* or later
*/
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
#include "netdissect-stdinc.h"
#include <stdlib.h>
#include <string.h>
+#include "netdissect-ctype.h"
+
#include "netdissect.h"
#include "extract.h"
#include "smb.h"
+static int stringlen_is_set;
static uint32_t stringlen;
extern const u_char *startbuf;
/*
- * interpret a 32 bit dos packed date/time to some parameters
+ * Reset SMB state.
*/
-static void
-interpret_dos_date(uint32_t date, struct tm *tp)
+void
+smb_reset(void)
{
- uint32_t p0, p1, p2, p3;
-
- p0 = date & 0xFF;
- p1 = ((date & 0xFF00) >> 8) & 0xFF;
- p2 = ((date & 0xFF0000) >> 16) & 0xFF;
- p3 = ((date & 0xFF000000) >> 24) & 0xFF;
-
- tp->tm_sec = 2 * (p0 & 0x1F);
- tp->tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3);
- tp->tm_hour = (p1 >> 3) & 0xFF;
- tp->tm_mday = (p2 & 0x1F);
- tp->tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1;
- tp->tm_year = ((p3 >> 1) & 0xFF) + 80;
+ stringlen_is_set = 0;
+ stringlen = 0;
}
/*
- * common portion:
- * create a unix date from a dos date
+ * create a UNIX time_t from a 32-bit DOS packetd date/time, with
+ * the DOS date/time assumed to be local time in *our* location.
*/
static time_t
int_unix_date(uint32_t dos_date)
{
+ uint32_t p0, p1, p2, p3;
struct tm t;
if (dos_date == 0)
return(0);
- interpret_dos_date(dos_date, &t);
- t.tm_wday = 1;
- t.tm_yday = 1;
- t.tm_isdst = 0;
-
+ p0 = dos_date & 0xFF;
+ p1 = ((dos_date & 0xFF00) >> 8) & 0xFF;
+ p2 = ((dos_date & 0xFF0000) >> 16) & 0xFF;
+ p3 = ((dos_date & 0xFF000000) >> 24) & 0xFF;
+
+ t.tm_sec = 2 * (p0 & 0x1F);
+ t.tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3);
+ t.tm_hour = (p1 >> 3) & 0xFF;
+ t.tm_mday = (p2 & 0x1F);
+ t.tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1;
+ t.tm_year = ((p3 >> 1) & 0xFF) + 80;
+
+ t.tm_wday = 1; /* XXX - should not affect the result; why 1? */
+ t.tm_yday = 1; /* XXX - should not affect the result; why 1? */
+ t.tm_isdst = 0; /* XXX - should be -1, to handle DST? */
+
+ /*
+ * XXX - if tm_year is 2038 or later, this might not fit in a
+ * 32-bit time_t.
+ */
return (mktime(&t));
}
return int_unix_date(x2);
}
+/* Delta between the NT FILETIME epoch and the POSIX epoch. */
+#define FILETIME_TO_POSIX_DELTA INT64_C(11644473600)
+
/*
- * interpret an 8 byte "filetime" structure to a time_t
+ * interpret an 8 byte NT FILETIME structure to a time_t
* It's originally in "100ns units since jan 1st 1601"
*/
static time_t
-interpret_long_date(netdissect_options *ndo, const u_char *p)
+interpret_filetime(netdissect_options *ndo, const u_char *p)
{
- double d;
- time_t ret;
-
- /* this gives us seconds since jan 1st 1601 (approx) */
- d = (GET_LE_U_4(p + 4) * 256.0 + GET_U_1(p + 3)) * (1.0e-7 * (1 << 24));
-
- /* now adjust by 369 years to make the secs since 1970 */
- d -= 369.0 * 365.25 * 24 * 60 * 60;
-
- /* and a fudge factor as we got it wrong by a few days */
- d += (3 * 24 * 60 * 60 + 6 * 60 * 60 + 2);
-
- if (d < 0)
- return(0);
-
- ret = (time_t)d;
-
- return(ret);
+ int64_t ret;
+ time_t ret_time_t;
+
+ /*
+ * Fetch a FILETIME structure; the first 4 bytes are the low-order
+ * 32 bits of a 64-bit count of 100ns units since 1601-01-01
+ * at some specific time, and the next 4 bytes are the high-order
+ * 32 bits of that count.
