Wireshark-dev: Re: [Wireshark-dev] Anyone willing to solve this ancient MAPI bug?
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sat, 12 Mar 2016 13:41:38 +0100
On 11-03-16 17:25, Alexis La Goutte wrote:
> 
> 
> On Thu, Mar 10, 2016 at 11:58 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx
> <mailto:jaap.keuter@xxxxxxxxx>> wrote:
> 
>     Hi all,
> 
>     There's a bug (with a long grey beard by now) in
>     packet-dcerpc-mapi.c:mapi_dissect_bitmap_ulEventType() where it reads flags (16
>     bits) and then goes on to add bits to the tree, including bits 30 and 31 (called
>     fnevReserverForMapi and fnevExtended). I've got no idea what these should be, so
>     if anyone can determine the correct bitmaps we can finally close this bug.
> 
> Hi Jaap,
> 
> There is a bug on bugtracker ? and there is somewhere a pcap ?
> 
> Cheers
>  

Hi,

No, as far as I know there's no bug in Bugzilla(1), neither a pcap.
This is coming from Coverity(2), and it's the last of the open ancients(3).
It would be nice to get it out of the way.

I've done some digging and it comes from the MAPI IDL file where it lists the 32
bit bitmaps for a 16 bit bitmap(4).

Looking at the openchange exchange IDL file(5) this seems to be a bit different.

I've got no idea if there are still pending IDL changes, waiting to be handled.
It could be there are corrections in this area as well.

Thanks,
Jaap


(1) Since this is related to MAPI, hence (P)IDL and SAMBA there has been stuff
going on. Jelmer is the one trying to get stuff from SAMBA updated in Wireshark,
but as far as I know this is somewhat of an under-developed area of Wireshark.

(2) CID-280341

(3) The ancients are the Coverity issues which were there when they were ported
from the databases of the previous Coverity versions a couple of years ago.

(4)
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/pidl/mapi/mapi.idl;hb=HEAD#l1028

(5) https://github.com/openchange/openchange/blob/master/exchange.idl#L2117