#include <stdlib.h>
#include <string.h>
+#include "netdissect-ctype.h"
+
#include "netdissect.h"
#include "extract.h"
#include "smb.h"
+static int stringlen_is_set;
static uint32_t stringlen;
extern const u_char *startbuf;
+/*
+ * Reset SMB state.
+ */
+void
+smb_reset(void)
+{
+ stringlen_is_set = 0;
+ stringlen = 0;
+}
+
/*
* interpret a 32 bit dos packed date/time to some parameters
*/
if (in >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(in);
len = GET_U_1(in) / 2;
in++;
p = buf + ofs;
if (p >= maxbuf)
return(NULL); /* name goes past the end of the buffer */
- ND_TCHECK_1(p);
c = GET_U_1(p);
if (s >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(s);
c = GET_U_1(s);
if ((c & 0xC0) == 0xC0)
return(2);
while (GET_U_1(s)) {
if (s >= maxbuf)
return(-1); /* name goes past the end of the buffer */
- ND_TCHECK_1(s);
s += GET_U_1(s) + 1;
ND_TCHECK_1(s);
}
return;
ND_PRINT("[%03X] ", i);
for (i = 0; i < len; /*nothing*/) {
- ND_TCHECK_1(buf + i);
ND_PRINT("%02X ", GET_U_1(buf + i) & 0xff);
i++;
if (i%8 == 0)
while (n--)
ND_PRINT(" ");
- n = min(8, i % 16);
+ n = ND_MIN(8, i % 16);
print_asc(ndo, buf + i - (i % 16), n);
ND_PRINT(" ");
n = (i % 16) - n;
print_asc(ndo, buf + i - n, n);
ND_PRINT("\n");
}
- return;
-
-trunc:
- nd_print_trunc(ndo);
}
/* convert a UCS-2 string into an ASCII string */
#define MAX_UNISTR_SIZE 1000
-static int
+static const u_char *
unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1],
- const u_char *s, uint32_t *len, int is_null_terminated, int use_unicode)
+ const u_char *s, uint32_t strsize, int is_null_terminated,
+ int use_unicode)
{
+ u_int c;
size_t l = 0;
- uint32_t strsize;
const u_char *sp;
- int padding = 0;
if (use_unicode) {
/*
if (((s - startbuf) % 2) != 0) {
ND_TCHECK_1(s);
s++;
- padding++;
}
}
if (is_null_terminated) {
/*
* Null-terminated string.
+ * Find the length, counting the terminating NUL.
*/
strsize = 0;
sp = s;
if (!use_unicode) {
for (;;) {
- ND_TCHECK_1(sp);
- *len += 1;
- if (GET_U_1(sp) == 0)
- break;
+ c = GET_U_1(sp);
sp++;
+ strsize++;
+ if (c == '\0')
+ break;
}
- strsize = *len - 1;
} else {
for (;;) {
- ND_TCHECK_2(sp);
- *len += 2;
- if (GET_U_1(sp) == 0 && GET_U_1(sp + 1) == 0)
- break;
+ c = GET_LE_U_2(sp);
sp += 2;
+ strsize += 2;
+ if (c == '\0')
+ break;
}
- strsize = *len - 2;
}
- *len += padding;
- } else {
- /*
- * Counted string.
- */
- strsize = *len;
- *len += padding;
}
if (!use_unicode) {
while (strsize != 0) {
- ND_TCHECK_1(s);
- if (l >= MAX_UNISTR_SIZE)
- break;
- if (ND_ISPRINT(GET_U_1(s)))
- (*buf)[l] = GET_U_1(s);
- else {
- if (GET_U_1(s) == 0)
- break;
- (*buf)[l] = '.';
- }
- l++;
+ c = GET_U_1(s);
s++;
strsize--;
- }
- } else {
- while (strsize != 0) {
- ND_TCHECK_2(s);
- if (l >= MAX_UNISTR_SIZE)
+ if (c == 0) {
+ /*
+ * Even counted strings may have embedded null
+ * terminators, so quit here, and skip past
+ * the rest of the data.
