mailing list archives
Re: Malformed packet analysis
From: Guy Harris <guy () alum mit edu>
Date: Mon, 13 Jan 2014 13:50:14 -0800
On Jan 13, 2014, at 1:09 PM, "Markus Moeller" <huaraz () moeller plus com> wrote:
It would still be nice to have a better pointer to the issue.
It might be possible to have proto_tree_add_item() do its own check for running past the end of the packet data, rather
than relying on the tvb routines to do it, and add an expert item to the tree saying "the packet is too short to
include all of field XXX", and then throw the BoundsError exception.
In cases where the field's value is used later, perhaps there should be routines such as
proto_tree_add_uint_item_ret_val, which adds an FT_UINT* item and returns its value through a pointer;
proto_tree_add_int_item_ret_val, which adds an FT_INT* item and returns its value through a pointer;
proto_tree_add_string_item_ret_val, which adds an FT_STRING* item and returns its value through a pointer;
and so on, so that the dissector doesn't need to fetch the value itself.
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe