Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to stop dissection in middle of malformed packet?

From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Wed, 16 Nov 2016 21:29:34 +0100
Hi,

You need to add a expert info and return
There is already check on proto_tree_add_* function to detect malformed
value (and automally return)

Cheers

On Wed, Nov 16, 2016 at 5:57 PM, Dmitry Lazurkin <dilaz03 () gmail com> wrote:


Hello.

I read packet header and try to read string length and string data. But
string length field has illegal value. I add expert info. But how to
stop dissection after adding expert info? I can not dissect rest of
packet at this point. I can return error code from this function, but
calling tree may be too big. May be exists more graceful solution?
Something like exceptions in C++.

PS. I found DISSECTOR_VERIFY_DATA in mailing lists, but it is not
implemented in source code.


____________________________________________________________
_______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=
unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: