Wireshark-dev: Re: [Wireshark-dev] TCP dissect issue when app-level message spans multiple TCP

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Thu, 05 May 2011 16:43:07 +0100
On 05/05/2011 16:27, Chris Maynard wrote:
Graham Bloice <graham.bloice@...> writes:

    The
        get_message_tcpmessage_len function should also check that there
        are enough bytes in the passed in tvb to call tvb_get_letohl(),
        as the OP's code did.-- 
I don't think that's the case as tcp_dissect_pdus() is told how many bytes are
needed via the fixed_len argument, so it won't call get_message_tcpmessage_len()
until at least that many bytes are available.

See packet-tcp.c's tcp_dissect_pdus() where it checks for "if (length_remaining
< fixed_len)".

I knew I should have looked at the code and not spouted forth from memory, Chris is right.  I was thinking of some similar code that does some heuristic checks before calling tcp_dissct_pdus().

-- 
Regards,

Graham Bloice