Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12915] New: SMB2 MessageId should be stored and rendered as an unsigned 64-bit

Wireshark-bugs: [Wireshark-bugs] [Bug 12915] New: SMB2 MessageId should be stored and rendered a

Date: Sat, 17 Sep 2016 17:13:02 +0000

Bug ID	12915
Summary	SMB2 MessageId should be stored and rendered as an unsigned 64-bit integer
Product	Wireshark
Version	Git
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Minor
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Build Information:
Version 2.3.0-Syncro (v2.3.0rc0-545-g85b20f7 from unknown)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.5.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
English_United Kingdom.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.2.15, with Gcrypt 1.6.2, with AirPcap 4.1.0 build 1622.
Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz (with SSE4.2), with 8082MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.
--
In packet-smb2.h and packet-smb2.c the SMB2 MessageId is defined as a signed
64-bit integer.

packet-smb2.h
------------------
typedef struct _smb2_info_t {
    guint16 opcode;
    guint32 ioctl_function;
    guint32 status;
    guint32 tid;
    guint64 sesid;
    gint64  msg_id;
    guint32 flags;
    smb2_eo_file_info_t       *eo_file_info; /* eo_smb extra info */
    smb2_conv_info_t           *conv;
    smb2_saved_info_t         *saved;
    smb2_tid_info_t                              *tree;
    smb2_sesid_info_t           *session;
    smb2_fid_info_t                              *file;
    proto_tree *top_tree;
} smb2_info_t;

packet-smb2.c
------------------
    { &hf_smb2_msg_id,
        { "Message ID", "smb2.msg_id", FT_INT64, BASE_DEC,
        NULL, 0, "SMB2 Message ID", HFILL }
    },

I believe MessageId should be an unsigned 64-bit integer.  Although the
[MS-SMB2] document isn’t specific, Microsoft Message Analyzer defines the field
as UInt64.

It’s not a big deal but it does mean that filtering for a range of MessageIds
won’t work as expected for very large values.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 12914] New: Buildbot crash output: fuzz-2016-09-17-25060.pcap
Next by Date: [Wireshark-bugs] [Bug 12914] Buildbot crash output: fuzz-2016-09-17-25060.pcap
Previous by thread: [Wireshark-bugs] [Bug 12914] Buildbot crash output: fuzz-2016-09-17-25060.pcap
Next by thread: [Wireshark-bugs] [Bug 12916] New: Buildbot crash output: fuzz-2016-09-17-3735.pcap
Index(es):
- Date
- Thread