X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/d1b7389cac0ce3c9ccbeede1ea604ad18e9cf965..dab871e8be7a30e511487ef0a5d401ab5657d314:/smbutil.c diff --git a/smbutil.c b/smbutil.c index 0acb553f..02b9ffce 100644 --- a/smbutil.c +++ b/smbutil.c @@ -6,9 +6,7 @@ * or later */ -#ifdef HAVE_CONFIG_H #include -#endif #include "netdissect-stdinc.h" @@ -16,51 +14,59 @@ #include #include +#include "netdissect-ctype.h" + #include "netdissect.h" #include "extract.h" #include "smb.h" +static int stringlen_is_set; static uint32_t stringlen; extern const u_char *startbuf; /* - * interpret a 32 bit dos packed date/time to some parameters + * Reset SMB state. */ -static void -interpret_dos_date(uint32_t date, struct tm *tp) +void +smb_reset(void) { - uint32_t p0, p1, p2, p3; - - p0 = date & 0xFF; - p1 = ((date & 0xFF00) >> 8) & 0xFF; - p2 = ((date & 0xFF0000) >> 16) & 0xFF; - p3 = ((date & 0xFF000000) >> 24) & 0xFF; - - tp->tm_sec = 2 * (p0 & 0x1F); - tp->tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3); - tp->tm_hour = (p1 >> 3) & 0xFF; - tp->tm_mday = (p2 & 0x1F); - tp->tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1; - tp->tm_year = ((p3 >> 1) & 0xFF) + 80; + stringlen_is_set = 0; + stringlen = 0; } /* - * common portion: - * create a unix date from a dos date + * create a UNIX time_t from a 32-bit DOS packetd date/time, with + * the DOS date/time assumed to be local time in *our* location. */ static time_t int_unix_date(uint32_t dos_date) { + uint32_t p0, p1, p2, p3; struct tm t; if (dos_date == 0) return(0); - interpret_dos_date(dos_date, &t); - t.tm_wday = 1; - t.tm_yday = 1; - t.tm_isdst = 0; - + p0 = dos_date & 0xFF; + p1 = ((dos_date & 0xFF00) >> 8) & 0xFF; + p2 = ((dos_date & 0xFF0000) >> 16) & 0xFF; + p3 = ((dos_date & 0xFF000000) >> 24) & 0xFF; + + t.tm_sec = 2 * (p0 & 0x1F); + t.tm_min = ((p0 >> 5) & 0xFF) + ((p1 & 0x7) << 3); + t.tm_hour = (p1 >> 3) & 0xFF; + t.tm_mday = (p2 & 0x1F); + t.tm_mon = ((p2 >> 5) & 0xFF) + ((p3 & 0x1) << 3) - 1; + t.tm_year = ((p3 >> 1) & 0xFF) + 80; + + t.tm_wday = 1; /* XXX - should not affect the result; why 1? */ + t.tm_yday = 1; /* XXX - should not affect the result; why 1? */ + t.tm_isdst = 0; /* XXX - should be -1, to handle DST? */ + + /* + * XXX - if tm_year is 2038 or later, this might not fit in a + * 32-bit time_t. + */ return (mktime(&t)); } @@ -92,31 +98,38 @@ make_unix_date2(netdissect_options *ndo, const u_char *date_ptr) return int_unix_date(x2); } +/* Delta between the NT FILETIME epoch and the POSIX epoch. */ +#define FILETIME_TO_POSIX_DELTA INT64_C(11644473600) + /* - * interpret an 8 byte "filetime" structure to a time_t + * interpret an 8 byte NT FILETIME structure to a time_t * It's originally in "100ns units since jan 1st 1601" */ static time_t -interpret_long_date(netdissect_options *ndo, const u_char *p) +interpret_filetime(netdissect_options *ndo, const u_char *p) { - double d; - time_t ret; - - /* this gives us seconds since jan 1st 1601 (approx) */ - d = (GET_LE_U_4(p + 