Ethereal-dev: Re: [Ethereal-dev] Patch for packet-smb-logon.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 21 Nov 2000 17:51:25 -0800 (PST)
> There is also another bug I think, if you look at the dissected 
> (logon) message, you will see that the LM token is shown as being 
> 0xffffffff,

I presume you mean that happens after your patch is applied; the LMNT
token I'm seeing, with an unpatched Ethereal is 0x50002d, which is even
more wrong - this might be due to the misparsing of the second
occurrence of the computer name as ASCII rather than Unicode.

Network Monitor 2.0 (version 5.00.943) shows the Unicode computer name,
in Unicode, as HJV-P233-WNT (it also shows "Computer Name" as the same
thing, in ASCII), followed by a 4-byte NT version number of 1, followed
by a 2-byte LMNT token of 0xffff ("WindowsNT Networking"), followed by a
2-byte LM20 token of 0xffff ("OS/2 LAN Manager 2.0 (or later)
Networking".

Looking at "packet-smb-logon.c", I see:

	"dissect_smb_pdc_query()" uses "GWORD()" to fetch the LMNT
	token, but the size in the "proto_tree_add_text()" call is 2 as
	is the argument to the "MoveAndCheckOffset()" call after it - I
	suspect it should use GSHORT, not GWORD, there;

	"dissect_smb_sam_logon_resp()" is almost the same, but it uses
	"GSHORT()", which I think is correct;

so I think the "GWORD()" in question in "dissect_smb_pdc_query()" should
be a "GSHORT()" instead.