tm_sec = 2 * (p0 & 0x1F);
+ t.tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3);
+ t.tm_hour = (p1 >> 3) & 0xFF;
+ t.tm_mday = (p2 & 0x1F);
+ t.tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1;
+ t.tm_year = ((p3 >> 1) & 0xFF) + 80;
+
+ t.tm_wday = 1; /* XXX - should not affect the result; why 1? */
+ t.tm_yday = 1; /* XXX - should not affect the result; why 1? */
+ t.tm_isdst = 0; /* XXX - should be -1, to handle DST? */
+
+ /*
+ * XXX - if tm_year is 2038 or later, this might not fit in a
+ * 32-bit time_t.
+ */
return (mktime(&t));
}
* in network byte order
*/
static time_t
-make_unix_date(const u_char *date_ptr)
+make_unix_date(netdissect_options *ndo, const u_char *date_ptr)
{
uint32_t dos_date = 0;
- dos_date = EXTRACT_LE_U_4(date_ptr);
+ dos_date = GET_LE_U_4(date_ptr);
return int_unix_date(dos_date);
}
* in halfword-swapped network byte order!
*/
static time_t
-make_unix_date2(const u_char *date_ptr)
+make_unix_date2(netdissect_options *ndo, const u_char *date_ptr)
{
uint32_t x, x2;
- x = EXTRACT_LE_U_4(date_ptr);
+ x = GET_LE_U_4(date_ptr);
x2 = ((x & 0xFFFF) << 16) | ((x & 0xFFFF0000) >> 16);
return int_unix_date(x2);
}
+/* Delta between the NT FILETIME epoch and the POSIX epoch. */
+#define FILETIME_TO_POSIX_DELTA INT64_C(11644473600)
+
/*
- * interpret an 8 byte "filetime" structure to a time_t
+ * interpret an 8 byte NT FILETIME structure to a time_t
* It's originally in "100ns units since jan 1st 1601"
*/
static time_t
-interpret_long_date(const u_char *p)
+interpret_filetime(netdissect_options *ndo, const u_char *p)
{
- double d;
- time_t ret;
-
- /* this gives us seconds since jan 1st 1601 (approx) */
- d = (EXTRACT_LE_U_4(p + 4) * 256.0 + EXTRACT_U_1(p + 3)) * (1.0e-7 * (1 << 24));
-
- /* now adjust by 369 years to make the secs since 1970 */
- d -= 369.0 * 365.25 * 24 * 60 * 60;
-
- /* and a fudge factor as we got it wrong by a few days */
- d += (3 * 24 * 60 * 60 + 6 * 60 * 60 + 2);
-
- if (d < 0)
- return(0);
-
- ret = (time_t)d;
-
- return(ret);
+ int64_t ret;
+ time_t ret_time_t;
+
+ /*
+ * Fetch a FILETIME structure; the first 4 bytes are the low-order
+ * 32 bits of a 64-bit count of 100ns units since 1601-01-01
+ * at some specific time, and the next 4 bytes are the high-order
+ * 32 bits of that count.
+ */
+ ret = (int64_t)(((uint64_t)GET_LE_U_4(p + 4) << 32) + (uint64_t)GET_LE_U_4(p));
+
+ /* Now convert from FILETIME to POSIX time. */
+ ret += FILETIME_TO_POSIX_DELTA;
+
+ ret_time_t = (time_t)ret;
+ if (ret_time_t != ret) {
+ /*
+ * It doesn't fit in a time_t. Return 0, as an error indication.
