[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] Malformed packet analysis
From:       Guy Harris <guy () alum ! mit ! edu>
Date:       2014-01-13 21:50:14
Message-ID: 1098C07F-B92C-4E7E-84E5-7B52E9927AC3 () alum ! mit ! edu
[Download RAW message or body]


On Jan 13, 2014, at 1:09 PM, "Markus Moeller" <huaraz@moeller.plus.com> wrote:

> It would still be nice to have a better pointer to the issue.

It might be possible to have proto_tree_add_item() do its own check for running past \
the end of the packet data, rather than relying on the tvb routines to do it, and add \
an expert item to the tree saying "the packet is too short to include all of field \
XXX", and then throw the BoundsError exception.

In cases where the field's value is used later, perhaps there should be routines such \
as

	proto_tree_add_uint_item_ret_val, which adds an FT_UINT* item and returns its value \
through a pointer;  proto_tree_add_int_item_ret_val, which adds an FT_INT* item and \
returns its value through a pointer;  proto_tree_add_string_item_ret_val, which adds \
an FT_STRING* item and returns its value through a pointer;

and so on, so that the dissector doesn't need to fetch the value itself.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe


[prev in list] [next in list] [prev in thread] [next in thread]