Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Better dissection in the SMB dissector when captures contain

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Wed, 3 Oct 2012 07:25:02 -0700
On Tue, Oct 2, 2012 at 10:43 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> Hi,
>
> I think this is correct, checking for the availability of data in the TVB is
> independent of the question if the tree is available or not. That fact should
> not have influence on the interpretation of the data.

I just looked at the spec and it turns out that the strategy is
slightly different for some of the items because they do not have a
next entry offset. However, in each case we can make a decision along
the lines of:

Are there enough bytes to get to the length of the variable portion?
If so, fetch it, and check if there are enough bytes to deal with that.

Otherwise, cause an exception.

I will try to clean this up today and submit a more complete patch.

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)