patchs for wireshark dissection
ronnie sahlberg
ronniesahlberg at gmail.com
Mon Jul 13 20:02:36 MDT 2009
Netlogon in wireshark is unfortunately (it is my fault) our ioctl.c.
Here i store everything that is good for dcerpc and crypto and which
doesnt fit enywhere else.
For example the PAC.
It would require some restructuring and moving some of the other cruft
out of the file first.
On Mon, Jul 13, 2009 at 7:14 PM, Matthieu
Patou<mat+Informatique.Samba at matws.net> wrote:
> On 07/13/2009 10:15 AM, Andrew Bartlett wrote:
>>
>> On Mon, 2009-07-13 at 08:10 +0200, Stefan (metze) Metzmacher wrote:
>>
>>>
>>> Matthieu Patou schrieb:
>>>
>>>>
>>>> On 07/12/2009 08:37 PM, Stefan (metze) Metzmacher wrote:
>>>>
>>>>>
>>>>> I need to revert parts of the patches, to prevent a crash
>>>>> (in the string handling code...)
>>>>>
>>>>>
>>>>> http://gitweb.samba.org/?p=metze/wireshark/wip.git;a=commitdiff;h=c9dbf6ad8c7c3320800bf9158b718c6c98a602f5
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> Metze can you send me the capture that makes a crash ?
>>>>
>>>
>>> http://samba.org/~metze/ads/rpc-netlogon-lsa-string-is-fine-01.pcap
>>>
>>> But also just from looking at the code, it seems to be just wrong.
>>> The length of the array has nothing to do with the max count!
>>> There is no magic string terminator that we need to autodetect,
>>> if there're following (zero or uninitialized) bytes then they're
>>> just padding!
>>>
>>
>> Perhaps I'm missing something, but wasn't this whole area meant to be
>> overtaken by PIDL generated dissectors?
>>
>
> Netlogon is not for the moment PIDL generated. I completed manually in order
> to do the decrypt and correct uncomplete dissection.
> I contacted ronnie and we can eventually move to PIDL generated dissector.
>
> Matthieu.
>
More information about the samba-technical
mailing list