+ */
+ return(0);
+ }
+ return(ret_time_t);
}
/*
const u_char *in, const u_char *maxbuf, char *out)
{
int ret;
- int len;
+ u_int len;
if (in >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(in);
- len = EXTRACT_U_1(in) / 2;
+ len = GET_U_1(in) / 2;
in++;
*out=0;
- if (len > 30 || len < 1)
+ if (len > 30 || len == 0)
return(0);
- while (len--) {
+ while (len) {
ND_TCHECK_2(in);
if (in + 1 >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- if (EXTRACT_U_1(in) < 'A' || EXTRACT_U_1(in) > 'P' ||
- EXTRACT_U_1(in + 1) < 'A' || EXTRACT_U_1(in + 1) > 'P') {
+ if (GET_U_1(in) < 'A' || GET_U_1(in) > 'P' ||
+ GET_U_1(in + 1) < 'A' || GET_U_1(in + 1) > 'P') {
*out = 0;
return(0);
}
- *out = ((EXTRACT_U_1(in) - 'A') << 4) + (EXTRACT_U_1(in + 1) - 'A');
+ *out = ((GET_U_1(in) - 'A') << 4) + (GET_U_1(in + 1) - 'A');
in += 2;
out++;
+ len--;
}
*out = 0;
ret = out[-1];
*/
static const u_char *
name_ptr(netdissect_options *ndo,
- const u_char *buf, int ofs, const u_char *maxbuf)
+ const u_char *buf, u_int ofs, const u_char *maxbuf)
{
const u_char *p;
u_char c;
p = buf + ofs;
if (p >= maxbuf)
return(NULL); /* name goes past the end of the buffer */
- ND_TCHECK_1(p);
- c = EXTRACT_U_1(p);
+ c = GET_U_1(p);
/* XXX - this should use the same code that the DNS dissector does */
if ((c & 0xC0) == 0xC0) {
ND_TCHECK_2(p);
if ((p + 1) >= maxbuf)
return(NULL); /* name goes past the end of the buffer */
- l = EXTRACT_BE_U_2(p) & 0x3FFF;
+ l = GET_BE_U_2(p) & 0x3FFF;
if (l == 0) {
/* We have a pointer that points to itself. */
return(NULL);
*/
static int
name_extract(netdissect_options *ndo,
- const u_char *buf, int ofs, const u_char *maxbuf, char *name)
+ const u_char *buf, u_int ofs, const u_char *maxbuf, char *name)
{
const u_char *p = name_ptr(ndo, buf, ofs, maxbuf);
if (p == NULL)
if (s >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(s);
- c = EXTRACT_U_1(s);
+ c = GET_U_1(s);
if ((c & 0xC0) == 0xC0)
return(2);
- while (*s) {
+ while (GET_U_1(s)) {
if (s >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(s);
- s += (*s) + 1;
+ s += GET_U_1(s) + 1;
ND_TCHECK_1(s);
}
- return(PTR_DIFF(s, s0) + 1);
+ return(ND_BYTES_BETWEEN(s0, s) + 1);
trunc:
return(-1); /* name goes past the end of the buffer */
}
-static void
-print_asc(netdissect_options *ndo,
- const u_char *buf, int len)
-{
- int i;
- for (i = 0; i < len; i++)
- safeputchar(ndo, EXTRACT_U_1(buf + i));
-}
-
static const char *
name_type_str(int name_type)
{
}
void
-smb_print_data(netdissect_options *ndo, const u_char *buf, int len)
+smb_data_print(netdissect_options *ndo, const u_char *buf, u_int len)
{
- int i = 0;
+ u_int i = 0;
- if (len <= 0)
+ if (len == 0)
return;
- ND_PRINT((ndo, "[%03X] ", i));
+ ND_PRINT("[%03X] ", i);
for (i = 0; i < len; /*nothing*/) {
- ND_TCHECK_1(buf + i);
- ND_PRINT((ndo, "%02X ", EXTRACT_U_1(buf + i) & 0xff));
+ ND_PRINT("%02X ", GET_U_1(buf + i) & 0xff);
i++;
