Wireshark-commits: [Wireshark-commits] master 0db39ae: smb2: add support for decompression
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Mon, 15 Jul 2019 21:00:21 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0db39ae59aaefc13a38ec4e7728da44a647b1a10
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

0db39ae by Aurelien Aptel (aaptel@xxxxxxxx):

    smb2: add support for decompression
    
    The latest iteration of Microsoft updates to SMB3 added compression to
    the protocol. This commit implements decompressing and dissecting
    compressed payloads.
    
    The compression algorithms that can be used are "Plain LZ77",
    "LZ77+Huffman" and "LZNT1" which you can read more about in the
    [MS-XCA] documentation. This set of algorithm is sometimes referred to
    as XPRESS.
    
    This commit reuses the existing uncompression API scheme already in
    place with zlib and brotli and adds 3 tvb_uncompress_*() function
    implemented in:
    * epan/tvbuff_lz77.c
    * epan/tvbuff_lz77huff.c
    * epan/tvbuff_lznt1.c
    
    A new function wmem_array_try_index() was added to the wmem_array API
    to make bound checked reads that fail gracefully. New tests for it
    have been added as well.
    
    Since both reads (tvb) and writes (wmem_array) are bound checked the
    risk for buffer overruns is drastically reduced. LZ77+Huffman has
    decoding tables and special care was taken to bound check these.
    
    Simplified versions of the implementations were succesfully tested
    against AFL (American Fuzzy Lop) for ~150 millions executions each.
    
    The SMB2/3 dissector was changed to deal with the new transform header
    for compressed packets (new protocol_id value) and READ request
    flags (COMPRESSED). Badly compressed or encrypted packets are now
    reported as such, and the decryption test suite was changed to reflect
    that.
    
    This commit also adds a test capture with 1 packet compressed with
    each algorithm as returned by Windows Server 2019, along with 3
    matching tests in test/suite_dissection.py
    
    Change-Id: I2b84f56541f2f4ee7d886152794b993987dd10e7
    Reviewed-on: https://code.wireshark.org/review/33855
    Petri-Dish: Anders Broman <a.broman58@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  1a91aac   Use proto_tree_add_item_ret_string() to add strings.
     add  0db39ae   smb2: add support for decompression


Summary of changes:
 debian/libwireshark0.symbols                     |   7 +
 epan/CMakeLists.txt                              |   3 +
 epan/dissectors/packet-smb2.c                    | 250 +++++++++++++-
 epan/dissectors/packet-smb2.h                    |   8 +
 epan/tvbuff.h                                    |  60 ++++
 epan/tvbuff_lz77.c                               | 155 +++++++++
 epan/tvbuff_lz77huff.c                           | 415 +++++++++++++++++++++++
 epan/tvbuff_lznt1.c                              | 165 +++++++++
 epan/wmem/wmem_array.c                           |   9 +
 epan/wmem/wmem_array.h                           |   4 +
 epan/wmem/wmem_test.c                            |  14 +
 test/captures/smb311-lz77-lz77huff-lznt1.pcap.gz | Bin 0 -> 446 bytes
 test/suite_decryption.py                         |   4 +-
 test/suite_dissection.py                         |  20 ++
 14 files changed, 1095 insertions(+), 19 deletions(-)
 create mode 100644 epan/tvbuff_lz77.c
 create mode 100644 epan/tvbuff_lz77huff.c
 create mode 100644 epan/tvbuff_lznt1.c
 create mode 100644 test/captures/smb311-lz77-lz77huff-lznt1.pcap.gz