Wireshark · Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 29373: /trunk/epan/dissectors/ /trunk/epan/dissectors/:

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 29373: /trunk/epan/dissectors/ /trun

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 10 Aug 2009 15:49:18 -0700


On Aug 10, 2009, at 3:41 PM, Bill Meier wrote:

guy@xxxxxxxxxxxxx wrote:

	don't give up, as we'll just skip the bad item and move on to
	the next item.

The dissector "skips to the next" using the bad tag length so Ithought

it better to not try to keep on dissecting.

For a fuzzed file, it'll report a bunch of bad TLVs, as it'll skip tothe wrong offset. The dissection will be ugly, but it shouldn't crash.

For a capture of traffic from a device that's putting out values thataren't 2 bytes long for those TLVs, but where the length field isconsistent with the wrong-length value, it'll skip to the right offset.

References:
- Re: [Wireshark-dev] [Wireshark-commits] rev 29373: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-pppoe.c
  - From: Bill Meier

Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 29373: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-pppoe.c
Next by Date: [Wireshark-dev] ip6_to_str equivalent/alternative with variable length for ipv6 address
Previous by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 29373: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-pppoe.c
Next by thread: [Wireshark-dev] ip6_to_str equivalent/alternative with variable length for ipv6 address
Index(es):
- Date
- Thread