X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/bcf0fb3b48edc9e642c4101e2ccf964a30cdb6f1..9169e4e1949c3fa879f0a2f98cfbd8c444743c27:/smbutil.c diff --git a/smbutil.c b/smbutil.c index 95740daa..ff32ecce 100644 --- a/smbutil.c +++ b/smbutil.c @@ -6,31 +6,43 @@ * or later */ -#define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include +#include "netdissect-stdinc.h" #include #include #include -#include "interface.h" +#include "netdissect-ctype.h" + +#include "netdissect.h" #include "extract.h" #include "smb.h" -static u_int32_t stringlen; +static int stringlen_is_set; +static uint32_t stringlen; extern const u_char *startbuf; +/* + * Reset SMB state. + */ +void +smb_reset(void) +{ + stringlen_is_set = 0; + stringlen = 0; +} + /* * interpret a 32 bit dos packed date/time to some parameters */ static void -interpret_dos_date(u_int32_t date, struct tm *tp) +interpret_dos_date(uint32_t date, struct tm *tp) { - u_int32_t p0, p1, p2, p3; + uint32_t p0, p1, p2, p3; p0 = date & 0xFF; p1 = ((date & 0xFF00) >> 8) & 0xFF; @@ -50,7 +62,7 @@ interpret_dos_date(u_int32_t date, struct tm *tp) * create a unix date from a dos date */ static time_t -int_unix_date(u_int32_t dos_date) +int_unix_date(uint32_t dos_date) { struct tm t; @@ -70,11 +82,11 @@ int_unix_date(u_int32_t dos_date) * in network byte order */ static time_t -make_unix_date(const u_char *date_ptr) +make_unix_date(netdissect_options *ndo, const u_char *date_ptr) { - u_int32_t dos_date = 0; + uint32_t dos_date = 0; - dos_date = EXTRACT_LE_32BITS(date_ptr); + dos_date = GET_LE_U_4(date_ptr); return int_unix_date(dos_date); } @@ -84,11 +96,11 @@ make_unix_date(const u_char *date_ptr) * in halfword-swapped network byte order! */ static time_t -make_unix_date2(const u_char *date_ptr) +make_unix_date2(netdissect_options *ndo, const u_char *date_ptr) { - u_int32_t x, x2; + uint32_t x, x2; - x = EXTRACT_LE_32BITS(date_ptr); + x = GET_LE_U_4(date_ptr); x2 = ((x & 0xFFFF) << 16) | ((x & 0xFFFF0000) >> 16); return int_unix_date(x2); } @@ -98,13 +110,13 @@ make_unix_date2(const u_char *date_ptr) * It's originally in "100ns units since jan 1st 1601" */ static time_t -interpret_long_date(const u_char *p) +interpret_long_date(netdissect_options *ndo, const u_char *p) { double d; time_t ret; /* this gives us seconds since jan 1st 1601 (approx) */ - d = (EXTRACT_LE_32BITS(p + 4) * 256.0 + p[3]) * (1.0e-7 * (1 << 24)); + d = (GET_LE_U_4(p + 4) * 256.0 + GET_U_1(p + 3)) * (1.0e-7 * (1 << 24)); /* now adjust by 369 years to make the secs since 1970 */ d -= 369.0 * 365.25 * 24 * 60 * 60; @@ -129,29 +141,31 @@ name_interpret(netdissect_options *ndo, const u_char *in, const u_char *maxbuf, char *out) { int ret; - int len; + u_int len; if (in >= maxbuf) return(-1); /* name goes past the end of the buffer */ - ND_TCHECK2(*in, 1); - len = (*in++) / 2; + len = GET_U_1(in) / 2; + in++; *out=0; - if (len > 30 || len < 1) + if (len > 30 || len == 0) return(0); - while (len--) { - ND_TCHECK2(*in, 2); + while (len) { + ND_TCHECK_2(in); if (in + 1 >= maxbuf) return(-1); /* name goes past the end of the buffer */ - if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') { + if (GET_U_1(in) < 'A' || GET_U_1(in) > 'P' || + GET_U_1(in + 1) < 'A' || GET_U_1(in + 1) > 'P') { *out = 