+ *
+ * Make sure, however, that the rest of the data
+ * is there, so we don't overflow the buffer when
+ * skipping past it.
+ */
+ ND_TCHECK_LEN(s, strsize);
+ s += strsize;
+ strsize = 0;
break;
- if (GET_U_1(s + 1) == 0 && ND_ISPRINT(GET_U_1(s))) {
- /* It's a printable ASCII character */
- (*buf)[l] = GET_U_1(s);
- } else {
- /* It's a non-ASCII character or a non-printable ASCII character */
- if (GET_U_1(s) == 0 && GET_U_1(s + 1) == 0)
- break;
- (*buf)[l] = '.';
}
- l++;
+ if (l < MAX_UNISTR_SIZE) {
+ if (ND_ASCII_ISPRINT(c)) {
+ /* It's a printable ASCII character */
+ (*buf)[l] = (char)c;
+ } else {
+ /* It's a non-ASCII character or a non-printable ASCII character */
+ (*buf)[l] = '.';
+ }
+ l++;
+ }
+ }
+ } else {
+ while (strsize > 1) {
+ c = GET_LE_U_2(s);
s += 2;
- if (strsize == 1)
- break;
strsize -= 2;
+ if (c == 0) {
+ /*
+ * Even counted strings may have embedded null
+ * terminators, so quit here, and skip past
+ * the rest of the data.
+ *
+ * Make sure, however, that the rest of the data
+ * is there, so we don't overflow the buffer when
+ * skipping past it.
+ */
+ ND_TCHECK_LEN(s, strsize);
+ s += strsize;
+ strsize = 0;
+ break;
+ }
+ if (l < MAX_UNISTR_SIZE) {
+ if (ND_ASCII_ISPRINT(c)) {
+ /* It's a printable ASCII character */
+ (*buf)[l] = (char)c;
+ } else {
+ /* It's a non-ASCII character or a non-printable ASCII character */
+ (*buf)[l] = '.';
+ }
+ l++;
+ }
+ }
+ if (strsize == 1) {
+ /* We have half of a code point; skip past it */
+ ND_TCHECK_1(s);
+ s++;
}
}
(*buf)[l] = 0;
- return 0;
+ return s;
trunc:
- return -1;
+ (*buf)[l] = 0;
+ return NULL;
}
static const u_char *
while (*fmt && buf<maxbuf) {
switch (*fmt) {
case 'a':
- ND_TCHECK_1(buf);
write_bits(ndo, GET_U_1(buf), attrib_fmt);
buf++;
fmt++;
break;
case 'A':
- ND_TCHECK_2(buf);
write_bits(ndo, GET_LE_U_2(buf), attrib_fmt);
buf += 2;
fmt++;
strncpy(bitfmt, fmt, l);
bitfmt[l] = '\0';
fmt = p + 1;
- ND_TCHECK_1(buf);
write_bits(ndo, GET_U_1(buf), bitfmt);
buf++;
break;
ND_TCHECK_LEN(buf, l);
buf += l;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'b':
{
unsigned int x;
- ND_TCHECK_1(buf);
x = GET_U_1(buf);
ND_PRINT("%u (0x%x)", x, x);
buf += 1;
case 'd':
{
int x;
- ND_TCHECK_2(buf);
x = reverse ? GET_BE_S_2(buf) :
GET_LE_S_2(buf);
ND_PRINT("%d (0x%x)", x, x);
case 'D':
{
int x;
- ND_TCHECK_4(buf);
x = reverse ? GET_BE_S_4(buf) :
GET_LE_S_4(buf);
ND_PRINT("%d (0x%x)", x, x);
case 'L':
{
uint64_t x;
- ND_TCHECK_8(buf);
x = reverse ? GET_BE_U_8(buf) :
GET_LE_U_8(buf);
ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x);
case 'u':
{
unsigned int x;
- ND_TCHECK_2(buf);
x = reverse ? GET_BE_U_2(buf) :
GET_LE_U_2(buf);
ND_PRINT("%u (0x%x)", x, x);
case 'U':
{
unsigned int x;
- ND_TCHECK_4(buf);
x = reverse ? GET_BE_U_4(buf) :
GET_LE_U_4(buf);
ND_PRINT("%u (0x%x)", x, x);
case 'B':
{
unsigned int x;
