Wireshark mailing list archives

Re: Better dissection in the SMB dissector when captures contain truncated frames/packets

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Wed, 3 Oct 2012 07:25:02 -0700

On Tue, Oct 2, 2012 at 10:43 PM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

Hi,

I think this is correct, checking for the availability of data in the TVB is
independent of the question if the tree is available or not. That fact should
not have influence on the interpretation of the data.


I just looked at the spec and it turns out that the strategy is
slightly different for some of the items because they do not have a
next entry offset. However, in each case we can make a decision along
the lines of:

Are there enough bytes to get to the length of the variable portion?
If so, fetch it, and check if there are enough bytes to deal with that.

Otherwise, cause an exception.

I will try to clean this up today and submit a more complete patch.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Better dissection in the SMB dissector when captures contain truncated frames/packets Richard Sharpe (Oct 02)
- Re: Better dissection in the SMB dissector when captures contain truncated frames/packets Jaap Keuter (Oct 02)
  - Re: Better dissection in the SMB dissector when captures contain truncated frames/packets Richard Sharpe (Oct 03)
    - Re: Better dissection in the SMB dissector when captures contain truncated frames/packets Richard Sharpe (Oct 03)