Wireshark · Wireshark-dev: Re: [Wireshark-dev] How to stop dissection in middle of malformed packet?

Wireshark-dev: Re: [Wireshark-dev] How to stop dissection in middle of malformed packet?

From: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>

Date: Wed, 16 Nov 2016 21:29:34 +0100

Hi,

You need to add a expert info and return

There is already check on proto_tree_add_* function to detect malformed value (and automally return)

Cheers

On Wed, Nov 16, 2016 at 5:57 PM, Dmitry Lazurkin <dilaz03@xxxxxxxxx> wrote:

Hello.

I read packet header and try to read string length and string data. But
string length field has illegal value. I add expert info. But how to
stop dissection after adding expert info? I can not dissect rest of
packet at this point. I can return error code from this function, but
calling tree may be too big. May be exists more graceful solution?
Something like exceptions in C++.

PS. I found DISSECTOR_VERIFY_DATA in mailing lists, but it is not
implemented in source code.

___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-dev] How to stop dissection in middle of malformed packet?
  - From: Dmitry Lazurkin

References:
- [Wireshark-dev] How to stop dissection in middle of malformed packet?
  - From: Dmitry Lazurkin

Prev by Date: [Wireshark-dev] How to stop dissection in middle of malformed packet?
Next by Date: Re: [Wireshark-dev] How to stop dissection in middle of malformed packet?
Previous by thread: [Wireshark-dev] How to stop dissection in middle of malformed packet?
Next by thread: Re: [Wireshark-dev] How to stop dissection in middle of malformed packet?
Index(es):
- Date
- Thread