- ND_TCHECK_1(buf);
x = GET_U_1(buf);
ND_PRINT("0x%X", x);
buf += 1;
case 'w':
{
unsigned int x;
- ND_TCHECK_2(buf);
x = reverse ? GET_BE_U_2(buf) :
GET_LE_U_2(buf);
ND_PRINT("0x%X", x);
case 'W':
{
unsigned int x;
- ND_TCHECK_4(buf);
x = reverse ? GET_BE_U_4(buf) :
GET_LE_U_4(buf);
ND_PRINT("0x%X", x);
switch (*fmt) {
case 'b':
- ND_TCHECK_1(buf);
stringlen = GET_U_1(buf);
+ stringlen_is_set = 1;
ND_PRINT("%u", stringlen);
buf += 1;
break;
case 'd':
case 'u':
- ND_TCHECK_2(buf);
stringlen = reverse ? GET_BE_U_2(buf) :
GET_LE_U_2(buf);
+ stringlen_is_set = 1;
ND_PRINT("%u", stringlen);
buf += 2;
break;
case 'D':
case 'U':
- ND_TCHECK_4(buf);
stringlen = reverse ? GET_BE_U_4(buf) :
GET_LE_U_4(buf);
+ stringlen_is_set = 1;
ND_PRINT("%u", stringlen);
buf += 4;
break;
case 'R': /* like 'S', but always ASCII */
{
/*XXX unistr() */
- uint32_t len;
-
- len = 0;
- if (unistr(ndo, &strbuf, buf, &len, 1, (*fmt == 'R') ? 0 : unicodestr) == -1)
- goto trunc;
+ buf = unistr(ndo, &strbuf, buf, 0, 1, (*fmt == 'R') ? 0 : unicodestr);
ND_PRINT("%s", strbuf);
- buf += len;
+ if (buf == NULL)
+ goto trunc;
fmt++;
break;
}
case 'Z':
case 'Y': /* like 'Z', but always ASCII */
{
- uint32_t len;
-
- ND_TCHECK_1(buf);
if (GET_U_1(buf) != 4 && GET_U_1(buf) != 2) {
ND_PRINT("Error! ASCIIZ buffer of type %u", GET_U_1(buf));
return maxbuf; /* give up */
}
- len = 0;
- if (unistr(ndo, &strbuf, buf + 1, &len, 1, (*fmt == 'Y') ? 0 : unicodestr) == -1)
- goto trunc;
+ buf = unistr(ndo, &strbuf, buf + 1, 0, 1, (*fmt == 'Y') ? 0 : unicodestr);
ND_PRINT("%s", strbuf);
- buf += len + 1;
+ if (buf == NULL)
+ goto trunc;
fmt++;
break;
}
ND_PRINT("%-*.*s", l, l, buf);
buf += l;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'c':
{
+ if (!stringlen_is_set) {
+ ND_PRINT("{stringlen not set}");
+ goto trunc;
+ }
ND_TCHECK_LEN(buf, stringlen);
ND_PRINT("%-*.*s", (int)stringlen, (int)stringlen, buf);
buf += stringlen;
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'C':
{
- if (unistr(ndo, &strbuf, buf, &stringlen, 0, unicodestr) == -1)
- goto trunc;
+ if (!stringlen_is_set) {
+ ND_PRINT("{stringlen not set}");
+ goto trunc;
+ }
+ buf = unistr(ndo, &strbuf, buf, stringlen, 0, unicodestr);
ND_PRINT("%s", strbuf);
- buf += stringlen;
+ if (buf == NULL)
+ goto trunc;
fmt++;
break;
}
buf++;
}
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
name_type_str(name_type));
break;
case 2:
- ND_TCHECK_1(buf + 15);
name_type = GET_U_1(buf + 15);
ND_PRINT("%-15.15s NameType=0x%02X (%s)", buf, name_type,
name_type_str(name_type));
break;
}
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
case 'T':
{
time_t t;
- struct tm *lt;
const char *tstring;
+ char buffer[sizeof("Www Mmm dd hh:mm:ss yyyyy")];
uint32_t x;
switch (atoi(fmt + 1)) {
case 1:
- ND_TCHECK_4(buf);
x = GET_LE_U_4(buf);
if (x == 0 || x == 0xFFFFFFFF)
t = 0;
buf += 4;
break;
