Bug 155920 - Incorrect dissection of SMB Write AndX Request
Summary: Incorrect dissection of SMB Write AndX Request
Alias: None
Product: Fedora
Classification: Fedora
Component: ethereal
Version: 3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Radek Vokal
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-25 19:29 UTC by Neal Groothuis
Modified: 2007-11-30 22:11 UTC (History)
0 users

Clone Of:
Last Closed: 2005-04-27 09:11:06 UTC

Attachments (Terms of Use)
A sample capture with both a Read AndX and Write AndX call. (689 bytes, application/octet-stream)
2005-04-26 13:57 UTC, Neal Groothuis
no flags Details

Description Neal Groothuis 2005-04-25 19:29:16 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
The SMB dissector incorrectly considers the Data Length High field in a Write AndX request to be 4 bytes instead of 2.  

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Capture SMB traffic that includes an SMB Write AndX Request (e.g., a logon.)
2. Attempt to dissect the packet.

Actual Results:  All data following the data length high field are reported incorrectly.

Expected Results:  The fields should be read from their correct offsets within the packet, leading to non-garbage data.

Additional info:

This bug is caused by ethereal-0.10.6-old.patch in the SRPM.  The distribution code is correct and should not be patched.

Comment 1 Radek Vokal 2005-04-26 11:41:57 UTC
Thanks for pointing me to this, the patch will get romved. Should I have also a
sample capture file so I can see these packets (I don't have SMB filesystem here)

Comment 2 Neal Groothuis 2005-04-26 13:57:30 UTC
Created attachment 113667 [details]
A sample capture with both a Read AndX and Write AndX call.

Comment 3 Radek Vokal 2005-04-27 09:11:06 UTC
There's a new ethereal version comming out soon. Will be fixed there. 

Note You need to log in before you can comment on or make changes to this bug.