On Thu, Jan 12, 2017 at 3:24 PM, Richard Sharpe
<realrichardsharpe@xxxxxxxxx> wrote:
> On Thu, Jan 12, 2017 at 3:13 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>> On Jan 12, 2017, at 3:00 PM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
>>
>>> In packet-rpc.c we see this:
>>>
>>> /*
>>> * Don't call any subdissector if we have no more date to dissect.
>>> */
>>> if (tvb_reported_length_remaining(tvb, offset) == 0) {
>>> return TRUE;
>>> }
>>>
>>> However, this is wrong, IMO.
>>>
>>> One of the things that our dissector functions does is insert items
>>> like "PROCNAME Reply" etc against the procedure etc, but I would also
>>> like to add text like "void" for void parameters etc.
>>>
>>> Indeed, dissection of the NULL procedure doesn't show much useful ...
>>>
>>> Does anyone see a problem with changing it to call the sub-dissector
>>> even when there is no more data to dissect?
>>
>> If it reintroduces the "malformed packet" problem mentioned in bug 1392:
>>
>> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1392
>>
>> then it'd be a problem, as that check was added in
>>
>> commit 1984f23e28a19333fa4b3ae7e8e1aba7971fe2ab
>> Author: Sake Blok <sake@xxxxxxxxxx>
>> Date: Tue Apr 15 22:53:34 2008 +0000
>>
>> Fix for the "Malformed packet: RPC" that is encountered in bug 1392:
>>
>> Don't call a RPC subdissector if there is no more data in the packet.
>
> Thanks for that. I agree it would be a problem if that was
> reintroduced, so I will test with that capture file ...
Hmmm, I followed the steps indicated in the bug and filtered and
unfiltered etc, and I do not see the bug.
I will prepare a patch and submit it ...
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