+ */
+ ret = (int64_t)(((uint64_t)GET_LE_U_4(p + 4) << 32) + (uint64_t)GET_LE_U_4(p));
+
+ /* Now convert from FILETIME to POSIX time. */
+ ret += FILETIME_TO_POSIX_DELTA;
+
+ ret_time_t = (time_t)ret;
+ if (ret_time_t != ret) {
+ /*
+ * It doesn't fit in a time_t. Return 0, as an error indication.
+ */
+ return(0);
+ }
+ return(ret_time_t);
}
/*
if (in >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(in);
len = GET_U_1(in) / 2;
in++;
p = buf + ofs;
if (p >= maxbuf)
return(NULL); /* name goes past the end of the buffer */
- ND_TCHECK_1(p);
c = GET_U_1(p);
if (s >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(s);
c = GET_U_1(s);
if ((c & 0xC0) == 0xC0)
return(2);
while (GET_U_1(s)) {
if (s >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(s);
s += GET_U_1(s) + 1;
ND_TCHECK_1(s);
}
- return(ND_BYTES_BETWEEN(s, s0) + 1);
+ return(ND_BYTES_BETWEEN(s0, s) + 1);
trunc:
return(-1); /* name goes past the end of the buffer */
}
-static void
-print_asc(netdissect_options *ndo,
- const u_char *buf, u_int len)
-{
- u_int i;
- for (i = 0; i < len; i++)
- fn_print_char(ndo, GET_U_1(buf + i));
-}
-
static const char *
name_type_str(int name_type)
{
return;
ND_PRINT("[%03X] ", i);
for (i = 0; i < len; /*nothing*/) {
- ND_TCHECK_1(buf + i);
ND_PRINT("%02X ", GET_U_1(buf + i) & 0xff);
i++;
if (i%8 == 0)
ND_PRINT(" ");
if (i % 16 == 0) {
- print_asc(ndo, buf + i - 16, 8);
+ nd_printjn(ndo, buf + i - 16, 8);
ND_PRINT(" ");
- print_asc(ndo, buf + i - 8, 8);
+ nd_printjn(ndo, buf + i - 8, 8);
ND_PRINT("\n");
if (i < len)
ND_PRINT("[%03X] ", i);
while (n--)
ND_PRINT(" ");
- n = min(8, i % 16);
- print_asc(ndo, buf + i - (i % 16), n);
+ n = ND_MIN(8, i % 16);
+ nd_printjn(ndo, buf + i - (i % 16), n);
ND_PRINT(" ");
n = (i % 16) - n;
if (n > 0)
- print_asc(ndo, buf + i - n, n);
+ nd_printjn(ndo, buf + i - n, n);
ND_PRINT("\n");
}
- return;
-
-trunc:
- nd_print_trunc(ndo);
}
u_int i = 0;
while ((p = strchr(fmt, '|'))) {
- u_int l = ND_BYTES_BETWEEN(p, fmt);
+ u_int l = ND_BYTES_BETWEEN(fmt, p);
if (l && (val & (1 << i)))
ND_PRINT("%.*s ", (int)l, fmt);
fmt = p + 1;
/* convert a UCS-2 string into an ASCII string */
#define MAX_UNISTR_SIZE 1000
-static int
+static const u_char *
unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1],
- const u_char *s, uint32_t *len, int is_null_terminated, int use_unicode)
+ const u_char *s, uint32_t strsize, int is_null_terminated,
+ int use_unicode)
{
+ u_int c;
size_t l = 0;
- uint32_t strsize;
const u_char *sp;
- int padding = 0;
if (use_unicode) {
/*
if (((s - startbuf) % 2) != 0) {
ND_TCHECK_1(s);
s++;
- padding++;
}
}
if (is_null_terminated) {
/*
* Null-terminated string.
+ * Find the length, counting the terminating NUL.
*/
strsize = 0;
sp = s;
if (!use_unicode) {
for (;;) {
- ND_TCHECK_1(sp);
- *len += 1;
- if (GET_U_1(sp) == 0)
- break;
+ c = GET_U_1(sp);
sp++;
+ strsize++;
+ if (c == '\0')
+ break;
}
- strsize = *len - 1;
} else {
for (;;) {
- ND_TCHECK_2(sp);
- *len += 2;
- if (GET_U_1(sp) == 0 && GET_U_1(sp + 1) == 0)
- break;
+ c = GET_LE_U_2(sp);
sp += 2;
+ strsize += 2;
+ if (c == '\0')
+ break;
}
- strsize = *len - 2;
}
- *len += padding;
- } else {
- /*
- * Counted string.
