1 /* Copyright (c) 2007 by Errata Security */
\r
3 #include "netframe.h"
\r
9 unsigned netbios_copy_name(struct NetFrame *frame, const unsigned char *px, unsigned length, unsigned offset, char *name, unsigned sizeof_name)
\r
16 while (offset < length) {
\r
22 if (offset >= length) {
\r
23 FRAMERR(frame, "netbios: name too short\n");
\r
26 len = (len << 8) || px[offset++];
\r
30 for (j=0; j<len && offset<length; j++) {
\r
31 char c = px[offset++];
\r
33 if (c < 'A' || c > 'A'+15)
\r
34 FRAMERR(frame, "netbios: bad netbios name char %c (0x%02x) \n", c, c);
\r
35 if (k > sizeof_name-1) {
\r
36 FRAMERR(frame, "netbios: name too long\n");
\r
39 name[k] = (char)((c-'A')<<4);
\r
43 if (offset >= length) {
\r
44 FRAMERR(frame, "netbios: name too short\n");
\r
48 if (c < 'A' || c > 'A'+15)
\r
49 FRAMERR(frame, "netbios: bad netbios name char %c (0x%02x) \n", c, c);
\r
51 name[k] |= (char)((c-'A')&0x0F);
\r
53 if (!isprint(name[k])) {
\r
54 if (k+3 > sizeof_name-1) {
\r
55 FRAMERR(frame, "netbios: name too long\n");
\r
58 name[k+1] = "0123456789ABCDEF"[(name[k]>>4)&0xF];
\r
59 name[k+2] = "0123456789ABCDEF"[(name[k]>>0)&0xF];
\r
71 void process_netbios_dgm(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
\r
79 unsigned source_port;
\r
83 char destination[70];
\r
87 FRAMERR(frame, "netbios: frame empty\n");
\r
91 FRAMERR(frame, "netbios: frame too short\n");
\r
95 if (px[0] != 0x11) {
\r
96 FRAMERR(frame, "netbios: unknown type %d\n", px[0]);
\r
100 netbios.type = px[0];
\r
101 netbios.flags = px[1];
\r
102 netbios.id = ex16be(px+2);
\r
103 netbios.source_ip = ex32be(px+4);
\r
104 netbios.source_port = ex16be(px+8);
\r
105 netbios.length = ex16be(px+10);
\r
106 netbios.offset = ex16be(px+12);
\r
110 offset = netbios_copy_name(frame, px, length, offset, netbios.source, sizeof(netbios.source));
\r
111 offset = netbios_copy_name(frame, px, length, offset, netbios.destination, sizeof(netbios.destination));
\r
113 frame->netbios_source = netbios.source;
\r
114 frame->netbios_destination = netbios.destination;
\r
116 offset += netbios.offset;
\r
118 if (offset > length) {
\r
119 FRAMERR(frame, "netbios: not enough data\n");
\r
123 if (offset > 4 && memcmp(px+offset, "\xFFSMB", 4) == 0)
\r
124 process_smb_dgm(seap, frame, px+offset, length-offset);
\r
126 FRAMERR(frame, "netbios: unknown netbios datagram\n");
\r