|
EtherealRe: [Ethereal-dev] Modification to packet-tns.c |
|
||
|
|
EtherealRe: [Ethereal-dev] Modification to packet-tns.c |
|
||
On Mon, Feb 03, 2003 at 01:50:25PM -0800, David M. Lee wrote:So, would a call to tvb_length_remaining be more appropriate? Or at least safer in the presence of maliciously short packets? Or would something else be better?
That is a really usefull addition! I think tvb_length_remaining() should be OK, but you should check if it returned a positive value before doing the memdup. You might even return immediately if there isn't enough room to fit at least "(PORT=X". Also, I think you should check for the closing parenthesis after the port number, to make sure the port number wasn't truncated (ok, you may then miss the captures that cut off exactly after the port number, but it's safer). The attached capture shows a REDIRECT packet with a capture length of 118 bytes, where the port number was truncated and would be interpreted as 104 instead of 1047.
I'm not sure what the right answer would be (and I'm not taking ownership of the issue, so discussion should continue on ethereal-dev).
Otherwise, does the code look sane? I couldn't find anything resembling a developer's guide, so I'm afraid that the code is mostly cut and paste.
From a brief look at it, it looked mostly sane. I haven't had time tolook at it in detail.
Cheers, Bernd
Attachment:
tns-redir-short.cap
Description: Binary data
Powered by MHonArc 2.6.10