X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/7578e1c04ee280dda50c4c2813e7d55f539c6501..dab871e8be7a30e511487ef0a5d401ab5657d314:/smbutil.c diff --git a/smbutil.c b/smbutil.c index f33a323f..02b9ffce 100644 --- a/smbutil.c +++ b/smbutil.c @@ -6,9 +6,7 @@ * or later */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" @@ -37,43 +35,38 @@ smb_reset(void) } /* - * interpret a 32 bit dos packed date/time to some parameters - */ -static void -interpret_dos_date(uint32_t date, struct tm *tp) -{ - uint32_t p0, p1, p2, p3; - - p0 = date & 0xFF; - p1 = ((date & 0xFF00) >> 8) & 0xFF; - p2 = ((date & 0xFF0000) >> 16) & 0xFF; - p3 = ((date & 0xFF000000) >> 24) & 0xFF; - - tp->tm_sec = 2 * (p0 & 0x1F); - tp->tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3); - tp->tm_hour = (p1 >> 3) & 0xFF; - tp->tm_mday = (p2 & 0x1F); - tp->tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1; - tp->tm_year = ((p3 >> 1) & 0xFF) + 80; -} - -/* - * common portion: - * create a unix date from a dos date + * create a UNIX time_t from a 32-bit DOS packetd date/time, with + * the DOS date/time assumed to be local time in *our* location. */ static time_t int_unix_date(uint32_t dos_date) { + uint32_t p0, p1, p2, p3; struct tm t; if (dos_date == 0) return(0); - interpret_dos_date(dos_date, &t); - t.tm_wday = 1; - t.tm_yday = 1; - t.tm_isdst = 0; - + p0 = dos_date & 0xFF; + p1 = ((dos_date & 0xFF00) >> 8) & 0xFF; + p2 = ((dos_date & 0xFF0000) >> 16) & 0xFF; + p3 = ((dos_date & 0xFF000000) >> 24) & 0xFF; + + t.tm_sec = 2 * (p0 & 0x1F); + t.tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3); + t.tm_hour = (p1 >> 3) & 0xFF; + t.tm_mday = (p2 & 0x1F); + t.tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1; + t.tm_year = ((p3 >> 1) & 0xFF) + 80; + + t.tm_wday = 1; /* XXX - should not affect the result; why 1? */ + t.tm_yday = 1; /* XXX - should not affect the result; why 1? */ + t.tm_isdst = 0; /* XXX - should be -1, to handle DST? */ + + /* + * XXX - if tm_year is 2038 or later, this might not fit in a + * 32-bit time_t. + */ return (mktime(&t)); } @@ -105,31 +98,38 @@ make_unix_date2(netdissect_options *ndo, const u_char *date_ptr) return int_unix_date(x2); } +/* Delta between the NT FILETIME epoch and the POSIX epoch. */ +#define FILETIME_TO_POSIX_DELTA INT64_C(11644473600) + /* - * interpret an 8 byte "filetime" structure to a time_t + * interpret an 8 byte NT FILETIME structure to a time_t * It's originally in "100ns units since jan 1st 1601" */ static time_t -interpret_long_date(netdissect_options *ndo, const u_char *p) +interpret_filetime(netdissect_options *ndo, const u_char *p) { - double d; - time_t ret; - - /* this gives us seconds since jan 1st 1601 (approx) */ - d = (GET_LE_U_4(p + 4) * 256.0 + GET_U_1(p + 3)) * (1.0e-7 * (1 << 24)); - - /* now adjust by 369 years to make the secs since 1970 */ - d -= 369.0 * 365.25 * 24 * 60 * 60; - - /* and a fudge factor as we got it wrong by a few days */ - d += (3 * 24 * 60 * 60 + 6 * 60 * 60 + 2); - - if (d < 0) - return(0); - - ret = (time_t)d; - - return(ret); + int64_t ret; + time_t ret_time_t; + + /* + * Fetch a FILETIME structure; the first 4 bytes are the low-order + * 32 bits of a 64-bit count of 100ns units since 1601-01-01 + * at some specific time, and the next 4 bytes are the high-order + * 32 bits of that count. + */ + ret = (int64_t)(((uint64_t)GET_LE_U_4(p + 4) << 32) + (uint64_t)GET_LE_U_4(p)); + + /* Now convert from FILETIME to POSIX time. */ + ret += FILETIME_TO_POSIX_DELTA; + + ret_time_t = (time_t)ret; + if (ret_time_t != ret) { + /* + * It doesn't fit in a time_t. Return 0, as an error indication. + */ + return(0); + } + return(ret_time_t); } /* @@ -251,7 +251,7 @@ name_len(netdissect_options *ndo, s += GET_U_1(s) + 1; ND_TCHECK_1(s); } - return(ND_BYTES_BETWEEN(s, s0) + 1); + return(ND_BYTES_BETWEEN(s0, s) + 1); trunc: return(-1); /* name goes past the end of the buffer */ @@ -334,7 +334,7 @@ write_bits(netdissect_options *ndo, u_int i = 0; while ((p = strchr(fmt, '|'))) { - u_int l = ND_BYTES_BETWEEN(p, fmt); + u_int l = ND_BYTES_BETWEEN(fmt, p); if (l && (val & (1 << i))) ND_PRINT("%.*s ", (int)l, fmt); fmt = p + 1; @@ -388,7 +388,7 @@ unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1], } } if (!use_unicode) { - while (strsize != 0) { + while (strsize != 0) { c = GET_U_1(s); s++; strsize--; @@ -493,7 +493,7 @@ smb_fdata1(netdissect_options *ndo, u_int l; p = strchr(++fmt, '}'); - l = ND_BYTES_BETWEEN(p, fmt); + l = ND_BYTES_BETWEEN(fmt, p); if (l > sizeof(bitfmt) - 1) l = sizeof(bitfmt)-1; @@ -742,8 +742,9 @@ smb_fdata1(netdissect_options *ndo, switch (t) { case 1: - name_type = name_extract(ndo, startbuf, ND_BYTES_BETWEEN(buf, startbuf), - maxbuf, nbuf); + name_type = name_extract(ndo, startbuf, + ND_BYTES_BETWEEN(startbuf, buf), + maxbuf, nbuf); if (name_type < 0) goto trunc; len = name_len(ndo, buf, maxbuf); @@ -791,7 +792,7 @@ smb_fdata1(netdissect_options *ndo, break; case 3: ND_TCHECK_8(buf); - t = interpret_long_date(ndo, buf); + t = interpret_filetime(ndo, buf); buf += 8; break; default: @@ -799,8 +800,8 @@ smb_fdata1(netdissect_options *ndo, break; } if (t != 0) { - tstring = nd_format_time(buffer, sizeof(buffer), "%a %b %e %T %Y", - localtime(&t)); + tstring = nd_format_time(buffer, sizeof(buffer), "%Y-%m-%d %T", + localtime(&t)); } else tstring = "NULL"; ND_PRINT("%s\n", tstring); @@ -890,7 +891,6 @@ smb_fdata(netdissect_options *ndo, */ fmt++; return(buf); - break; case '[': /* @@ -933,7 +933,7 @@ smb_fdata(netdissect_options *ndo, } } if (!depth && buf < maxbuf) { - u_int len = ND_BYTES_BETWEEN(maxbuf, buf); + u_int len = ND_BYTES_BETWEEN(buf, maxbuf); ND_PRINT("Data: (%u bytes)\n", len); smb_data_print(ndo, buf, len); return(buf + len);