4) * 256.0 + GET_U_1(p + 3)) * (1.0e-7 * (1 << 24)); - - /* now adjust by 369 years to make the secs since 1970 */ - d -= 369.0 * 365.25 * 24 * 60 * 60; - - /* and a fudge factor as we got it wrong by a few days */ - d += (3 * 24 * 60 * 60 + 6 * 60 * 60 + 2); - - if (d < 0) - return(0); - - ret = (time_t)d; - - return(ret); + int64_t ret; + time_t ret_time_t; + + /* + * Fetch a FILETIME structure; the first 4 bytes are the low-order + * 32 bits of a 64-bit count of 100ns units since 1601-01-01 + * at some specific time, and the next 4 bytes are the high-order + * 32 bits of that count. + */ + ret = (int64_t)(((uint64_t)GET_LE_U_4(p + 4) << 32) + (uint64_t)GET_LE_U_4(p)); + + /* Now convert from FILETIME to POSIX time. */ + ret += FILETIME_TO_POSIX_DELTA; + + ret_time_t = (time_t)ret; + if (ret_time_t != ret) { + /* + * It doesn't fit in a time_t. Return 0, as an error indication. + */ + return(0); + } + return(ret_time_t); } /* @@ -132,7 +145,6 @@ name_interpret(netdissect_options *ndo, if (in >= maxbuf) return(-1); /* name goes past the end of the buffer */ - ND_TCHECK_1(in); len = GET_U_1(in) / 2; in++; @@ -177,7 +189,6 @@ name_ptr(netdissect_options *ndo, p = buf + ofs; if (p >= maxbuf) return(NULL); /* name goes past the end of the buffer */ - ND_TCHECK_1(p); c = GET_U_1(p); @@ -231,18 +242,16 @@ name_len(netdissect_options *ndo, if (s >= maxbuf) return(-1); /* name goes past the end of the buffer */ - ND_TCHECK_1(s); c = GET_U_1(s); if ((c & 0xC0) == 0xC0) return(2); while (GET_U_1(s)) { if (s >= maxbuf) return(-1); /* name goes past the end of the buffer */ - ND_TCHECK_1(s); s += GET_U_1(s) + 1; ND_TCHECK_1(s); } - return(ND_BYTES_BETWEEN(s, s0) + 1); + return(ND_BYTES_BETWEEN(s0, s) + 1); trunc: return(-1); /* name goes past the end of the buffer */ @@ -283,7 +292,6 @@ smb_data_print(netdissect_options *ndo, const u_char *buf, u_int len) return; ND_PRINT("[%03X] ", i); for (i = 0; i < len; /*nothing*/) { - ND_TCHECK_1(buf + i); ND_PRINT("%02X ", GET_U_1(buf + i) & 0xff); i++; if (i%8 == 0) @@ -307,7 +315,7 @@ smb_data_print(netdissect_options *ndo, const u_char *buf, u_int len) while (n--) ND_PRINT(" "); - n = min(8, i % 16); + n = ND_MIN(8, i % 16); print_asc(ndo, buf + i - (i % 16), n); ND_PRINT(" "); n = (i % 16) - n; @@ -315,10 +323,6 @@ smb_data_print(netdissect_options *ndo, const u_char *buf, u_int len) print_asc(ndo, buf + i - n, n); ND_PRINT("\n"); } - return; - -trunc: - nd_print_trunc(ndo); } @@ -330,7 +334,7 @@ write_bits(netdissect_options *ndo, u_int i = 0; while ((p = strchr(fmt, '|'))) { - u_int l = ND_BYTES_BETWEEN(p, fmt); + u_int l = ND_BYTES_BETWEEN(fmt, p); if (l && (val & (1 << i))) ND_PRINT("%.