Ethereal: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data

Ethereal-dev: August 2004

Subject: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 22 Aug 2004 18:08:58 -0700

TJ Li wrote:

What is purpose of pinfo->fd->flags.visited?

To allow dissectors to do something differently the first time a packet is seen, for example to save state for subsequent dissections of the packet.

The core dump happened because pinfo->fd->flags.visited is 1 in packet-dcerpc-mapi.c, but
mmd=g_hash_table_lookup(mapi_decrypted_table, &mmd_key) return NULL.

The MAPI dissector was "decrypting" (if you call XORing data with 0xA5 "encrypting" it) the packet data and saving the decrypted data on the first pass, and trying to fetch the decrypted data on subsequent passes - but it wasn't finding the data, for some reason.

It's probably simpler just to decrypt the data every time; I've checked in a change to do that, which should fix this crash.

References:
- Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
  - From: TJ Li

Prev by Date: Re: [Ethereal-dev] patch: DAAP dissector [2nd try]
Next by Date: [Ethereal-dev] Harsh criticism from the OpenBSD folks
Previous by thread: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
Next by thread: [Ethereal-dev] dissector newbie needs some guidence..
Index(es):
- Date
- Thread