if (i%8 == 0)
- ND_PRINT((ndo, " "));
+ ND_PRINT(" ");
if (i % 16 == 0) {
- print_asc(ndo, buf + i - 16, 8);
- ND_PRINT((ndo, " "));
- print_asc(ndo, buf + i - 8, 8);
- ND_PRINT((ndo, "\n"));
+ nd_printjn(ndo, buf + i - 16, 8);
+ ND_PRINT(" ");
+ nd_printjn(ndo, buf + i - 8, 8);
+ ND_PRINT("\n");
if (i < len)
- ND_PRINT((ndo, "[%03X] ", i));
+ ND_PRINT("[%03X] ", i);
}
}
if (i % 16) {
int n;
n = 16 - (i % 16);
- ND_PRINT((ndo, " "));
+ ND_PRINT(" ");
if (n>8)
- ND_PRINT((ndo, " "));
+ ND_PRINT(" ");
while (n--)
- ND_PRINT((ndo, " "));
+ ND_PRINT(" ");
- n = min(8, i % 16);
- print_asc(ndo, buf + i - (i % 16), n);
- ND_PRINT((ndo, " "));
+ n = ND_MIN(8, i % 16);
+ nd_printjn(ndo, buf + i - (i % 16), n);
+ ND_PRINT(" ");
n = (i % 16) - n;
if (n > 0)
- print_asc(ndo, buf + i - n, n);
- ND_PRINT((ndo, "\n"));
+ nd_printjn(ndo, buf + i - n, n);
+ ND_PRINT("\n");
}
- return;
-
-trunc:
- ND_PRINT((ndo, "\n"));
- ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length\n"));
}
unsigned int val, const char *fmt)
{
const char *p = fmt;
- int i = 0;
+ u_int i = 0;
while ((p = strchr(fmt, '|'))) {
- size_t l = PTR_DIFF(p, fmt);
+ u_int l = ND_BYTES_BETWEEN(fmt, p);
if (l && (val & (1 << i)))
- ND_PRINT((ndo, "%.*s ", (int)l, fmt));
+ ND_PRINT("%.*s ", (int)l, fmt);
fmt = p + 1;
i++;
}
/* convert a UCS-2 string into an ASCII string */
#define MAX_UNISTR_SIZE 1000
-static const char *
-unistr(netdissect_options *ndo,
- const u_char *s, uint32_t *len, int use_unicode)
+static const u_char *
+unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1],
+ const u_char *s, uint32_t strsize, int is_null_terminated,
+ int use_unicode)
{
- static char buf[MAX_UNISTR_SIZE+1];
+ u_int c;
size_t l = 0;
- uint32_t strsize;
const u_char *sp;
if (use_unicode) {
s++;
}
}
- if (*len == 0) {
+ if (is_null_terminated) {
/*
* Null-terminated string.
+ * Find the length, counting the terminating NUL.
*/
strsize = 0;
sp = s;
if (!use_unicode) {
for (;;) {
- ND_TCHECK_1(sp);
- *len += 1;
- if (EXTRACT_U_1(sp) == 0)
- break;
+ c = GET_U_1(sp);
sp++;
+ strsize++;
+ if (c == '\0')
+ break;
}
- strsize = *len - 1;
} else {
for (;;) {
- ND_TCHECK_2(sp);
- *len += 2;
- if (EXTRACT_U_1(sp) == 0 && EXTRACT_U_1(sp + 1) == 0)
- break;
+ c = GET_LE_U_2(sp);
sp += 2;
+ strsize += 2;
+ if (c == '\0')
+ break;
}
- strsize = *len - 2;
}
- } else {
- /*
- * Counted string.
- */
- strsize = *len;
}
if (!use_unicode) {
- while (strsize != 0) {
- ND_TCHECK_1(s);
- if (l >= MAX_UNISTR_SIZE)
- break;
- if (ND_ISPRINT(EXTRACT_U_1(s)))
- buf[l] = EXTRACT_U_1(s);
- else {
- if (EXTRACT_U_1(s) == 0)
- break;
- buf[l] = '.';
- }
- l++;
+ while (strsize != 0) {
+ c = GET_U_1(s);
s++;
strsize--;
- }
- } else {
- while (strsize != 0) {
- ND_TCHECK_2(s);
- if (l >= MAX_UNISTR_SIZE)
+ if (c == 0) {
+ /*
+ * Even counted strings may have embedded null
+ * terminators, so quit here, and skip past
+ * the rest of the data.
