Ethereal-dev: Re: [Ethereal-dev] Modification to packet-tns.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Bernd Becker <bb@xxxxxxxxxxxxxxx>
Date: Tue, 04 Feb 2003 17:00:20 +0100
--On Monday, February 03, 2003 15:53:30 -0800 Guy Harris <guy@xxxxxxxxxx> wrote: 
On Mon, Feb 03, 2003 at 01:50:25PM -0800, David M. Lee wrote:

So, would a call to tvb_length_remaining be more appropriate?  Or at
least safer in the presence of maliciously short packets?  Or would
something else be better?



That is a really usefull addition!
I think tvb_length_remaining() should be OK, but you should check
if it returned a positive value before doing the memdup.
You might even return immediately if there isn't
enough room to fit at least "(PORT=X". Also, I think you should check
for the closing parenthesis after the port number, to make sure the port
number wasn't truncated (ok, you may then miss the captures
that cut off exactly after the port number, but it's safer).
The attached capture shows a REDIRECT packet with a capture length
of 118 bytes, where the port number was truncated and would be
interpreted as 104 instead of 1047.


I'm not sure what the right answer would be (and I'm not taking
ownership of the issue, so discussion should continue on ethereal-dev).


Otherwise, does the code look sane?  I couldn't find anything resembling
a developer's guide, so I'm afraid that the code is mostly cut and paste.



From a brief look at it, it looked mostly sane.  I haven't had time to

look at it in detail.


Cheers,
Bernd

Attachment: tns-redir-short.cap
Description: Binary data