Wireshark-bugs: [Wireshark-bugs] [Bug 4742] New: Problems decoding variable length strings in IP

Date: Mon, 3 May 2010 10:12:20 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4742

           Summary: Problems decoding variable length strings in IPFIX
           Product: Wireshark
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: acferen@xxxxxxxxx


Created an attachment (id=4612)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4612)
patch for variable length IPFIX strings

Build Information:
$ wireshark -v
wireshark 1.2.2

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 20 2009 13:30:07),
without AirPcap.

Running on Linux 2.6.31-20-generic, with libpcap version 1.0.0, GnuTLS 2.8.3,
Gcrypt 1.4.4.

Built using gcc 4.4.1.

--
The number of bytes for flow records can be determined when the template
arrives.  The length of variable length strings must be determined for each
flow.

The attached patch makes several minor changes.

1) use the length returned from dissect_v9_pdu(...) instead of the template
length (tplt->length) to calculate the new offset.

2) Calculates the correct length for variable length strings in the default
case for unknown information elements.

3) reindented a few lines in the default case to respect the indentation
specified in the Editor modelines at the bottom of the file.

Notes on variable length strings
<  255 char long  encoded as : 1 byte len + string.
>= 255 char long encoded as : 255 + 2 byte len + string

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.