+ *
+ * Make sure, however, that the rest of the data
+ * is there, so we don't overflow the buffer when
+ * skipping past it.
+ */
+ ND_TCHECK_LEN(s, strsize);
+ s += strsize;
+ strsize = 0;
break;
- if (EXTRACT_U_1(s + 1) == 0 && ND_ISPRINT(EXTRACT_U_1(s))) {
- /* It's a printable ASCII character */
- buf[l] = EXTRACT_U_1(s);
- } else {
- /* It's a non-ASCII character or a non-printable ASCII character */
- if (EXTRACT_U_1(s) == 0 && EXTRACT_U_1(s + 1) == 0)
- break;
- buf[l] = '.';
}
- l++;
+ if (l < MAX_UNISTR_SIZE) {
+ if (ND_ASCII_ISPRINT(c)) {
+ /* It's a printable ASCII character */
+ (*buf)[l] = (char)c;
+ } else {
+ /* It's a non-ASCII character or a non-printable ASCII character */
+ (*buf)[l] = '.';
+ }
+ l++;
+ }
+ }
+ } else {
+ while (strsize > 1) {
+ c = GET_LE_U_2(s);
s += 2;
- if (strsize == 1)
- break;
strsize -= 2;
+ if (c == 0) {
+ /*
+ * Even counted strings may have embedded null
+ * terminators, so quit here, and skip past
+ * the rest of the data.
+ *
+ * Make sure, however, that the rest of the data
+ * is there, so we don't overflow the buffer when
+ * skipping past it.
+ */
+ ND_TCHECK_LEN(s, strsize);
+ s += strsize;
+ strsize = 0;
+ break;
+ }
+ if (l < MAX_UNISTR_SIZE) {
+ if (ND_ASCII_ISPRINT(c)) {
+ /* It's a printable ASCII character */
+ (*buf)[l] = (char)c;
+ } else {
+ /* It's a non-ASCII character or a non-printable ASCII character */
+ (*buf)[l] = '.';
+ }
+ l++;
+ }
+ }
+ if (strsize == 1) {
+ /* We have half of a code point; skip past it */
+ ND_TCHECK_1(s);
+ s++;
}
}
- buf[l] = 0;
- return buf;
+ (*buf)[l] = 0;
+ return s;
trunc:
+ (*buf)[l] = 0;
return NULL;
}
{
int reverse = 0;
const char *attrib_fmt = "READONLY|HIDDEN|SYSTEM|VOLUME|DIR|ARCHIVE|";
+ char strbuf[MAX_UNISTR_SIZE+1];
while (*fmt && buf<maxbuf) {
switch (*fmt) {
case 'a':
- ND_TCHECK_1(buf);
- write_bits(ndo, EXTRACT_U_1(buf), attrib_fmt);
+ write_bits(ndo, GET_U_1(buf), attrib_fmt);
buf++;
fmt++;
break;
case 'A':
- ND_TCHECK_2(buf);
- write_bits(ndo, EXTRACT_LE_U_2(buf), attrib_fmt);
+ write_bits(ndo, GET_LE_U_2(buf), attrib_fmt);
buf += 2;
fmt++;
break;
{
char bitfmt[128];
char *p;
- int l;
+ u_int l;
p = strchr(++fmt, '}');
- l = PTR_DIFF(p, fmt);
+ l = ND_BYTES_BETWEEN(fmt, p);
- if ((unsigned int)l > sizeof(bitfmt) - 1)
- l = sizeof(bitfmt)-1;
+ if (l > sizeof(bitfmt) - 1)
+ l = sizeof(bitfmt)-1;
strncpy(bitfmt, fmt, l);
bitfmt[l] = '\0';
fmt = p + 1;
- ND_TCHECK_1(buf);
- write_bits(ndo, EXTRACT_U_1(buf), bitfmt);
+ write_bits(ndo, GET_U_1(buf), bitfmt);
buf++;
break;
}
ND_TCHECK_LEN(buf, l);