0; return(0); } - *out = ((in[0] - 'A') << 4) + (in[1] - 'A'); + *out = ((GET_U_1(in) - 'A') << 4) + (GET_U_1(in + 1) - 'A'); in += 2; out++; + len--; } *out = 0; ret = out[-1]; @@ -167,7 +181,7 @@ trunc: */ static const u_char * name_ptr(netdissect_options *ndo, - const u_char *buf, int ofs, const u_char *maxbuf) + const u_char *buf, u_int ofs, const u_char *maxbuf) { const u_char *p; u_char c; @@ -175,18 +189,17 @@ name_ptr(netdissect_options *ndo, p = buf + ofs; if (p >= maxbuf) return(NULL); /* name goes past the end of the buffer */ - ND_TCHECK2(*p, 1); - c = *p; + c = GET_U_1(p); /* XXX - this should use the same code that the DNS dissector does */ if ((c & 0xC0) == 0xC0) { - u_int16_t l; + uint16_t l; - ND_TCHECK2(*p, 2); + ND_TCHECK_2(p); if ((p + 1) >= maxbuf) return(NULL); /* name goes past the end of the buffer */ - l = EXTRACT_16BITS(p) & 0x3FFF; + l = GET_BE_U_2(p) & 0x3FFF; if (l == 0) { /* We have a pointer that points to itself. */ return(NULL); @@ -194,7 +207,7 @@ name_ptr(netdissect_options *ndo, p = buf + l; if (p >= maxbuf) return(NULL); /* name goes past the end of the buffer */ - ND_TCHECK2(*p, 1); + ND_TCHECK_1(p); } return(p); @@ -207,7 +220,7 @@ trunc: */ static int name_extract(netdissect_options *ndo, - const u_char *buf, int ofs, const u_char *maxbuf, char *name) + const u_char *buf, u_int ofs, const u_char *maxbuf, char *name) { const u_char *p = name_ptr(ndo, buf, ofs, maxbuf); if (p == NULL) @@ -222,24 +235,23 @@ name_extract(netdissect_options *ndo, */ static int name_len(netdissect_options *ndo, - const unsigned char *s, const unsigned char *maxbuf) + const u_char *s, const u_char *maxbuf) { - const unsigned char *s0 = s; + const u_char *s0 = s; unsigned char c; if (s >= maxbuf) return(-1); /* name goes past the end of the buffer */ - ND_TCHECK2(*s, 1); - c = *s; + c = GET_U_1(s); if ((c & 0xC0) == 0xC0) return(2); - while (*s) { + while (GET_U_1(s)) { if (s >= maxbuf) return(-1); /* name goes past the end of the buffer */ - ND_TCHECK2(*s, 1); - s += (*s) + 1; + s += GET_U_1(s) + 1; + ND_TCHECK_1(s); } - return(PTR_DIFF(s, s0) + 1); + return(ND_BYTES_BETWEEN(s, s0) + 1); trunc: return(-1); /* name goes past the end of the buffer */ @@ -247,11 +259,11 @@ trunc: static void print_asc(netdissect_options *ndo, - const unsigned char *buf, int len) + const u_char *buf, u_int len) { - int i; + u_int i; for (i = 0; i < len; i++) - safeputchar(ndo, buf[i]); + fn_print_char(ndo, GET_U_1(buf + i)); } static const char * @@ -272,52 +284,45 @@ name_type_str(int name_type) } void -print_data(netdissect_options *ndo, - const unsigned char *buf, int len) +smb_data_print(netdissect_options *ndo, const u_char *buf, u_int len) { - int i = 0; + u_int i = 0; - if (len <= 0) + if (len == 0) return; - ND_PRINT((ndo, "[%03X] ", i)); + ND_PRINT("[%03X] ", i); for (i = 0; i < len; /*nothing*/) { - ND_TCHECK(buf[i]); - ND_PRINT((ndo, "%02X ", buf[i] & 0xff)); + ND_PRINT("%02X ", GET_U_1(buf + i) & 0xff); i++; if (i%8 == 0) - ND_PRINT((ndo, " ")); + ND_PRINT(" "); if (i % 16 == 0) { - print_asc(ndo, &buf[i - 16], 8); - ND_PRINT((ndo, " ")); - print_asc(ndo, &buf[i - 8], 8); - ND_PRINT((ndo, "\n")); + print_asc(ndo, buf + i - 16, 8); + ND_PRINT(" "); + print_asc(ndo, buf + i - 8, 8); + ND_PRINT("\n"); if (i < len) - ND_PRINT((ndo, "[%03X] ", i)); + ND_PRINT("[%03X] ", i); } } if (i % 16) { int n; n = 16 - (i % 16); - ND_PRINT((ndo, " ")); + ND_PRINT(" "); if (n>8) - ND_PRINT((ndo, " ")); + ND_PRINT(" "); while (n--) - ND_PRINT((ndo, " ")); + ND_PRINT(" "); - n = min(8, i % 16); - print_asc(ndo, &buf[i - (i % 16)], n); - ND_PRINT((ndo, " ")); + n = ND_MIN(8, i % 16); + print_asc(ndo, buf + i - (i % 16), n); + ND_PRINT(" "); n = (i % 16) - n; if (n > 0) - print_asc(ndo, &buf[i - n], n); - ND_PRINT((ndo, "\n")); + print_asc(ndo, buf + i - n, n); + ND_PRINT("\n"); } - return; - -trunc: - ND_PRINT((ndo, "\n")); - ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length\n")); } @@ -326,12 +331,12 @@ write_bits(netdissect_options *ndo, unsigned int val, const char *fmt) { const char *p = fmt; - int i = 0; + u_int i = 0; while ((p = strchr(fmt, '|'))) { - size_t l = PTR_DIFF(p, fmt); + u_int l = ND_BYTES_BETWEEN(p, fmt); if (l && (val & (1 << i))) - ND_PRINT((ndo, "%.*s ", (int)l, fmt)); + ND_PRINT("%.*s ", (int)l, fmt); fmt = p + 1; i++; } @@ -339,13 +344,13 @@ write_bits(netdissect_options *ndo, /* convert a UCS-2 string into an ASCII string */ #define MAX_UNISTR_SIZE 1000 -static const char * -unistr(netdissect_options *ndo, - const u_char *s, u_int32_t *len, int use_unicode) +static const u_char * +unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1], + const u_char *s, uint32_t strsize, int is_null_terminated, + int use_unicode) { - static char buf[MAX_UNISTR_SIZE+1]; + u_int c; size_t l = 0; - u_int32_t strsize; const u_char *sp; if (use_unicode) { @@ -353,82 +358,108 @@ unistr(netdissect_options *ndo, * Skip padding that puts the string on an even boundary. */ if (((s - startbuf) % 2) != 0) { - ND_TCHECK(s[0]); + ND_TCHECK_1(s); s++; } } - if (*len == 0) { + if (is_null_terminated) { /* * Null-terminated string. + * Find the length, counting the terminating NUL. */ strsize = 0; sp = s; if (!use_unicode) { for (;;) { - ND_TCHECK(sp[0]); - *len += 1; - if (sp[0] == 0) - break; + c = GET_U_1(sp); sp++; + strsize++; + if (c == '\0') + break; } - strsize = *len - 1; } else { for (;;) { - ND_TCHECK2(sp[0], 2); - *len += 2; - if (sp[0] == 0 && sp[1] == 0) - break; + c = GET_LE_U_2(sp); sp += 2; + strsize += 2; + if (c == '\0') + break; } - strsize = *len - 2; } - } else { - /* - * Counted string. - */ - strsize = *len; } if (!use_unicode) { while (strsize != 0) { - ND_TCHECK(s[0]); - if (l >= MAX_UNISTR_SIZE) - break; - if (ND_ISPRINT(s[0])) - buf[l] = s[0]; - else { - if (s[0] == 0) - break; - buf[l] = '.'; - } - l++; + c = GET_U_1(s); s++; strsize--; - } - } else { - while (strsize != 0) { - ND_TCHECK2(s[0], 2); - if (l >= MAX_UNISTR_SIZE) + if (c == 0) { + /* + * Even counted strings may have embedded null + * terminators, so quit here, and skip past + * the rest of the data. + * + * Make sure, however, that the rest of the data + * is there, so we don't overflow the buffer when + * skipping past it. + */ + ND_TCHECK_LEN(s, strsize); + s += strsize; + strsize = 0; break; - if (s[1] == 0 && ND_ISPRINT(s[0])) { - /* It's a printable ASCII character */ - buf[l] = s[0]; - } else { - /* It's a non-ASCII character or a non-printable ASCII character */ - if (s[0] == 0 && s[1] == 0) - break; - buf[l] = '.'; } - l++; + if (l < MAX_UNISTR_SIZE) { + if (ND_ASCII_ISPRINT(c)) { + /* It's a printable ASCII character */ + (*buf)[l] = (char)c; + } else { + /* It's a non-ASCII character or a non-printable ASCII character */ + (*buf)[l] = '.'; + } + l++; + } + } + } else { + while (strsize > 1) { + c = GET_LE_U_2(s); s += 2; - if (strsize == 1) - break; strsize -= 2; + if (c == 0) { + /* + * Even counted strings may have embedded null + * terminators, so quit here, and skip past + * the rest of the data. + * + * Make sure, however, that the rest of the data + * is there, so we don't overflow the buffer when + * skipping past it. + */ + ND_TCHECK_LEN(s, strsize); + s += strsize; + strsize = 0; + break; + } + if (l < MAX_UNISTR_SIZE) { + if (ND_ASCII_ISPRINT(c)) { + /* It's a printable ASCII character */ + (*buf)[l] = (char)c; + } else { + /* It's a non-ASCII character or a non-printable ASCII character */ + (*buf)[l] = '.'; + } + l++; + } + } + if (strsize == 1) { + /* We have half of a code point; skip past it */ + ND_TCHECK_1(s); + s++; } } - buf[l] = 0; - return buf; + (*buf)[l] = 0; + return s; trunc: + (*buf)[l] = 0; return NULL; } @@ -439,19 +470,18 @@ smb_fdata1(netdissect_options *ndo, { int reverse = 0; const char *attrib_fmt = "READONLY|HIDDEN|SYSTEM|VOLUME|DIR|ARCHIVE|"; + char strbuf[MAX_UNISTR_SIZE+1]; while (*fmt && buf sizeof(bitfmt) - 1) - l = sizeof(bitfmt)-1; + if (l > sizeof(bitfmt) - 1) + l = sizeof(bitfmt)-1; strncpy(bitfmt, fmt, l); bitfmt[l] = '\0'; fmt = p + 1; - ND_TCHECK(buf[0]); - write_bits(ndo, buf[0], bitfmt); + write_bits(ndo, GET_U_1(buf), bitfmt); buf++; break; } @@ -480,10 +509,10 @@ smb_fdata1(netdissect_options *ndo, case 'P': { int l = atoi(fmt + 1); - ND_TCHECK2(buf[0], l); + ND_TCHECK_LEN(buf, l); buf += l; fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } @@ -494,58 +523,74 @@ smb_fdata1(netdissect_options *ndo, case 'b': { unsigned int x; - ND_TCHECK(buf[0]); - x = buf[0]; - ND_PRINT((ndo, "%u (0x%x)", x, x)); + x = GET_U_1(buf); + ND_PRINT("%u (0x%x)", x, x); buf += 1; fmt++; break; } case 'd': { - unsigned int x; - ND_TCHECK2(buf[0], 2); - x = reverse ? EXTRACT_16BITS(buf) : - EXTRACT_LE_16BITS(buf); - ND_PRINT((ndo, "%d (0x%x)", x, x)); + int x; + x = reverse ? GET_BE_S_2(buf) : + GET_LE_S_2(buf); + ND_PRINT("%d (0x%x)", x, x); buf += 2; fmt++; break; } case 'D': { - unsigned int x; - ND_TCHECK2(buf[0], 4); - x = reverse ? EXTRACT_32BITS(buf) : - EXTRACT_LE_32BITS(buf); - ND_PRINT((ndo, "%d (0x%x)", x, x)); + int x; + x = reverse ? GET_BE_S_4(buf) : + GET_LE_S_4(buf); + ND_PRINT("%d (0x%x)", x, x); buf += 4; fmt++; break; } case 'L': { - u_int64_t x; - ND_TCHECK2(buf[0], 8); - x = reverse ? EXTRACT_64BITS(buf) : - EXTRACT_LE_64BITS(buf); - ND_PRINT((ndo, "%" PRIu64 " (0x%" PRIx64 ")", x, x)); + uint64_t x; + x = reverse ? GET_BE_U_8(buf) : + GET_LE_U_8(buf); + ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x); buf += 8; fmt++; break; } + case 'u': + { + unsigned int x; + x = reverse ? GET_BE_U_2(buf) : + GET_LE_U_2(buf); + ND_PRINT("%u (0x%x)", x, x); + buf += 2; + fmt++; + break; + } + case 'U': + { + unsigned int x; + x = reverse ? GET_BE_U_4(buf) : + GET_LE_U_4(buf); + ND_PRINT("%u (0x%x)", x, x); + buf += 4; + fmt++; + break; + } case 'M': { /* Weird mixed-endian length values