Ethereal-dev: [Ethereal-dev] [PATCH] Fix problem with DCE RPC fragment reassembly
Patch against 0.10.12
The attached patch fixes a problem with fragment reassembly
for DCE RPC. It removes two calls on tvb_ensure_bytes_exist().
When adding a fragment to the fragment list, we are adding
the entire contents of the current decrypted tvb (which itself may
have been composed of reassembled frames and possibly decrypted).
The removed calls were incorrect, passing an offset value that
was the location of this fragment within the completely
reassembled DCE RPC message, rather than the location within
the current tvb of the beginning of the buffer. Since the
corrected call used 0 for the offset, and the tvb's length
as the length, I simply removed them. With these lines
removed and the appropriate reassembly options enabled,
DCE RPC messages composed of multiple fragments are
reassembled and shown in a tab.
Thanks so much for ethereal - it is wonderful.
Tom Kelly
tom.kelly@xxxxxxxxxxxx
--- ../../../orig-ethereal-0.10.12/epan/dissectors/packet-dcerpc.c 2005-07-26 15:26:43.000000000 -0400
+++ packet-dcerpc.c 2005-08-12 15:44:18.000000000 -0400
@@ -3099,7 +3099,6 @@
if(!(hdr->flags&PFC_LAST_FRAG)){
tot_len = fragment_get_tot_len(pinfo, frame,
dcerpc_co_reassemble_table);
- tvb_ensure_bytes_exist(tvb, tot_len-alloc_hint, tvb_length(decrypted_tvb));
fragment_add(decrypted_tvb, 0, pinfo, frame,
dcerpc_co_reassemble_table,
tot_len-alloc_hint, tvb_length(decrypted_tvb),
@@ -3116,7 +3115,6 @@
*/
tot_len = fragment_get_tot_len(pinfo, frame,
dcerpc_co_reassemble_table);
- tvb_ensure_bytes_exist(tvb, tot_len-alloc_hint, tvb_length(decrypted_tvb));
fd_head = fragment_add(decrypted_tvb, 0, pinfo,
frame,
dcerpc_co_reassemble_table,