- */
- strsize = *len;
- *len += padding;
}
if (!use_unicode) {
- while (strsize != 0) {
- ND_TCHECK_1(s);
- if (l >= MAX_UNISTR_SIZE)
- break;
- if (ND_ISPRINT(GET_U_1(s)))
- (*buf)[l] = GET_U_1(s);
- else {
- if (GET_U_1(s) == 0)
- break;
- (*buf)[l] = '.';
- }
- l++;
+ while (strsize != 0) {
+ c = GET_U_1(s);
s++;
strsize--;
- }
- } else {
- while (strsize != 0) {
- ND_TCHECK_2(s);
- if (l >= MAX_UNISTR_SIZE)
+ if (c == 0) {
+ /*
+ * Even counted strings may have embedded null
+ * terminators, so quit here, and skip past
+ * the rest of the data.
+ *
+ * Make sure, however, that the rest of the data
+ * is there, so we don't overflow the buffer when
+ * skipping past it.
+ */
+ ND_TCHECK_LEN(s, strsize);
+ s += strsize;
+ strsize = 0;
break;
- if (GET_U_1(s + 1) == 0 && ND_ISPRINT(GET_U_1(s))) {
- /* It's a printable ASCII character */
- (*buf)[l] = GET_U_1(s);
- } else {
- /* It's a non-ASCII character or a non-printable ASCII character */
- if (GET_U_1(s) == 0 && GET_U_1(s + 1) == 0)
- break;
- (*buf)[l] = '.';
}
- l++;
+ if (l < MAX_UNISTR_SIZE) {
+ if (ND_ASCII_ISPRINT(c)) {
+ /* It's a printable ASCII character */
+ (*buf)[l] = (char)c;
+ } else {
+ /* It's a non-ASCII character or a non-printable ASCII character */
+ (*buf)[l] = '.';
+ }
+ l++;
+ }
+ }
+ } else {
+ while (strsize > 1) {
+ c = GET_LE_U_2(s);
s += 2;
- if (strsize == 1)
- break;
strsize -= 2;
+ if (c == 0) {
+ /*
+ * Even counted strings may have embedded null
+ * terminators, so quit here, and skip past
+ * the rest of the data.
+ *
+ * Make sure, however, that the rest of the data
+ * is there, so we don't overflow the buffer when
+ * skipping past it.
+ */
+ ND_TCHECK_LEN(s, strsize);
+ s += strsize;
+ strsize = 0;
+ break;
+ }
+ if (l < MAX_UNISTR_SIZE) {
+ if (ND_ASCII_ISPRINT(c)) {
+ /* It's a printable ASCII character */
+ (*buf)[l] = (char)c;
+ } else {
+ /* It's a non-ASCII character or a non-printable ASCII character */
+ (*buf)[l] = '.';
+ }
+ l++;
+ }
+ }
+ if (strsize == 1) {
+ /* We have half of a code point; skip past it */
+ ND_TCHECK_1(s);
+ s++;
}
}
(*buf)[l] = 0;
- return 0;
+ return s;
trunc:
- return -1;
+ (*buf)[l] = 0;
+ return NULL;
}
static const u_char *
while (*fmt && buf<maxbuf) {
switch (*fmt) {
case 'a':
- ND_TCHECK_1(buf);
write_bits(ndo, GET_U_1(buf), attrib_fmt);
buf++;
fmt++;
break;
case 'A':
- ND_TCHECK_2(buf);
write_bits(ndo, GET_LE_U_2(buf), attrib_fmt);
buf += 2;
fmt++;
u_int l;
p = strchr(++fmt, '}');
- l = ND_BYTES_BETWEEN(p, fmt);
+ l = ND_BYTES_BETWEEN(fmt, p);
if (l > sizeof(bitfmt) - 1)
l = sizeof(bitfmt)-1;
strncpy(bitfmt, fmt, l);
bitfmt[l] = '\0';
fmt = p + 1;
- ND_TCHECK_1(buf);
write_bits(ndo, GET_U_1(buf), bitfmt);
buf++;
break;
ND_TCHECK_LEN(buf, l);
buf += l;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'b':
{
unsigned int x;
- ND_TCHECK_1(buf);
x = GET_U_1(buf);
ND_PRINT("%u (0x%x)", x, x);
buf += 1;
case 'd':
{
int x;
- ND_TCHECK_2(buf);
x = reverse ? GET_BE_S_2(buf) :
GET_LE_S_2(buf);
ND_PRINT("%d (0x%x)", x, x);
case 'D':
{
int x;
- ND_TCHECK_4(buf);
x = reverse ? GET_BE_S_4(buf) :
GET_LE_S_4(buf);
ND_PRINT("%d (0x%x)", x, x);
case 'L':
{
uint64_t x;
- ND_TCHECK_8(buf);
x = reverse ? GET_BE_U_8(buf) :
GET_LE_U_8(buf);
ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x);
