Project

General

Profile

Actions

Bug #79

closed

DCERPC over SMB via WriteAndX

Added by Kirby Kuehl over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

- Don't alter original wordcount and bytecount values, we use them later.
- Make printUUID not crash if uuid is NULL
- Make SMB WriteAndX parsing work for dcerpc over smb calls.
- Remove APP_LAYER_PARSER_DONE so the smb engine can parse more than one packet per stream.
- Fix DataLength/DataLengthHigh calculation.


Files

0001-smb-writeandx-dcerpc-over-smb.patch (23.9 KB) 0001-smb-writeandx-dcerpc-over-smb.patch Kirby Kuehl, 02/06/2010 10:03 AM
0002-reset-smb-bytesprocessed-when-complete.patch (936 Bytes) 0002-reset-smb-bytesprocessed-when-complete.patch Kirby Kuehl, 02/06/2010 10:17 AM
0003-fix-padding-bug.patch (11.5 KB) 0003-fix-padding-bug.patch Kirby Kuehl, 02/07/2010 12:28 PM
0004-fix-warning.patch (886 Bytes) 0004-fix-warning.patch This ends up being a no op, but I included it since it is incremental. Kirby Kuehl, 02/08/2010 09:33 AM
0005-signed-unsigned-comparision-cleanup.patch (2.69 KB) 0005-signed-unsigned-comparision-cleanup.patch Kirby Kuehl, 02/08/2010 09:33 AM
Actions #1

Updated by Kirby Kuehl over 14 years ago

  • % Done changed from 0 to 90
  • Estimated time set to 1.00 h
Actions #2

Updated by Kirby Kuehl over 14 years ago

Reset smb state machine when done processing smb message.

Actions #3

Updated by Kirby Kuehl over 14 years ago

Fix padding parser bug found when I added the latest unittest.

Actions #4

Updated by Victor Julien over 14 years ago

gcc -DHAVE_CONFIG_H -I. -I.. -O3 -g -Wall -Werror -mtune=native -Wextra -Wall -fno-strict-aliasing -Wno-unused-parameter -DNFQ -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -I /usr/include -DLIBPCAP_VERSION_MAJOR=1 -DUNITTESTS -DDEBUG -MT app-layer-smb.o -MD -MP -MF .deps/app-layer-smb.Tpo -c -o app-layer-smb.o app-layer-smb.c
cc1: warnings being treated as errors
app-layer-smb.c: In function ‘PaddingParser’:
app-layer-smb.c:510: error: comparison between signed and unsigned integer expressions
make2: * [app-layer-smb.o] Error 1
make2:
Waiting for unfinished jobs....
mv -f .deps/app-layer-tls.Tpo .deps/app-layer-tls.Po
make2: Leaving directory `/home/victor/sync/devel/eidps/src'
make1:
[all-recursive] Error 1
make1: Leaving directory `/home/victor/sync/devel/eidps'
make: *
[all] Error 2

Actions #6

Updated by Victor Julien over 14 years ago

  • Status changed from New to Closed

All applied, thanks Kirby!

Actions

Also available in: Atom PDF