Hi,
I think this is correct, checking for the availability of data in the TVB is
independent of the question if the tree is available or not. That fact should
not have influence on the interpretation of the data.
Thanks,
Jaap
On 10/03/2012 12:36 AM, Richard Sharpe wrote:
> Hi folks,
>
> I am often given captures that contain truncated packets.
>
> It annoys me that in many places the SMB dissector does not attempt to
> do all it could with the data.
>
> For example, with TRANS2 FIND_FIRST2 it does not bother displaying any
> of the files returned if the data is truncated.
>
> The following small patch fixes that, although I want to go through
> and do the same for all of the FF2 info levels:
>
> Index: epan/dissectors/packet-smb.c
> ===================================================================
> --- epan/dissectors/packet-smb.c (revision 43693)
> +++ epan/dissectors/packet-smb.c (working copy)
> @@ -14656,8 +14656,20 @@
> si = (smb_info_t *)pinfo->private_data;
> DISSECTOR_ASSERT(si);
>
> + /*
> + * We check this first before adding the sub-tree so things do not
> + * get ugly.
> + */
> +
> + /* next entry offset */
> + CHECK_BYTE_COUNT_SUBR(4);
> + neo = tvb_get_letohl(tvb, offset);
> +
> + /* Ensure we have the bytes we need, wich is up to neo */
> + tvb_ensure_bytes_exist(tvb, offset, neo);
> +
> if (parent_tree) {
> - tvb_ensure_bytes_exist(tvb, offset, *bcp);
> + /*tvb_ensure_bytes_exist(tvb, offset, *bcp); */
> item = proto_tree_add_text(parent_tree, tvb, offset, *bcp, "%s",
> val_to_str(si->info_level, ff2_il_vals, "Unknown
> (0x%02x)"));
> tree = proto_item_add_subtree(item, ett_smb_ff2_data);
> @@ -14669,9 +14681,6 @@
> * key" flag set.
> */
>
> - /* next entry offset */
> - CHECK_BYTE_COUNT_SUBR(4);
> - neo = tvb_get_letohl(tvb, offset);
> proto_tree_add_uint(tree, hf_smb_next_entry_offset, tvb,
> offset, 4, neo);
> COUNT_BYTES_SUBR(4);
>
>
>