case 'u':
{
unsigned int x;
- ND_TCHECK_2(buf);
x = reverse ? GET_BE_U_2(buf) :
GET_LE_U_2(buf);
ND_PRINT("%u (0x%x)", x, x);
case 'U':
{
unsigned int x;
- ND_TCHECK_4(buf);
x = reverse ? GET_BE_U_4(buf) :
GET_LE_U_4(buf);
ND_PRINT("%u (0x%x)", x, x);
case 'B':
{
unsigned int x;
- ND_TCHECK_1(buf);
x = GET_U_1(buf);
ND_PRINT("0x%X", x);
buf += 1;
case 'w':
{
unsigned int x;
- ND_TCHECK_2(buf);
x = reverse ? GET_BE_U_2(buf) :
GET_LE_U_2(buf);
ND_PRINT("0x%X", x);
case 'W':
{
unsigned int x;
- ND_TCHECK_4(buf);
x = reverse ? GET_BE_U_4(buf) :
GET_LE_U_4(buf);
ND_PRINT("0x%X", x);
switch (*fmt) {
case 'b':
- ND_TCHECK_1(buf);
stringlen = GET_U_1(buf);
+ stringlen_is_set = 1;
ND_PRINT("%u", stringlen);
buf += 1;
break;
case 'd':
case 'u':
- ND_TCHECK_2(buf);
stringlen = reverse ? GET_BE_U_2(buf) :
GET_LE_U_2(buf);
+ stringlen_is_set = 1;
ND_PRINT("%u", stringlen);
buf += 2;
break;
case 'D':
case 'U':
- ND_TCHECK_4(buf);
stringlen = reverse ? GET_BE_U_4(buf) :
GET_LE_U_4(buf);
+ stringlen_is_set = 1;
ND_PRINT("%u", stringlen);
buf += 4;
break;
case 'R': /* like 'S', but always ASCII */
{
/*XXX unistr() */
- uint32_t len;
-
- len = 0;
- if (unistr(ndo, &strbuf, buf, &len, 1, (*fmt == 'R') ? 0 : unicodestr) == -1)
- goto trunc;
+ buf = unistr(ndo, &strbuf, buf, 0, 1, (*fmt == 'R') ? 0 : unicodestr);
ND_PRINT("%s", strbuf);
- buf += len;
+ if (buf == NULL)
+ goto trunc;
fmt++;
break;
}
case 'Z':
case 'Y': /* like 'Z', but always ASCII */
{
- uint32_t len;
-
- ND_TCHECK_1(buf);
if (GET_U_1(buf) != 4 && GET_U_1(buf) != 2) {
ND_PRINT("Error! ASCIIZ buffer of type %u", GET_U_1(buf));
return maxbuf; /* give up */
}
- len = 0;
- if (unistr(ndo, &strbuf, buf + 1, &len, 1, (*fmt == 'Y') ? 0 : unicodestr) == -1)
- goto trunc;
+ buf = unistr(ndo, &strbuf, buf + 1, 0, 1, (*fmt == 'Y') ? 0 : unicodestr);
ND_PRINT("%s", strbuf);
- buf += len + 1;
+ if (buf == NULL)
+ goto trunc;
fmt++;
break;
}
ND_PRINT("%-*.*s", l, l, buf);
buf += l;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'c':
{
+ if (!stringlen_is_set) {
+ ND_PRINT("{stringlen not set}");
+ goto trunc;
+ }
ND_TCHECK_LEN(buf, stringlen);
ND_PRINT("%-*.*s", (int)stringlen, (int)stringlen, buf);
buf += stringlen;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'C':
{
- if (unistr(ndo, &strbuf, buf, &stringlen, 0, unicodestr) == -1)
- goto trunc;
+ if (!stringlen_is_set) {
+ ND_PRINT("{stringlen not set}");
+ goto trunc;
+ }
+ buf = unistr(ndo, &strbuf, buf, stringlen, 0, unicodestr);
ND_PRINT("%s", strbuf);
- buf += stringlen;
+ if (buf == NULL)
+ goto trunc;
fmt++;
break;
}
buf++;
}
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
switch (t) {
case 1:
- name_type = name_extract(ndo, startbuf, ND_BYTES_BETWEEN(buf, startbuf),
- maxbuf, nbuf);
+ name_type = name_extract(ndo, startbuf,
+ ND_BYTES_BETWEEN(startbuf, buf),
+ maxbuf, nbuf);
if (name_type < 0)
goto trunc;
len = name_len(ndo, buf, maxbuf);
name_type_str(name_type));
break;
case 2:
- ND_TCHECK_1(buf + 15);
name_type = GET_U_1(buf + 15);
ND_PRINT("%-15.15s NameType=0x%02X (%s)", buf, name_type,
name_type_str(name_type));
break;
}
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'T':
{
time_t t;
- struct tm *lt;
const char *tstring;
+ char buffer[sizeof("Www Mmm dd hh:mm:ss yyyyy")];
uint32_t x;
