Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather tha

Ethereal-dev: Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment"

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gerald Combs <gerald@xxxxxxxxxxxx>

Date: Tue, 27 Sep 2005 16:03:16 -0500

Thomas Anders wrote:
> ronnie sahlberg wrote:
> 
>>> Ok, change it to default to ON.  No problem with me.
>>>
>>
>> You may also want to enable IP reassembly by default as well?
> 
> 
> Yes, I'd vote for "full reassembly" by default.

I'm concerned that epan/reassemble.c doesn't do a lot of checking for
"sane" values right now.  For instance it's possible to make Ethereal
crash by passing a huge frag_data_len value to fragment_add(), as shown
in bug 421.  Should we have reassemble.c throw an exception if it's
about to try to allocate an amount of memory that exceeds a certain
threshold?

Follow-Ups:
- Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Guy Harris

References:
- [Ethereal-dev] Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Guy Harris
- SV: [Ethereal-dev] Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Anders Broman
- Re: SV: [Ethereal-dev] Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Guy Harris
- Re: [Ethereal-dev] Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Thomas Anders
- Re: [Ethereal-dev] Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Ulf Lamping
- Re: [Ethereal-dev] Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Joerg Mayer
- [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: ronnie sahlberg
- Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Ulf Lamping
- [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: ronnie sahlberg
- [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: ronnie sahlberg
- Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
  - From: Thomas Anders

Prev by Date: Re: [Ethereal-dev] Problem with capturing from a named pipe
Next by Date: Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
Previous by thread: Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
Next by thread: Re: [Ethereal-dev] Re: Should "dissect_tpkt_encap()" check only its "desegment" argument, rather than sometimes directly checking tpkt_desegment?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$