in 64-bit locks */ - u_int32_t x1, x2; - u_int64_t x; - ND_TCHECK2(buf[0], 8); - x1 = reverse ? EXTRACT_32BITS(buf) : - EXTRACT_LE_32BITS(buf); - x2 = reverse ? EXTRACT_32BITS(buf + 4) : - EXTRACT_LE_32BITS(buf + 4); - x = (((u_int64_t)x1) << 32) | x2; - ND_PRINT((ndo, "%" PRIu64 " (0x%" PRIx64 ")", x, x)); + uint32_t x1, x2; + uint64_t x; + ND_TCHECK_8(buf); + x1 = reverse ? GET_BE_U_4(buf) : + GET_LE_U_4(buf); + x2 = reverse ? GET_BE_U_4(buf + 4) : + GET_LE_U_4(buf + 4); + x = (((uint64_t)x1) << 32) | x2; + ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x); buf += 8; fmt++; break; @@ -553,9 +598,8 @@ smb_fdata1(netdissect_options *ndo, case 'B': { unsigned int x; - ND_TCHECK(buf[0]); - x = buf[0]; - ND_PRINT((ndo, "0x%X", x)); + x = GET_U_1(buf); + ND_PRINT("0x%X", x); buf += 1; fmt++; break; @@ -563,10 +607,9 @@ smb_fdata1(netdissect_options *ndo, case 'w': { unsigned int x; - ND_TCHECK2(buf[0], 2); - x = reverse ? EXTRACT_16BITS(buf) : - EXTRACT_LE_16BITS(buf); - ND_PRINT((ndo, "0x%X", x)); + x = reverse ? GET_BE_U_2(buf) : + GET_LE_U_2(buf); + ND_PRINT("0x%X", x); buf += 2; fmt++; break; @@ -574,10 +617,9 @@ smb_fdata1(netdissect_options *ndo, case 'W': { unsigned int x; - ND_TCHECK2(buf[0], 4); - x = reverse ? EXTRACT_32BITS(buf) : - EXTRACT_LE_32BITS(buf); - ND_PRINT((ndo, "0x%X", x)); + x = reverse ? GET_BE_U_4(buf) : + GET_LE_U_4(buf); + ND_PRINT("0x%X", x); buf += 4; fmt++; break; @@ -588,25 +630,27 @@ smb_fdata1(netdissect_options *ndo, switch (*fmt) { case 'b': - ND_TCHECK(buf[0]); - stringlen = buf[0]; - ND_PRINT((ndo, "%u", stringlen)); + stringlen = GET_U_1(buf); + stringlen_is_set = 1; + ND_PRINT("%u", stringlen); buf += 1; break; case 'd': - ND_TCHECK2(buf[0], 2); - stringlen = reverse ? EXTRACT_16BITS(buf) : - EXTRACT_LE_16BITS(buf); - ND_PRINT((ndo, "%u", stringlen)); + case 'u': + stringlen = reverse ? GET_BE_U_2(buf) : + GET_LE_U_2(buf); + stringlen_is_set = 1; + ND_PRINT("%u", stringlen); buf += 2; break; case 'D': - ND_TCHECK2(buf[0], 4); - stringlen = reverse ? EXTRACT_32BITS(buf) : - EXTRACT_LE_32BITS(buf); - ND_PRINT((ndo, "%u", stringlen)); + case 'U': + stringlen = reverse ? GET_BE_U_4(buf) : + GET_LE_U_4(buf); + stringlen_is_set = 1; + ND_PRINT("%u", stringlen); buf += 4; break; } @@ -617,78 +661,75 @@ smb_fdata1(netdissect_options *ndo, case 'R': /* like 'S', but always ASCII */ { /*XXX unistr() */ - const char *s; - u_int32_t len; - - len = 0; - s = unistr(ndo, buf, &len, (*fmt == 'R') ? 0 : unicodestr); - if (s == NULL) + buf = unistr(ndo, &strbuf, buf, 0, 1, (*fmt == 'R') ? 0 : unicodestr); + ND_PRINT("%s", strbuf); + if (buf == NULL) goto trunc; - ND_PRINT((ndo, "%s", s)); - buf += len; fmt++; break; } case 'Z': case 'Y': /* like 'Z', but always ASCII */ { - const char *s; - u_int32_t len; - - ND_TCHECK(*buf); - if (*buf != 4 && *buf != 2) { - ND_PRINT((ndo, "Error! ASCIIZ buffer of type %u", *buf)); + if (GET_U_1(buf) != 4 && GET_U_1(buf) != 2) { + ND_PRINT("Error! ASCIIZ buffer of type %u", GET_U_1(buf)); return maxbuf; /* give up */ } - len = 0; - s = unistr(ndo, buf + 1, &len, (*fmt == 'Y') ? 0 : unicodestr); - if (s == NULL) + buf = unistr(ndo, &strbuf, buf + 1, 0, 1, (*fmt == 'Y') ? 