Ethereal-users: Re: [ethereal-users] Ethereal (multiple vers) core dumps on Sol 7 withAFS traffi
> I got a little further this time, but I think the same is true with
> dissect_afs(). I'll try to fix it myself also...
After seeing the unaligned dereference in the BGP dissector, I decided
to go on a bug hunt, and cleaned up the AFS, IPv6, and PIM dissectors as
well.
I've attached the patch to the AFS dissector.
Index: packet-afs.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-afs.c,v
retrieving revision 1.8
diff -c -r1.8 packet-afs.c
*** packet-afs.c 2000/01/07 22:05:28 1.8
--- packet-afs.c 2000/01/15 04:10:12
***************
*** 764,771 ****
}
request_key.conversation = conversation->index;
! request_key.service = ntohs(rxh->serviceId);
! request_key.callnumber = ntohl(rxh->callNumber);
request_val = (struct afs_request_val *) g_hash_table_lookup(
afs_request_hash, &request_key);
--- 764,771 ----
}
request_key.conversation = conversation->index;
! request_key.service = pntohs(&rxh->serviceId);
! request_key.callnumber = pntohl(&rxh->callNumber);
request_val = (struct afs_request_val *) g_hash_table_lookup(
afs_request_hash, &request_key);
***************
*** 778,784 ****
*new_request_key = request_key;
request_val = g_mem_chunk_alloc(afs_request_vals);
! request_val -> opcode = ntohl(afsh->opcode);
opcode = request_val->opcode;
g_hash_table_insert(afs_request_hash, new_request_key,
--- 778,784 ----
*new_request_key = request_key;
request_val = g_mem_chunk_alloc(afs_request_vals);
! request_val -> opcode = pntohl(&afsh->opcode);
opcode = request_val->opcode;
g_hash_table_insert(afs_request_hash, new_request_key,
***************
*** 959,965 ****
*/
/* Get the next available integer, be sure and call TRUNC beforehand */
! #define GETINT() (ntohl( *((int*)&pd[curoffset]) ))
/* Check if enough bytes are present, if not, return to caller
after adding a 'Truncated' message to tree */
--- 959,965 ----
*/
/* Get the next available integer, be sure and call TRUNC beforehand */
! #define GETINT() (pntohl(&pd[curoffset]))
/* Check if enough bytes are present, if not, return to caller
after adding a 'Truncated' message to tree */
***************
*** 1108,1114 ****
#define STROUT(field) \
{ int i; \
TRUNC(4); \
! i = ntohl(*((int *) &pd[curoffset])); \
curoffset += 4; \
TRUNC(i); \
if ( i > 0 ) { \
--- 1108,1114 ----
#define STROUT(field) \
{ int i; \
TRUNC(4); \
! i = pntohl(&pd[curoffset]); \
curoffset += 4; \
TRUNC(i); \
if ( i > 0 ) { \
***************
*** 1188,1194 ****
curoffset = offset;
TRUNC(sizeof(guint32));
! bytes = ntohl(*((int *) &pd[curoffset]));
UINTOUT(hf_afs_fs_acl_datasize);
TRUNC(bytes);
--- 1188,1194 ----
curoffset = offset;
TRUNC(sizeof(guint32));
! bytes = pntohl(&pd[curoffset]);
UINTOUT(hf_afs_fs_acl_datasize);
TRUNC(bytes);
***************
*** 1367,1373 ****
unsigned int j,i;
TRUNC(1);
! j = ntohl( *((int*)&pd[curoffset]) );
curoffset += 1;
for (i=0; i<j; i++)
{
--- 1367,1373 ----
unsigned int j,i;
TRUNC(1);
! j = pntohl(&pd[curoffset]);
curoffset += 1;
for (i=0; i<j; i++)
{