buf += l;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'b':
{
unsigned int x;
- ND_TCHECK_1(buf);
- x = EXTRACT_U_1(buf);
- ND_PRINT((ndo, "%u (0x%x)", x, x));
+ x = GET_U_1(buf);
+ ND_PRINT("%u (0x%x)", x, x);
buf += 1;
fmt++;
break;
}
case 'd':
{
- unsigned int x;
- ND_TCHECK_2(buf);
- x = reverse ? EXTRACT_BE_U_2(buf) :
- EXTRACT_LE_U_2(buf);
- ND_PRINT((ndo, "%d (0x%x)", x, x));
+ int x;
+ x = reverse ? GET_BE_S_2(buf) :
+ GET_LE_S_2(buf);
+ ND_PRINT("%d (0x%x)", x, x);
buf += 2;
fmt++;
break;
}
case 'D':
{
- unsigned int x;
- ND_TCHECK_4(buf);
- x = reverse ? EXTRACT_BE_U_4(buf) :
- EXTRACT_LE_U_4(buf);
- ND_PRINT((ndo, "%d (0x%x)", x, x));
+ int x;
+ x = reverse ? GET_BE_S_4(buf) :
+ GET_LE_S_4(buf);
+ ND_PRINT("%d (0x%x)", x, x);
buf += 4;
fmt++;
break;
case 'L':
{
uint64_t x;
- ND_TCHECK_8(buf);
- x = reverse ? EXTRACT_BE_U_8(buf) :
- EXTRACT_LE_U_8(buf);
- ND_PRINT((ndo, "%" PRIu64 " (0x%" PRIx64 ")", x, x));
+ x = reverse ? GET_BE_U_8(buf) :
+ GET_LE_U_8(buf);
+ ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x);
buf += 8;
fmt++;
break;
}
+ case 'u':
+ {
+ unsigned int x;
+ x = reverse ? GET_BE_U_2(buf) :
+ GET_LE_U_2(buf);
+ ND_PRINT("%u (0x%x)", x, x);
+ buf += 2;
+ fmt++;
+ break;
+ }
+ case 'U':
+ {
+ unsigned int x;
+ x = reverse ? GET_BE_U_4(buf) :
+ GET_LE_U_4(buf);
+ ND_PRINT("%u (0x%x)", x, x);
+ buf += 4;
+ fmt++;
+ break;
+ }
case 'M':
{
/* Weird mixed-endian length values in 64-bit locks */
uint32_t x1, x2;
uint64_t x;
ND_TCHECK_8(buf);
- x1 = reverse ? EXTRACT_BE_U_4(buf) :
- EXTRACT_LE_U_4(buf);
- x2 = reverse ? EXTRACT_BE_U_4(buf + 4) :
- EXTRACT_LE_U_4(buf + 4);
+ x1 = reverse ? GET_BE_U_4(buf) :
+ GET_LE_U_4(buf);
+ x2 = reverse ? GET_BE_U_4(buf + 4) :
+ GET_LE_U_4(buf + 4);
x = (((uint64_t)x1) << 32) | x2;
- ND_PRINT((ndo, "%" PRIu64 " (0x%" PRIx64 ")", x, x));
+ ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x);
buf += 8;
fmt++;
break;
case 'B':
{
unsigned int x;
- ND_TCHECK_1(buf);
- x = EXTRACT_U_1(buf);
- ND_PRINT((ndo, "0x%X", x));
+ x = GET_U_1(buf);
+ ND_PRINT("0x%X", x);
buf += 1;
fmt++;
break;
case 'w':
{
unsigned int x;
- ND_TCHECK_2(buf);
- x = reverse ? EXTRACT_BE_U_2(buf) :
- EXTRACT_LE_U_2(buf);
- ND_PRINT((ndo, "0x%X", x));
+ x = reverse ? GET_BE_U_2(buf) :
+ GET_LE_U_2(buf);
+ ND_PRINT("0x%X", x);
buf += 2;
fmt++;
break;
case 'W':
{
unsigned int x;
- ND_TCHECK_4(buf);
- x = reverse ? EXTRACT_BE_U_4(buf) :
- EXTRACT_LE_U_4(buf);
- ND_PRINT((ndo, "0x%X", x));
+ x = reverse ? GET_BE_U_4(buf) :
+ GET_LE_U_4(buf);
+ ND_PRINT("0x%X", x);
buf += 4;
