This one is that the malformed packet causes
packet-ndps.c/attribute_value()/
case 14: /
reading the length (which is corrupted)
causes foffset to go beyonds the end of the packet.
While one could do a
DISSECTOR_ASSERT(length<=tvb_reported_length_remaining(tvb, foffset));
this macro is really for reporting dissector bugs and not for
indicating a known malformed packet.
Alternatively one can add a lot code such as :
if(length>tvb_reported_length_remaining(tvp, foffset)){
proto_tree_add_text(... some nice string...);
tvb_get_guint8(tvb, 999999); or something similar to trigger a
malformed packet and abort dissection.
We dont really have very good documentation on what to do in this
situation for developers and most of us use different styles.
( i like a tvb_get_guint8(tvb, 9999999) when i really think the packet
is malformed and if there is no point in even attempting to contunue
dissection)
Should we/someone add a new macro
ASSERT_MALFORMED_PACKET( <expression>, format-string, ... );
that can be used when we want to trigger what is definitely not a
dissector bug but just plainly a malformed packet?
There are several other situations in the same function in the ndps
file which needs the same fix.
comments?
On 10/24/05, Buildbot <buildbot-do-not-reply@xxxxxxxxxxxx> wrote:
> Problems have been found with the following capture file(s):
>
> http://www.ethereal.com/distribution/buildbot-builds/randpkt/editcap.435cafa5.pcap
>
>
> Error information:
> (no core file found)
>
>
> stderr follows:
>
> ** (process:78082): WARNING **: Dissector bug, protocol NDPS, in packet 1:
> proto.c:2614: failed assertion "end >= fi->start"
>
>
> Bug 549 posted.
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