switch (atoi(fmt + 1)) {
case 1:
- ND_TCHECK_4(buf);
x = GET_LE_U_4(buf);
if (x == 0 || x == 0xFFFFFFFF)
t = 0;
buf += 4;
break;
case 2:
- ND_TCHECK_4(buf);
x = GET_LE_U_4(buf);
if (x == 0 || x == 0xFFFFFFFF)
t = 0;
break;
case 3:
ND_TCHECK_8(buf);
- t = interpret_long_date(ndo, buf);
+ t = interpret_filetime(ndo, buf);
buf += 8;
break;
default:
break;
}
if (t != 0) {
- lt = localtime(&t);
- if (lt != NULL)
- tstring = asctime(lt);
- else
- tstring = "(Can't convert time)\n";
+ tstring = nd_format_time(buffer, sizeof(buffer), "%Y-%m-%d %T",
+ localtime(&t));
} else
- tstring = "NULL\n";
- ND_PRINT("%s", tstring);
+ tstring = "NULL";
+ ND_PRINT("%s\n", tstring);
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
while (*fmt) {
switch (*fmt) {
case '*':
+ /*
+ * List of multiple instances of something described by the
+ * remainder of the string (which may itself include a list
+ * of multiple instances of something, so we recurse).
+ */
fmt++;
while (buf < maxbuf) {
const u_char *buf2;
depth++;
- buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
+ /*
+ * In order to avoid stack exhaustion recurse at most 10
+ * levels; that "should not happen", as no SMB structure
+ * should be nested *that* deeply, and we thus shouldn't
+ * have format strings with that level of nesting.
+ */
+ if (depth == 10) {
+ ND_PRINT("(too many nested levels, not recursing)");
+ buf2 = buf;
+ } else
+ buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
depth--;
if (buf2 == NULL)
return(NULL);
return(buf);
case '|':
+ /*
+ * Just do a bounds check.
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
break;
case '%':
+ /*
+ * XXX - unused?
+ */
fmt++;
buf = maxbuf;
break;
case '#':
+ /*
+ * Done?
+ */
fmt++;
return(buf);
- break;
case '[':
+ /*
+ * Format of an item, enclosed in square brackets; dissect
+ * the item with smb_fdata1().
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
s[p - fmt] = '\0';
fmt = p + 1;
buf = smb_fdata1(ndo, buf, s, maxbuf, unicodestr);
- if (buf == NULL)
+ if (buf == NULL) {
+ /*
+ * Truncated.
+ * Is the next character a newline?
+ * If so, print it before quitting, so we don't
+ * get stuff in the middle of the line.
+ */
+ if (*fmt == '\n')
+ ND_PRINT("\n");
return(NULL);
+ }
break;
default:
+ /*
+ * Not a formatting character, so just print it.
+ */
ND_PRINT("%c", *fmt);
fmt++;
break;
}
}
if (!depth && buf < maxbuf) {
- u_int len = ND_BYTES_BETWEEN(maxbuf, buf);
+ u_int len = ND_BYTES_BETWEEN(buf, maxbuf);
ND_PRINT("Data: (%u bytes)\n", len);
smb_data_print(ndo, buf, len);
return(buf + len);
const err_code_struct *err = err_classes[i].err_msgs;
for (j = 0; err[j].name; j++)
if (num == err[j].code) {
- nd_snprintf(ret, sizeof(ret), "%s - %s (%s)",
+ snprintf(ret, sizeof(ret), "%s - %s (%s)",
err_classes[i].class, err[j].name, err[j].message);
return ret;
}
}
- nd_snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num);
+ snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num);
return ret;
}
- nd_snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num);
+ snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num);
return(ret);
}
return nt_errors[i].name;
}
- nd_snprintf(ret, sizeof(ret), "0x%08x", err);
+ snprintf(ret, sizeof(ret), "0x%08x", err);
return ret;
}
projects / tcpdump / blobdiff