*s ", (int)l, fmt); fmt = p + 1; @@ -340,14 +344,14 @@ write_bits(netdissect_options *ndo, /* convert a UCS-2 string into an ASCII string */ #define MAX_UNISTR_SIZE 1000 -static int +static const u_char * unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1], - const u_char *s, uint32_t *len, int is_null_terminated, int use_unicode) + const u_char *s, uint32_t strsize, int is_null_terminated, + int use_unicode) { + u_int c; size_t l = 0; - uint32_t strsize; const u_char *sp; - int padding = 0; if (use_unicode) { /* @@ -356,84 +360,107 @@ unistr(netdissect_options *ndo, char (*buf)[MAX_UNISTR_SIZE+1], if (((s - startbuf) % 2) != 0) { ND_TCHECK_1(s); s++; - padding++; } } if (is_null_terminated) { /* * Null-terminated string. + * Find the length, counting the terminating NUL. */ strsize = 0; sp = s; if (!use_unicode) { for (;;) { - ND_TCHECK_1(sp); - *len += 1; - if (GET_U_1(sp) == 0) - break; + c = GET_U_1(sp); sp++; + strsize++; + if (c == '\0') + break; } - strsize = *len - 1; } else { for (;;) { - ND_TCHECK_2(sp); - *len += 2; - if (GET_U_1(sp) == 0 && GET_U_1(sp + 1) == 0) - break; + c = GET_LE_U_2(sp); sp += 2; + strsize += 2; + if (c == '\0') + break; } - strsize = *len - 2; } - *len += padding; - } else { - /* - * Counted string. - */ - strsize = *len; - *len += padding; } if (!use_unicode) { - while (strsize != 0) { - ND_TCHECK_1(s); - if (l >= MAX_UNISTR_SIZE) - break; - if (ND_ISPRINT(GET_U_1(s))) - (*buf)[l] = GET_U_1(s); - else { - if (GET_U_1(s) == 0) - break; - (*buf)[l] = '.'; - } - l++; + while (strsize != 0) { + c = GET_U_1(s); s++; strsize--; - } - } else { - while (strsize != 0) { - ND_TCHECK_2(s); - if (l >= MAX_UNISTR_SIZE) + if (c == 0) { + /* + * Even counted strings may have embedded null + * terminators, so quit here, and skip past + * the rest of the data. + * + * Make sure, however, that the rest of the data + * is there, so we don't overflow the buffer when + * skipping past it. + */ + ND_TCHECK_LEN(s, strsize); + s += strsize; + strsize = 0; break; - if (GET_U_1(s + 1) == 0 && ND_ISPRINT(GET_U_1(s))) { - /* It's a printable ASCII character */ - (*buf)[l] = GET_U_1(s); - } else { - /* It's a non-ASCII character or a non-printable ASCII character */ - if (GET_U_1(s) == 0 && GET_U_1(s + 1) == 0) - break; - (*buf)[l] = '.'; } - l++; + if (l < MAX_UNISTR_SIZE) { + if (ND_ASCII_ISPRINT(c)) { + /* It's a printable ASCII character */ + (*buf)[l] = (char)c; + } else { + /* It's a non-ASCII character or a non-printable ASCII character */ + (*buf)[l] = '.'; + } + l++; + } + } + } else { + while (strsize > 1) { + c = GET_LE_U_2(s); s += 2; - if (strsize == 1) - break; strsize -= 2; + if (c == 0) { + /* + * Even counted strings may have embedded null + * terminators, so quit here, and skip past + * the rest of the data. + * + * Make sure, however, that the rest of the data + * is there, so we don't overflow the buffer when + * skipping past it. + */ + ND_TCHECK_LEN(s, strsize); + s += strsize; + strsize = 0; + break; + } + if (l < MAX_UNISTR_SIZE) { + if (ND_ASCII_ISPRINT(c)) { + /* It's a printable ASCII character */ + (*buf)[l] = (char)c; + } else { + /* It's a non-ASCII character or a non-printable ASCII character */ + (*buf)[l] = '.'; + } + l++; + } + } + if (strsize == 1) { + /* We have half of a code point; skip past it */ + ND_TCHECK_1(s); + s++; } } (*buf)[l] = 0; - return 0; + return s; trunc: - return -1; + (*buf)[l] = 0; + return NULL; } static const u_char * @@ -448,14 +475,12 @@ smb_fdata1(netdissect_options *ndo, while (*fmt && buf sizeof(bitfmt) - 1) l = sizeof(bitfmt)-1; @@ -476,7 +501,6 @@ smb_fdata1(netdissect_options *ndo, strncpy(bitfmt, fmt, l); bitfmt[l] = '\0'; fmt = p + 1; - ND_TCHECK_1(buf); write_bits(ndo, GET_U_1(buf), bitfmt); buf++; break; @@ -488,7 +512,7 @@ smb_fdata1(netdissect_options *ndo, ND_TCHECK_LEN(buf, l); buf += l; fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } @@ -499,7 +523,6 @@ smb_fdata1(netdissect_options *ndo, case 'b': { unsigned int x; - ND_TCHECK_1(buf); x = GET_U_1(buf); ND_PRINT("%u (0x%x)", x, x); buf += 1; @@ -509,7 +532,6 @@ smb_fdata1(netdissect_options *ndo, case 'd': { int x; - ND_TCHECK_2(buf); x = reverse ? GET_BE_S_2(buf) : GET_LE_S_2(buf); ND_PRINT("%d (0x%x)", x, x); @@ -520,7 +542,6 @@ smb_fdata1(netdissect_options *ndo, case 'D': { int x; - ND_TCHECK_4(buf); x = reverse ? GET_BE_S_4(buf) : GET_LE_S_4(buf); ND_PRINT("%d (0x%x)", x, x); @@ -531,7 +552,6 @@ smb_fdata1(netdissect_options *ndo, case 'L': { uint64_t x; - ND_TCHECK_8(buf); x = reverse ? GET_BE_U_8(buf) : GET_LE_U_8(buf); ND_PRINT("%" PRIu64 " (0x%" PRIx64 ")", x, x); @@ -542,7 +562,6 @@ smb_fdata1(netdissect_options *ndo, case 'u': { unsigned int x; - ND_TCHECK_2(buf); x = reverse ? GET_BE_U_2(buf) : GET_LE_U_2(buf); ND_PRINT("%u (0x%x)", x, x); @@ -553,7 +572,6 @@ smb_fdata1(netdissect_options *ndo, case 'U': { unsigned int x; - ND_TCHECK_4(buf); x = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); ND_PRINT("%u (0x%x)", x, x); @@ -580,7 +598,6 @@ smb_fdata1(netdissect_options *ndo, case 'B': { unsigned int x; - ND_TCHECK_1(buf); x = GET_U_1(buf); ND_PRINT("0x%X", x); buf += 1; @@ -590,7 +607,6 @@ smb_fdata1(netdissect_options *ndo, case 'w': { unsigned int x; - ND_TCHECK_2(buf); x = reverse ? GET_BE_U_2(buf) : GET_LE_U_2(buf); ND_PRINT("0x%X", x); @@ -601,7 +617,6 @@ smb_fdata1(netdissect_options *ndo, case 'W': { unsigned int x; - ND_TCHECK_4(buf); x = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); ND_PRINT("0x%X", x); @@ -615,26 +630,26 @@ smb_fdata1(netdissect_options *ndo, switch (*fmt) { case 'b': - ND_TCHECK_1(buf); stringlen = GET_U_1(buf); + stringlen_is_set = 1; ND_PRINT("%u", stringlen); buf += 1; break; case 'd': case 'u': - ND_TCHECK_2(buf); stringlen = reverse ? GET_BE_U_2(buf) : GET_LE_U_2(buf); + stringlen_is_set = 1; ND_PRINT("%u", stringlen); buf += 2; break; case 'D': case 'U': - ND_TCHECK_4(buf); stringlen = reverse ? GET_BE_U_4(buf) : GET_LE_U_4(buf); + stringlen_is_set = 1; ND_PRINT("%u", stringlen); buf += 4; break; @@ -646,31 +661,24 @@ smb_fdata1(netdissect_options *ndo, case 'R': /* like 'S', but always ASCII */ { /*XXX unistr() */ - uint32_t len; - - len = 0; - if (unistr(ndo, &strbuf, buf, &len, 1, (*fmt == 'R') ? 0 : unicodestr) == -1) - goto trunc; + buf = unistr(ndo, &strbuf, buf, 0, 1, (*fmt == 'R') ? 