Wireshark-bugs: [Wireshark-bugs] [Bug 4858] Enhancement of the dcerpc-svcctl dissector plug-in
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4858
Bill Meier <wmeier@xxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
--- Comment #5 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-06-10 21:13:33 EDT ---
I've no experience with the DCERPC code.
That being said: I have the following question about the patch (partly based
upon looking at the existing code in packet-dcerpc-svcctl.c
I note that it appears that all fetches from the tvb buffer ultimately call one
of a set of functions which (among other things) does the actual fetch
depending upon whether fetches are being done little-endian or big-endian.
Example (from packet-dcerpc.c):
int
dissect_dcerpc_uint32 (tvbuff_t *tvb, gint offset, packet_info *pinfo _U_,
proto_tree *tree, guint8 *drep,
int hfindex, guint32 *pdata)
{
guint32 data;
data = ((drep[0] & 0x10)
? tvb_get_letohl (tvb, offset)
: tvb_get_ntohl (tvb, offset));
if (tree) {
proto_tree_add_item (tree, hfindex, tvb, offset, 4, (drep[0] & 0x10));
}
if (pdata)
*pdata = data;
return offset+4;
}
Does not the code in svcctl_dissect_dwServiceType_flags()
...
value = tvb_get_letohl(tvb, offset);
...
really need to do something like calling dissect_dcerpc_uint32 (or maybe a
higher level function which apparently does some additional tests) ?
-------
In any case, since I've no familiarity with dcerpc code, I'm going to defer to
someone with knowledge of the code for any further code reviews.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.