[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Malformed packet analysis
From: Guy Harris <guy () alum ! mit ! edu>
Date: 2014-01-13 21:50:14
Message-ID: 1098C07F-B92C-4E7E-84E5-7B52E9927AC3 () alum ! mit ! edu
[Download RAW message or body]
On Jan 13, 2014, at 1:09 PM, "Markus Moeller" <huaraz@moeller.plus.com> wrote:
> It would still be nice to have a better pointer to the issue.
It might be possible to have proto_tree_add_item() do its own check for running past \
the end of the packet data, rather than relying on the tvb routines to do it, and add \
an expert item to the tree saying "the packet is too short to include all of field \
XXX", and then throw the BoundsError exception.
In cases where the field's value is used later, perhaps there should be routines such \
as
proto_tree_add_uint_item_ret_val, which adds an FT_UINT* item and returns its value \
through a pointer; proto_tree_add_int_item_ret_val, which adds an FT_INT* item and \
returns its value through a pointer; proto_tree_add_string_item_ret_val, which adds \
an FT_STRING* item and returns its value through a pointer;
and so on, so that the dissector doesn't need to fetch the value itself.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic