Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Packet Size limited during capture message

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Wed, 24 Mar 2010 08:21:50 +1100
Any dissector needs to be validate it's input and make sure it doesn't make errant conclusions on what is presented.

For example many protocols have fields that indicate lengths of data within the frame. However any dissector needs to make sure that it doesn't just believe those fields as being correct. A bad h@x0r might change those fields beyond what the protocol intended either to crash the real application or even wireshark. 

Also packets might get unintentionally corrupted or truncated with similar consequences. (Broken links, routers, VPNs can all do this). Wireshark dissectors need to be resilient to this.

Finally Wireshark (and tcpdump) have always had the ability to only capture a truncated packet (mainly to limit resources required during packet capture). A dissector also needs to cope with this. 

Regards, Martin

MartinVisser99@xxxxxxxxx


On Wed, Mar 24, 2010 at 2:42 AM, Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Chris

I will have to look into why my dissector is crashing when I get the Packet Size Limited during capture message.

I am an employee of Dark Corner Software. I am writing the dissector for our clients that use our software.

I have fixed the license issue. Attached is the latest updated file that I am still working on.

We have open source software and closed source software. I am trying to get the open source dissector submitted through wireshark so it can become a part of the wireshark distribution (this is the attached copy).

Our closed source software is for our customers only. I have written a dissector for our closed source software for the client. This is where I am getting the "Packet Size limited during capture " message from.


Thanks,
Brian



Maynard, Chris wrote:
As Jakub pointed out, regardless of the snaplen, if Wireshark is crashing, then the bug is in the dissector, although IMO the biggest bug in the dissector is still the incompatible license.

Brian, please carefully read http://www.gnu.org/licenses/gpl-faq.html#GPLModuleLicense

Gerald et al, consider this e-mail as a report of a violation of the GPL per http://www.gnu.org/licenses/gpl-faq.html#ReportingViolation

So until the dissector is properly licensed, I suggest contacting these folks for support on this dissector: http://www.darkcornersoftware.com/contact.html

- Chris

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Mike Morrin
Sent: Tuesday, March 23, 2010 9:02 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Packet Size limited during capture message


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Oleksa
Sent: 23 March 2010 12:23
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Packet Size limited during capture message

Chris

I just found out that this was captured using tshark.....but nobody knows what the snaplen was.

So my questions is....   My code is working correctly then....And that this was just a bad judgment of the wrong snaplen......correct..??

Thanks,
Brian

--------------------------------------------------------------------
It is possible for a dissector bug to throw this exception even with a
perfectly captured packet, see Bug 2855 for example.







This message contains confidential information and may be privileged. If you are not the intended recipient, please notify the sender and delete the message immediately.

ip.access Ltd, registration number 3400157, Building 2020, Cambourne Business Park, Cambourne, Cambridge CB23 6DW, United Kingdom
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe