Wireshark-bugs: [Wireshark-bugs] [Bug 4858] Enhancement of the dcerpc-svcctl dissector plug-in
Date: Thu, 10 Jun 2010 18:13:36 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4858

Bill Meier <wmeier@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |NEW

--- Comment #5 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-06-10 21:13:33 EDT ---
I've no experience with the DCERPC code.

That being said: I have the following question about the patch (partly based
upon looking at the existing code in packet-dcerpc-svcctl.c

I note that it appears that all fetches from the tvb buffer ultimately call one
of a set of functions which (among other things) does the actual fetch
depending upon whether fetches are being done little-endian or big-endian.

Example (from packet-dcerpc.c):

int
dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
                       proto_tree *tree, guint8 *drep,
                       int hfindex, guint32 *pdata)
{
    guint32 data;

    data = ((drep[0] & 0x10)
            ? tvb_get_letohl (tvb, offset)
            : tvb_get_ntohl (tvb, offset));

    if (tree) {
        proto_tree_add_item (tree, hfindex, tvb, offset, 4, (drep[0] & 0x10));
    }
    if (pdata)
        *pdata = data;
    return offset+4;
}


Does not the code in  svcctl_dissect_dwServiceType_flags()

    ...
    value = tvb_get_letohl(tvb, offset);
    ...

really need to do something like calling dissect_dcerpc_uint32 (or maybe a
higher level function which apparently does some additional tests) ?

-------

In  any case, since I've no familiarity with dcerpc code, I'm going to defer to
someone with knowledge of the code for any further code reviews.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.