Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [PATCH] New Dissector : Roofnet

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 19 Dec 2006 21:50:23 +0100 (CET)
Hi,

Sounds good, lets have it.

Thanx,
Jaap

On Tue, 19 Dec 2006, Sebastien Tandel wrote:

>
> >>> * The loop in dissect_roofnet should check that it doesn't spin out of
> >>> control when an incorrectly large value is read.
> >>>
> >>>
> >> The roofnet length is restricted to 400 bytes (maybe 200 in a near
> >> future). I then control whetherr the length of the announced number of
> >> links is greater than this max length (400). If it's the case I print an
> >> error in the tree, add an expert info value and stop the dissection of
> >> the packet. Is it sufficient?
> >>
> >
> > I rather would like a check against the actual size of the packet, to
> > avoid going out of bounds at tvb access.
> >
> ok done
> I also let the other check which in fact will decode the header first
> ... then do the check, add the expert info and stop the dissection of
> this packet.
>
> >>> * Use the 'standard' file header as found in the README.developer
> >>>
> >>>
> >> Did you mean stdio, stdlib ? If not, give me a hint 'cause I don't see ...
> >>
> >
> > I mean the copyright stuff, like
> >
> Ah! ok :) ... it was there but without the mention to the original
> author Gerald Combs. Sorry! :-p
>
> > Furhter question: did you fuzz test this dissector on some real life
> > roofnet captures?
> >
> On the modified version? ... At the time of writing your question ...
> no. Now, yes! :)
> 525 passes on 7250 frames for each pass (with the modifications I did now).
> Is it sufficient? Or have you stronger requisites?
>
>
> Regards,
> Sebastien Tandel
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>