Ethereal-dev: Re: [ethereal-dev] Decoding IP within other protos

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 6 Oct 1999 10:33:56 -0700 (PDT)
> ...but I haven't checked it in, because I seem to remember it dropping
> core when dissecting something such as a Port Unreachable reply to a DNS
> or NBNS packet.
> 
> I think the problem was that the DNS or NBNS dissector wasn't doing
> enough bounds checking, and probably did something such as trying to
> dissect a DNS or NBNS name, ran off the end of the packet into a pile of
> garbage, and blew up trying to dissect it.

Unfortunately, having just captured a trace in which I sent DNS requests
to a machine that doesn't have a DNS server, I can't reproduce the
problem - it cheerfully dissects the ICMP reply, perhaps because the
query packet was small enough to fit in what's left of the ICMP reply
after the IP and UDP headers of the reply.

Maybe I was looking at a trace in which a large DNS or NBNS *response*
was sent back to somebody who wasn't listening....