Bug 155920 - Incorrect dissection of SMB Write AndX Request
Incorrect dissection of SMB Write AndX Request
Product: Fedora
Classification: Fedora
Component: ethereal (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
Depends On:
  Show dependency treegraph
Reported: 2005-04-25 15:29 EDT by Neal Groothuis
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-27 05:11:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
A sample capture with both a Read AndX and Write AndX call. (689 bytes, application/octet-stream)
2005-04-26 09:57 EDT, Neal Groothuis
no flags Details

  None (edit)
Description Neal Groothuis 2005-04-25 15:29:16 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
The SMB dissector incorrectly considers the Data Length High field in a Write AndX request to be 4 bytes instead of 2.  

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Capture SMB traffic that includes an SMB Write AndX Request (e.g., a logon.)
2. Attempt to dissect the packet.

Actual Results:  All data following the data length high field are reported incorrectly.

Expected Results:  The fields should be read from their correct offsets within the packet, leading to non-garbage data.

Additional info:

This bug is caused by ethereal-0.10.6-old.patch in the SRPM.  The distribution code is correct and should not be patched.
Comment 1 Radek Vokal 2005-04-26 07:41:57 EDT
Thanks for pointing me to this, the patch will get romved. Should I have also a
sample capture file so I can see these packets (I don't have SMB filesystem here)
Comment 2 Neal Groothuis 2005-04-26 09:57:30 EDT
Created attachment 113667 [details]
A sample capture with both a Read AndX and Write AndX call.
Comment 3 Radek Vokal 2005-04-27 05:11:06 EDT
There's a new ethereal version comming out soon. Will be fixed there. 

Note You need to log in before you can comment on or make changes to this bug.