0 : unicodestr); ND_PRINT("%s", strbuf); - buf += len; + if (buf == NULL) + goto trunc; fmt++; break; } case 'Z': case 'Y': /* like 'Z', but always ASCII */ { - uint32_t len; - - ND_TCHECK_1(buf); if (GET_U_1(buf) != 4 && GET_U_1(buf) != 2) { ND_PRINT("Error! ASCIIZ buffer of type %u", GET_U_1(buf)); return maxbuf; /* give up */ } - len = 0; - if (unistr(ndo, &strbuf, buf + 1, &len, 1, (*fmt == 'Y') ? 0 : unicodestr) == -1) - goto trunc; + buf = unistr(ndo, &strbuf, buf + 1, 0, 1, (*fmt == 'Y') ? 0 : unicodestr); ND_PRINT("%s", strbuf); - buf += len + 1; + if (buf == NULL) + goto trunc; fmt++; break; } @@ -681,26 +689,34 @@ smb_fdata1(netdissect_options *ndo, ND_PRINT("%-*.*s", l, l, buf); buf += l; fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'c': { + if (!stringlen_is_set) { + ND_PRINT("{stringlen not set}"); + goto trunc; + } ND_TCHECK_LEN(buf, stringlen); ND_PRINT("%-*.*s", (int)stringlen, (int)stringlen, buf); buf += stringlen; fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'C': { - if (unistr(ndo, &strbuf, buf, &stringlen, 0, unicodestr) == -1) - goto trunc; + if (!stringlen_is_set) { + ND_PRINT("{stringlen not set}"); + goto trunc; + } + buf = unistr(ndo, &strbuf, buf, stringlen, 0, unicodestr); ND_PRINT("%s", strbuf); - buf += stringlen; + if (buf == NULL) + goto trunc; fmt++; break; } @@ -713,7 +729,7 @@ smb_fdata1(netdissect_options *ndo, buf++; } fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } @@ -726,8 +742,9 @@ smb_fdata1(netdissect_options *ndo, switch (t) { case 1: - name_type = name_extract(ndo, startbuf, ND_BYTES_BETWEEN(buf, startbuf), - maxbuf, nbuf); + name_type = name_extract(ndo, startbuf, + ND_BYTES_BETWEEN(startbuf, buf), + maxbuf, nbuf); if (name_type < 0) goto trunc; len = name_len(ndo, buf, maxbuf); @@ -738,7 +755,6 @@ smb_fdata1(netdissect_options *ndo, name_type_str(name_type)); break; case 2: - ND_TCHECK_1(buf + 15); name_type = GET_U_1(buf + 15); ND_PRINT("%-15.15s NameType=0x%02X (%s)", buf, name_type, name_type_str(name_type)); @@ -746,20 +762,19 @@ smb_fdata1(netdissect_options *ndo, break; } fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } case 'T': { time_t t; - struct tm *lt; const char *tstring; + char buffer[sizeof("Www Mmm dd hh:mm:ss yyyyy")]; uint32_t x; switch (atoi(fmt + 1)) { case 1: - ND_TCHECK_4(buf); x = GET_LE_U_4(buf); if (x == 0 || x == 0xFFFFFFFF) t = 0; @@ -768,7 +783,6 @@ smb_fdata1(netdissect_options *ndo, buf += 4; break; case 2: - ND_TCHECK_4(buf); x = GET_LE_U_4(buf); if (x == 0 || x == 0xFFFFFFFF) t = 0; @@ -778,7 +792,7 @@ smb_fdata1(netdissect_options *ndo, break; case 3: ND_TCHECK_8(buf); - t = interpret_long_date(ndo, buf); + t = interpret_filetime(ndo, buf); buf += 8; break; default: @@ -786,16 +800,13 @@ smb_fdata1(netdissect_options *ndo, break; } if (t != 0) { - lt = localtime(&t); - if (lt != NULL) - tstring = asctime(lt); - else - tstring = "(Can't convert time)\n"; + tstring = nd_format_time(buffer, sizeof(buffer), "%Y-%m-%d %T", + localtime(&t)); } else - tstring = "NULL\n"; - ND_PRINT("%s", tstring); + tstring = "NULL"; + ND_PRINT("%s\n", tstring); fmt++; - while (isdigit((unsigned char)*fmt)) + while (ND_ASCII_ISDIGIT(*fmt)) fmt++; break; } @@ -828,11 +839,26 @@ smb_fdata(netdissect_options *ndo, while (*fmt) { switch (*fmt) { case '*': + /* + * List of multiple instances of something described by the + * remainder of the string (which may itself include a list + * of multiple instances of something, so we recurse). + */ fmt++; while (buf < maxbuf) { const u_char *buf2; depth++; - buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr); + /* + * In order to avoid stack exhaustion recurse at most 10 + * levels; that "should not happen", as no SMB structure + * should be nested *that* deeply, and we thus shouldn't + * have format strings with that level of nesting. + */ + if (depth == 10) { + ND_PRINT("(too many nested levels, not recursing)"); + buf2 = buf; + } else + buf2 = smb_fdata(ndo, buf, fmt, maxbuf, unicodestr); depth--; if (buf2 == NULL) return(NULL); @@ -843,22 +869,34 @@ smb_fdata(netdissect_options *ndo, return(buf); case '|': + /* + * Just do a bounds check. + */ fmt++; if (buf >= maxbuf) return(buf); break; case '%': + /* + * XXX - unused? + */ fmt++; buf = maxbuf; break; case '#': + /* + * Done? + */ fmt++; return(buf); - break; case '[': + /* + * Format of an item, enclosed in square brackets; dissect + * the item with smb_fdata1(). + */ fmt++; if (buf >= maxbuf) return(buf); @@ -872,18 +910,30 @@ smb_fdata(netdissect_options *ndo, s[p - fmt] = '\0'; fmt = p + 1; buf = smb_fdata1(ndo, buf, s, maxbuf, unicodestr); - if (buf == NULL) + if (buf == NULL) { + /* + * Truncated. + * Is the next character a newline? + * If so, print it before quitting, so we don't + * get stuff in the middle of the line. + */ + if (*fmt == '\n') + ND_PRINT("\n"); return(NULL); + } break; default: + /* + * Not a formatting character, so just print it. + */ ND_PRINT("%c", *fmt); fmt++; break; } } if (!depth && buf < maxbuf) { - u_int len = ND_BYTES_BETWEEN(maxbuf, buf); + u_int len = ND_BYTES_BETWEEN(buf, maxbuf); ND_PRINT("Data: (%u bytes)\n", len); smb_data_print(ndo, buf, len); return(buf + len); @@ -1022,17 +1072,17 @@ smb_errstr(int class, int num) const err_code_struct *err = err_classes[i].err_msgs; for (j = 0; err[j].name; j++) if (num == err[j].code) { - nd_snprintf(ret, sizeof(ret), "%s - %s (%s)", + snprintf(ret, sizeof(ret), "%s - %s (%s)", err_classes[i].class, err[j].name, err[j].message); return ret; } } - nd_snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num); + snprintf(ret, sizeof(ret), "%s - %d", err_classes[i].class, num); return ret; } - nd_snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num); + snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)", class, num); return(ret); } @@ -1913,6 +1963,6 @@ nt_errstr(uint32_t err) return nt_errors[i].name; } - nd_snprintf(ret, sizeof(ret), "0x%08x", err); + snprintf(ret, sizeof(ret), "0x%08x", err); return ret; }