fmt++;
break;
switch (*fmt) {
case 'b':
- ND_TCHECK_1(buf);
- stringlen = EXTRACT_U_1(buf);
- ND_PRINT((ndo, "%u", stringlen));
+ stringlen = GET_U_1(buf);
+ stringlen_is_set = 1;
+ ND_PRINT("%u", stringlen);
buf += 1;
break;
case 'd':
- ND_TCHECK_2(buf);
- stringlen = reverse ? EXTRACT_BE_U_2(buf) :
- EXTRACT_LE_U_2(buf);
- ND_PRINT((ndo, "%u", stringlen));
+ case 'u':
+ stringlen = reverse ? GET_BE_U_2(buf) :
+ GET_LE_U_2(buf);
+ stringlen_is_set = 1;
+ ND_PRINT("%u", stringlen);
buf += 2;
break;
case 'D':
- ND_TCHECK_4(buf);
- stringlen = reverse ? EXTRACT_BE_U_4(buf) :
- EXTRACT_LE_U_4(buf);
- ND_PRINT((ndo, "%u", stringlen));
+ case 'U':
+ stringlen = reverse ? GET_BE_U_4(buf) :
+ GET_LE_U_4(buf);
+ stringlen_is_set = 1;
+ ND_PRINT("%u", stringlen);
buf += 4;
break;
}
case 'R': /* like 'S', but always ASCII */
{
/*XXX unistr() */
- const char *s;
- uint32_t len;
-
- len = 0;
- s = unistr(ndo, buf, &len, (*fmt == 'R') ? 0 : unicodestr);
- if (s == NULL)
+ buf = unistr(ndo, &strbuf, buf, 0, 1, (*fmt == 'R') ? 0 : unicodestr);
+ ND_PRINT("%s", strbuf);
+ if (buf == NULL)
goto trunc;
- ND_PRINT((ndo, "%s", s));
- buf += len;
fmt++;
break;
}
case 'Z':
case 'Y': /* like 'Z', but always ASCII */
{
- const char *s;
- uint32_t len;
-
- ND_TCHECK_1(buf);
- if (EXTRACT_U_1(buf) != 4 && EXTRACT_U_1(buf) != 2) {
- ND_PRINT((ndo, "Error! ASCIIZ buffer of type %u", EXTRACT_U_1(buf)));
+ if (GET_U_1(buf) != 4 && GET_U_1(buf) != 2) {
+ ND_PRINT("Error! ASCIIZ buffer of type %u", GET_U_1(buf));
return maxbuf; /* give up */
}
- len = 0;
- s = unistr(ndo, buf + 1, &len, (*fmt == 'Y') ? 0 : unicodestr);
- if (s == NULL)
+ buf = unistr(ndo, &strbuf, buf + 1, 0, 1, (*fmt == 'Y') ? 0 : unicodestr);
+ ND_PRINT("%s", strbuf);
+ if (buf == NULL)
goto trunc;
- ND_PRINT((ndo, "%s", s));
- buf += len + 1;
fmt++;
break;
}
{
int l = atoi(fmt + 1);
ND_TCHECK_LEN(buf, l);
- ND_PRINT((ndo, "%-*.*s", l, l, buf));
+ ND_PRINT("%-*.*s", l, l, buf);
buf += l;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'c':
{
+ if (!stringlen_is_set) {
+ ND_PRINT("{stringlen not set}");
+ goto trunc;
+ }
ND_TCHECK_LEN(buf, stringlen);
- ND_PRINT((ndo, "%-*.*s", (int)stringlen, (int)stringlen, buf));
+ ND_PRINT("%-*.*s", (int)stringlen, (int)stringlen, buf);
buf += stringlen;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'C':
{
- const char *s;
- s = unistr(ndo, buf, &stringlen, unicodestr);
- if (s == NULL)
+ if (!stringlen_is_set) {
+ ND_PRINT("{stringlen not set}");
+ goto trunc;
+ }
+ buf = unistr(ndo, &strbuf, buf, stringlen, 0, unicodestr);