case 2:
- ND_TCHECK_4(buf);
x = GET_LE_U_4(buf);
if (x == 0 || x == 0xFFFFFFFF)
t = 0;
break;
}
if (t != 0) {
- lt = localtime(&t);
- if (lt != NULL)
- tstring = asctime(lt);
- else
- tstring = "(Can't convert time)\n";
+ tstring = nd_format_time(buffer, sizeof(buffer), "%a %b %e %T %Y",
+ localtime(&t));
} else
- tstring = "NULL\n";
- ND_PRINT("%s", tstring);
+ tstring = "NULL";
+ ND_PRINT("%s\n", tstring);
fmt++;
- while (isdigit((unsigned char)*fmt))
+ while (ND_ASCII_ISDIGIT(*fmt))
fmt++;
break;
}
while (*fmt) {
switch (*fmt) {
case '*':
+ /*
+ * List of multiple instances of something described by the
+ * remainder of the string (which may itself include a list
+ * of multiple instances of something, so we recurse).
+ */
fmt++;
while (buf < maxbuf) {
const u_char *buf2;
depth++;
- buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
+ /*
+ * In order to avoid stack exhaustion recurse at most 10
+ * levels; that "should not happen", as no SMB structure
+ * should be nested *that* deeply, and we thus shouldn't
+ * have format strings with that level of nesting.
+ */
+ if (depth == 10) {
+ ND_PRINT("(too many nested levels, not recursing)");
+ buf2 = buf;
+ } else
+ buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr);
depth--;
if (buf2 == NULL)
return(NULL);
return(buf);
case '|':
+ /*
+ * Just do a bounds check.
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
break;
case '%':
+ /*
+ * XXX - unused?
+ */
fmt++;
buf = maxbuf;
break;
case '#':
+ /*
+ * Done?
+ */
fmt++;
return(buf);
break;
case '[':
+ /*
+ * Format of an item, enclosed in square brackets; dissect
+ * the item with smb_fdata1().
+ */
fmt++;
if (buf >= maxbuf)
return(buf);
s[p - fmt] = '\0';
fmt = p + 1;
buf = smb_fdata1(ndo, buf, s, maxbuf, unicodestr);
- if (buf == NULL)
+ if (buf == NULL) {
+ /*
+ * Truncated.
+ * Is the next character a newline?
+ * If so, print it before quitting, so we don't
+ * get stuff in the middle of the line.
+ */
+ if (*fmt == '\n')
+ ND_PRINT("\n");
return(NULL);
+ }
break;
default:
+ /*
+ * Not a formatting character, so just print it.
+ */
ND_PRINT("%c", *fmt);
fmt++;
break;
const err_code_struct *err = err_classes[i].err_msgs;
for (j = 0; err[j].name; j++)
if (num == err[j].code) {
- nd_snprintf(ret, sizeof(ret), "%s - %s (%s)",
+ snprintf(ret, sizeof(ret), "%s - %s (%s)",
err_classes[i].class, err[j].name, err[j].message);
return ret;
}
}
- nd_snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num);
+ snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num);
return ret;
}
- nd_snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num);
+ snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num);
return(ret);
}
return nt_errors[i].name;
}
- nd_snprintf(ret, sizeof(ret), "0x%08x", err);
+ snprintf(ret, sizeof(ret), "0x%08x", err);
return ret;
}
projects / tcpdump / blobdiff