Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 1026] Invalid characters in PDML output when a packet cont

Date: Tue, 7 Nov 2006 11:14:51 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1026





------- Comment #5 from paul.blankenbaker@xxxxxxxxxx  2006-11-07 11:14 GMT -------
The fix you committed in "packet-aim-sst.c" did fix the problem reported in
this bug entry. However, as you mentioned in your comment, there are many other
fields that exhibit the same behavior, and I have had more capture files yield
invalid XML when generating PDML output against the 0.99.4 release of
wireshark.

I created a 'fix' for the issue in a more generic fashion, by updating the
proto_tree_write_node_pdml() function in print.c. I don't understand all of the
internals of the wireshark datatypes and how they are suppose to map to output
in PDML, but I took the following philosophy:

- FT_BYTES fields typically have 1 or more bytes of data.

- If a FT_BYTES field has 0 bytes of data (as the AIM fields seem to have), and
one is generating PDML output, then one should not attempt to format the byte
array, and simply printout value="" and show="" as the attributes for the
fields).

If this seems like a reasonable safety check to you, I would appreciate it if
it could be migrated into the code base.

I changed the following code block (near line 354) in print.c from the 0.99.4
release (I attached the entire contents of my print.c to this bug entry) to
accomplish this and I haven't been able to generate any invalid XML attributes
in the PDML output produced by tshark.

ORIGINAL CODE:

                        if (dfilter_string != NULL) {
                                chop_len = strlen(fi->hfinfo->abbrev) + 4; /*
f\
or " == " */

                                /* XXX - Remove double-quotes. Again, once we   
                                 * can call fvalue_to_string_repr(), we can     
                                 * ask it not to produce the version for        
                                 * display-filters, and thus, no                
                                 * double-quotes. */
                                if (dfilter_string[strlen(dfilter_string)-1]
==\
 '"') {
                                       
dfilter_string[strlen(dfilter_string)-1\
] = '\0';
                                        chop_len++;
                                }

                                fputs("\" show=\"", pdata->fh);
                                print_escaped_xml(pdata->fh,
&dfilter_string[ch\
op_len]);
                        }



MODIFIED CODE:

                  // Set the 'show' attribute to empty string if 0 length       
                  // byte array (adds: show="")                                 
                  if ((fi->length == 0) && (fi->hfinfo->type == FT_BYTES)) {
                    fputs("\" show=\"\" value=\"",  pdata->fh);
                  } else {
                          /* XXX - this is a hack until we can just call        
                         * fvalue_to_string_repr() for *all* FT_* types. */
                        dfilter_string = proto_construct_dfilter_string(fi,
                                        pdata->edt);
                        if (dfilter_string != NULL) {
                                chop_len = strlen(fi->hfinfo->abbrev) + 4; /*
f\
or " == " */

                                /* XXX - Remove double-quotes. Again, once we   
                                 * can call fvalue_to_string_repr(), we can     
                                 * ask it not to produce the version for        
                                 * display-filters, and thus, no                
                                 * double-quotes. */
                                if (dfilter_string[strlen(dfilter_string)-1]
==\
 '"') {
                                       
dfilter_string[strlen(dfilter_string)-1\
] = '\0';
                                        chop_len++;
                                }

                                fputs("\" show=\"", pdata->fh);
                                print_escaped_xml(pdata->fh,
&dfilter_string[ch\
op_len]);
                        }
                  }



-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.