Awesome, thanks !
So shall I assume that whenever I detect something of the kind, it's an issue that needs resolved ?
If that's the case I'll be more than happy to add detection for this in my code and run a bunch of captures through it to detect them all (or at least as many as the captures allow me to detect).
Also, is the smb2 case a bug as well ?
Thx,
Hassan
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Tuesday, July 25, 2017 3:45 PM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Cc: Sultan, Hassan <sultah@xxxxxxxxxx>
Subject: "[UNVERIFIED SENDER]Re: [Wireshark-dev] Hierarchy of fields & offsets
On Jul 25, 2017, at 3:26 PM, Sultan, Hassan via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx> wrote:
> Any reason why this is done in this way?
I don't know, but, whatever it is, it's not a *good* reason.
Perhaps they didn't know how to handle a request whose length isn't known until you finish dissecting it. The answer is "give it an initial length of -1, to cover the rest of the data, and then set the length at the end"; I've changed the MySQL dissector in the master and 2.4 branches to do that.
