On Thu, Jan 12, 2017 at 3:13 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> On Jan 12, 2017, at 3:00 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
>
>> In packet-rpc.c we see this:
>>
>> /*
>> * Don't call any subdissector if we have no more date to dissect.
>> */
>> if (tvb_reported_length_remaining(tvb, offset) == 0) {
>> return TRUE;
>> }
>>
>> However, this is wrong, IMO.
>>
>> One of the things that our dissector functions does is insert items
>> like "PROCNAME Reply" etc against the procedure etc, but I would also
>> like to add text like "void" for void parameters etc.
>>
>> Indeed, dissection of the NULL procedure doesn't show much useful ...
>>
>> Does anyone see a problem with changing it to call the sub-dissector
>> even when there is no more data to dissect?
>
> If it reintroduces the "malformed packet" problem mentioned in bug 1392:
>
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1392
>
> then it'd be a problem, as that check was added in
>
> commit 1984f23e28a19333fa4b3ae7e8e1aba7971fe2ab
> Author: Sake Blok <sake@xxxxxxxxxx>
> Date: Tue Apr 15 22:53:34 2008 +0000
>
> Fix for the "Malformed packet: RPC" that is encountered in bug 1392:
>
> Don't call a RPC subdissector if there is no more data in the packet.
Thanks for that. I agree it would be a problem if that was
reintroduced, so I will test with that capture file ...
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