+ ND_PRINT("%s", strbuf);
+ if (buf == NULL)
goto trunc;
- ND_PRINT((ndo, "%s", s));
- buf += stringlen;
fmt++;
break;
}
int l = atoi(fmt + 1);
ND_TCHECK_LEN(buf, l);
while (l--) {
- ND_PRINT((ndo, "%02x", EXTRACT_U_1(buf)));
+ ND_PRINT("%02x", GET_U_1(buf));
buf++;
}
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
switch (t) {
case 1:
- name_type = name_extract(ndo, startbuf, PTR_DIFF(buf, startbuf),
- maxbuf, nbuf);
+ name_type = name_extract(ndo, startbuf,
+ ND_BYTES_BETWEEN(startbuf, buf),
+ maxbuf, nbuf);
if (name_type < 0)
goto trunc;
len = name_len(ndo, buf, maxbuf);
if (len < 0)
goto trunc;
buf += len;
- ND_PRINT((ndo, "%-15.15s NameType=0x%02X (%s)", nbuf, name_type,
- name_type_str(name_type)));
+ ND_PRINT("%-15.15s NameType=0x%02X (%s)", nbuf, name_type,
+ name_type_str(name_type));
break;
case 2:
- ND_TCHECK_1(buf + 15);
- name_type = EXTRACT_U_1(buf + 15);
- ND_PRINT((ndo, "%-15.15s NameType=0x%02X (%s)", buf, name_type,
- name_type_str(name_type)));
+ name_type = GET_U_1(buf + 15);
+ ND_PRINT("%-15.15s NameType=0x%02X (%s)", buf, name_type,
+ name_type_str(name_type));
buf += 16;
break;
}
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'T':
{
time_t t;
- struct tm *lt;
const char *tstring;
+ char buffer[sizeof("Www Mmm dd hh:mm:ss yyyyy")];
uint32_t x;
switch (atoi(fmt + 1)) {
case 1:
- ND_TCHECK_4(buf);
- x = EXTRACT_LE_U_4(buf);
+ x = GET_LE_U_4(buf);
if (x == 0 || x == 0xFFFFFFFF)
t = 0;
else
- t = make_unix_date(buf);
+ t = make_unix_date(ndo, buf);
buf += 4;
break;
case 2:
- ND_TCHECK_4(buf);
- x = EXTRACT_LE_U_4(buf);
+ x = GET_LE_U_4(buf);
if (x == 0 || x == 0xFFFFFFFF)
t = 0;
else
- t = make_unix_date2(buf);
+ t = make_unix_date2(ndo, buf);
buf += 4;
break;
case 3:
ND_TCHECK_8(buf);
- t = interpret_long_date(buf);
+ t = interpret_filetime(ndo, buf);
buf += 8;
break;
default:
break;
}
if (t != 0) {
- lt = localtime(&t);
- if (lt != NULL)
- tstring = asctime(lt);
- else
- tstring = "(Can't convert time)\n";
+ tstring = nd_format_time(buffer, sizeof(buffer), "%Y-%m-%d %T",
+ localtime(&t));
} else
- tstring = "NULL\n";
- ND_PRINT((ndo, "%s", tstring));
+ tstring = "NULL";
+ ND_PRINT("%s\n", tstring);
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
default:
- ND_PRINT((ndo, "%c", *fmt));
+ ND_PRINT("%c", *fmt);
fmt++;
break;
}
}
if (buf >= maxbuf && *fmt)
- ND_PRINT((ndo, "END OF BUFFER\n"));
+ ND_PRINT("END OF BUFFER\n");
return(buf);
trunc:
- ND_PRINT((ndo, "\n"));
- ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length\n"));
+ nd_print_trunc(ndo);
