Wireshark-dev: Re: [Wireshark-dev] smb2.msg_id defined as signed 64-bit integer - bug?
From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Sat, 17 Sep 2016 09:36:21 -0700
On Sat, Sep 17, 2016 at 7:12 AM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
> In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed
> 64-bit integer.
>

As Graham alreay said, sure create a bug or submit a change directly.

However, even at 1 SMB message per microsecond, that is still around
10^43 seconds before we ever see an issue, or around 10^37 days ...
we've got time. (Message IDs start at 1, I believe.)

>
> packet-smb2.h
>
> ------------------
>
> typedef struct _smb2_info_t {
>
>                guint16 opcode;
>
>                guint32 ioctl_function;
>
>                guint32 status;
>
>                guint32 tid;
>
>                guint64 sesid;
>
>                gint64  msg_id;
>
>                guint32 flags;
>
>                smb2_eo_file_info_t       *eo_file_info; /* eo_smb extra info
> */
>
>                smb2_conv_info_t           *conv;
>
>                smb2_saved_info_t         *saved;
>
>                smb2_tid_info_t                              *tree;
>
>                smb2_sesid_info_t           *session;
>
>                smb2_fid_info_t                              *file;
>
>                proto_tree *top_tree;
>
> } smb2_info_t;
>
>
>
> packet-smb2.c
>
> ------------------
>
>                               { &hf_smb2_msg_id,
>
>                                              { "Message ID", "smb2.msg_id",
> FT_INT64, BASE_DEC,
>
>                                              NULL, 0, "SMB2 Message ID",
> HFILL }
>
>                               },
>
>
>
>
>
> I believe MessageId should be an unsigned 64-bit integer.  Although the
> [MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the
> field as UInt64.
>
>
>
> It’s not a big deal but it does mean that filtering for a range of
> MessageIds won’t work as expected for very large values.
>
>
>
> Is it OK for me to report this as a bug through Bugzilla?
>
>
>
> Best regards…Paul
>
>
> ______________________________________________________________________
>
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do not
> necessarily represent those of Advance Seven Ltd. E-mail transmission cannot
> be guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses. The sender therefore does not accept liability for any
> errors or omissions in the contents of this message, which arise as a result
> of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
> Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)