Wireshark mailing list archives

Re: Better dissection in the SMB dissector when captures contain truncated frames/packets

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Wed, 3 Oct 2012 13:22:53 -0700

On Wed, Oct 3, 2012 at 7:25 AM, Richard Sharpe
<realrichardsharpe () gmail com> wrote:

On Tue, Oct 2, 2012 at 10:43 PM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

Hi,

I think this is correct, checking for the availability of data in the TVB is
independent of the question if the tree is available or not. That fact should
not have influence on the interpretation of the data.


Attached is a first patch that cleans up all the entries that have a
Next Entry Offset and correctly checks that the required number of
bytes is available (checked both with a capture that contained
truncated frames and one that did not.)

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)

Attachment: packet-smb-ff2-fixups.patch
Description:

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Better dissection in the SMB dissector when captures contain truncated frames/packets Richard Sharpe (Oct 02)
- Re: Better dissection in the SMB dissector when captures contain truncated frames/packets Jaap Keuter (Oct 02)
  - Re: Better dissection in the SMB dissector when captures contain truncated frames/packets Richard Sharpe (Oct 03)
    - Re: Better dissection in the SMB dissector when captures contain truncated frames/packets Richard Sharpe (Oct 03)