return(NULL);
}
while (*fmt) {
switch (*fmt) {
case '*':
+ /*
+ * List of multiple instances of something described by the
+ * remainder of the string (which may itself include a list
+ * of multiple instances of something, so we recurse).
+ */
fmt++;
while (buf < maxbuf) {
const u_char *buf2;
depth++;
- buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
+ /*
+ * In order to avoid stack exhaustion recurse at most 10
+ * levels; that "should not happen", as no SMB structure
+ * should be nested *that* deeply, and we thus shouldn't
+ * have format strings with that level of nesting.
+ */
+ if (depth == 10) {
+ ND_PRINT("(too many nested levels, not recursing)");
+ buf2 = buf;
+ } else
+ buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
depth--;
if (buf2 == NULL)
return(NULL);
return(buf);
case '|':
+ /*
+ * Just do a bounds check.
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
break;
case '%':
+ /*
+ * XXX - unused?
+ */
fmt++;
buf = maxbuf;
break;
case '#':
+ /*
+ * Done?
+ */
fmt++;
return(buf);
- break;
case '[':
+ /*
+ * Format of an item, enclosed in square brackets; dissect
+ * the item with smb_fdata1().
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
s[p - fmt] = '\0';
fmt = p + 1;
buf = smb_fdata1(ndo, buf, s, maxbuf, unicodestr);
- if (buf == NULL)
+ if (buf == NULL) {
+ /*
+ * Truncated.
+ * Is the next character a newline?
+ * If so, print it before quitting, so we don't
+ * get stuff in the middle of the line.
+ */
+ if (*fmt == '\n')
+ ND_PRINT("\n");
return(NULL);
+ }
break;
default:
- ND_PRINT((ndo, "%c", *fmt));
+ /*
+ * Not a formatting character, so just print it.
+ */
+ ND_PRINT("%c", *fmt);
fmt++;
break;
}
}
if (!depth && buf < maxbuf) {
- size_t len = PTR_DIFF(maxbuf, buf);
- ND_PRINT((ndo, "Data: (%lu bytes)\n", (unsigned long)len));
- smb_print_data(ndo, buf, len);
+ u_int len = ND_BYTES_BETWEEN(buf, maxbuf);
+ ND_PRINT("Data: (%u bytes)\n", len);
+ smb_data_print(ndo, buf, len);
return(buf + len);
}
return(buf);
/*
* return a SMB error string from a SMB buffer
*/
-char *
+const char *
smb_errstr(int class, int num)
{
static char ret[128];
{ 0xC002100A, "RPC_P_SEND_FAILED" },
{ 0xC002100B, "RPC_P_TIMEOUT" },
{ 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" },
- { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" },
+ { 0xC002100E, "RPC_P_EXCEPTION_OCCURRED" },
{ 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" },
{ 0xC0021015, "RPC_P_THREAD_LISTENING" },
{ 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" },
projects / tcpdump / blobdiff