0 : unicodestr); + ND_PRINT("%s", strbuf); + if (buf == NULL) goto trunc; - ND_PRINT((ndo, "%s", s)); - buf += len + 1; fmt++; break; } case 's': { int l = atoi(fmt + 1); - ND_TCHECK2(*buf, l); - ND_PRINT((ndo, "%-*.*s", l, l, buf)); + ND_TCHECK_LEN(buf, l); + ND_PRINT("%-*.*s", l, l, buf); buf += l; fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'c': { - ND_TCHECK2(*buf, stringlen); - ND_PRINT((ndo, "%-*.*s", (int)stringlen, (int)stringlen, buf)); + if (!stringlen_is_set) { + ND_PRINT("{stringlen not set}"); + goto trunc; + } + ND_TCHECK_LEN(buf, stringlen); + ND_PRINT("%-*.*s", (int)stringlen, (int)stringlen, buf); buf += stringlen; fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'C': { - const char *s; - s = unistr(ndo, buf, &stringlen, unicodestr); - if (s == NULL) + if (!stringlen_is_set) { + ND_PRINT("{stringlen not set}"); + goto trunc; + } + buf = unistr(ndo, &strbuf, buf, stringlen, 0, unicodestr); + ND_PRINT("%s", strbuf); + if (buf == NULL) goto trunc; - ND_PRINT((ndo, "%s", s)); - buf += stringlen; fmt++; break; } case 'h': { int l = atoi(fmt + 1); - ND_TCHECK2(*buf, l); - while (l--) - ND_PRINT((ndo, "%02x", *buf++)); + ND_TCHECK_LEN(buf, l); + while (l--) { + ND_PRINT("%02x", GET_U_1(buf)); + buf++; + } fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } @@ -701,7 +742,7 @@ smb_fdata1(netdissect_options *ndo, switch (t) { case 1: - name_type = name_extract(ndo, startbuf, PTR_DIFF(buf, startbuf), + name_type = name_extract(ndo, startbuf, ND_BYTES_BETWEEN(buf, startbuf), maxbuf, nbuf); if (name_type < 0) goto trunc; @@ -709,19 +750,18 @@ smb_fdata1(netdissect_options *ndo, if (len < 0) goto trunc; buf += len; - ND_PRINT((ndo, "%-15.15s NameType=0x%02X (%s)", nbuf, name_type, - name_type_str(name_type))); + ND_PRINT("%-15.15s NameType=0x%02X (%s)", nbuf, name_type, + name_type_str(name_type)); break; case 2: - ND_TCHECK(buf[15]); - name_type = buf[15]; - ND_PRINT((ndo, "%-15.15s NameType=0x%02X (%s)", buf, name_type, - name_type_str(name_type))); + name_type = GET_U_1(buf + 15); + ND_PRINT("%-15.15s NameType=0x%02X (%s)", buf, name_type, + name_type_str(name_type)); buf += 16; break; } fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } @@ -730,30 +770,28 @@ smb_fdata1(netdissect_options *ndo, time_t t; struct tm *lt; const char *tstring; - u_int32_t x; + uint32_t x; switch (atoi(fmt + 1)) { case 1: - ND_TCHECK2(buf[0], 4); - x = EXTRACT_LE_32BITS(buf); + x = GET_LE_U_4(buf); if (x == 0 || x == 0xFFFFFFFF) t = 0; else - t = make_unix_date(buf); + t = make_unix_date(ndo, buf); buf += 4; break; case 2: - ND_TCHECK2(buf[0], 4); - x = EXTRACT_LE_32BITS(buf); + x = GET_LE_U_4(buf); if (x == 0 || x == 0xFFFFFFFF) t = 0; else - t = make_unix_date2(buf); + t = make_unix_date2(ndo, buf); buf += 4; break; case 3: - ND_TCHECK2(buf[0], 8); - t = interpret_long_date(buf); + ND_TCHECK_8(buf); + t = interpret_long_date(ndo, buf); buf += 8; break; default: @@ -768,27 +806,26 @@ smb_fdata1(netdissect_options *ndo, tstring = "(Can't convert time)\n"; } else tstring = "NULL\n"; - ND_PRINT((ndo, "%s", tstring)); + ND_PRINT("%s", tstring); fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } default: - ND_PRINT((ndo, "%c", *fmt)); + ND_PRINT("%c", *fmt); fmt++; break; } } if (buf >= maxbuf && *fmt) - ND_PRINT((ndo, "END OF BUFFER\n")); + ND_PRINT("END OF BUFFER\n"); return(buf); trunc: - ND_PRINT((ndo, "\n")); - ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length\n")); + nd_print_trunc(ndo); return(NULL); } @@ -804,11 +841,26 @@ smb_fdata(netdissect_options *ndo, while (*fmt) { switch (*fmt) { case '*': + /* + * List of multiple instances of something described by the + * remainder of the string (which may itself include a list + * of multiple instances of something, so we recurse). + */ fmt++; while (buf < maxbuf) { const u_char *buf2; depth++; - buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr); + /* + * In order to avoid stack exhaustion recurse at most 10 + * levels; that "should not happen", as no SMB structure + * should be nested *that* deeply, and we thus shouldn't + * have format strings with that level of nesting. + */ + if (depth == 10) { + ND_PRINT("(too many nested levels, not recursing)"); + buf2 = buf; + } else + buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr); depth--; if (buf2 == NULL) return(NULL); @@ -819,22 +871,35 @@ smb_fdata(netdissect_options *ndo, return(buf); case '|': + /* + * Just do a bounds check. + */ fmt++; if (buf >= maxbuf) return(buf); break; case '%': + /* + * XXX - unused? + */ fmt++; buf = maxbuf; break; case '#': + /* + * Done? + */ fmt++; return(buf); break; case '[': + /* + * Format of an item, enclosed in square brackets; dissect + * the item with smb_fdata1(). + */ fmt++; if (buf >= maxbuf) return(buf); @@ -848,20 +913,32 @@ smb_fdata(netdissect_options *ndo, s[p - fmt] = '\0'; fmt = p + 1; buf = smb_fdata1(ndo, buf, s, maxbuf, unicodestr); - if (buf == NULL) + if (buf == NULL) { + /* + * Truncated. + * Is the next character a newline? + * If so, print it before quitting, so we don't + * get stuff in the middle of the line. + */ + if (*fmt == '\n') + ND_PRINT("\n"); return(NULL); + } break; default: - ND_PRINT((ndo, "%c", *fmt)); + /* + * Not a formatting character, so just print it. + */ + ND_PRINT("%c", *fmt); fmt++; break; } } if (!depth && buf < maxbuf) { - size_t len = PTR_DIFF(maxbuf, buf); - ND_PRINT((ndo, "Data: (%lu bytes)\n", (unsigned long)len)); - print_data(ndo, buf, len); + u_int len = ND_BYTES_BETWEEN(maxbuf, buf); + ND_PRINT("Data: (%u bytes)\n", len); + smb_data_print(ndo, buf, len); return(buf + len); } return(buf); @@ -984,7 +1061,7 @@ static const struct { /* * return a SMB error string from a SMB buffer */ -char * +const char * smb_errstr(int class, int num) { static char ret[128]; @@ -1013,7 +1090,7 @@ smb_errstr(int class, int num) } typedef struct { - u_int32_t code; + uint32_t code; const char *name; } nt_err_code_struct; @@ -1833,7 +1910,7 @@ static const nt_err_code_struct nt_errors[] = { { 0xC002100A, "RPC_P_SEND_FAILED" }, { 0xC002100B, "RPC_P_TIMEOUT" }, { 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" }, - { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" }, + { 0xC002100E, "RPC_P_EXCEPTION_OCCURRED" }, { 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" }, { 0xC0021015, "RPC_P_THREAD_LISTENING" }, { 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" }, @@ -1877,7 +1954,7 @@ static const nt_err_code_struct nt_errors[] = { * return an NT error string from a SMB buffer */ const char * -nt_errstr(u_int32_t err) +nt_errstr(uint32_t err) { static char ret[128]; int i;