Wireshark · Ethereal-dev: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data

Ethereal-dev: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sun, 22 Aug 2004 18:08:58 -0700

TJ Li wrote:

What is purpose of pinfo->fd->flags.visited?

To allow dissectors to do something differently the first time a packetis seen, for example to save state for subsequent dissections of the packet.

The core dump happened because pinfo->fd->flags.visited is 1 in packet-dcerpc-mapi.c, but
mmd=g_hash_table_lookup(mapi_decrypted_table, &mmd_key) return NULL.

The MAPI dissector was "decrypting" (if you call XORing data with 0xA5"encrypting" it) the packet data and saving the decrypted data on thefirst pass, and trying to fetch the decrypted data on subsequent passes- but it wasn't finding the data, for some reason.

It's probably simpler just to decrypt the data every time; I've checkedin a change to do that, which should fix this crash.

References:
- Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
  - From: TJ Li

Prev by Date: Re: [Ethereal-dev] patch: DAAP dissector [2nd try]
Next by Date: [Ethereal-dev] Harsh criticism from the OpenBSD folks
Previous by thread: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data
Next by thread: [Ethereal-dev] dissector newbie needs some guidence..
Index(es):
- Date
- Thread