>>> * The loop in dissect_roofnet should check that it doesn't spin out of >>> control when an incorrectly large value is read. >>> >>> >> The roofnet length is restricted to 400 bytes (maybe 200 in a near >> future). I then control whetherr the length of the announced number of >> links is greater than this max length (400). If it's the case I print an >> error in the tree, add an expert info value and stop the dissection of >> the packet. Is it sufficient? >> > > I rather would like a check against the actual size of the packet, to > avoid going out of bounds at tvb access. > ok done I also let the other check which in fact will decode the header first ... then do the check, add the expert info and stop the dissection of this packet.
>>> * Use the 'standard' file header as found in the README.developer >>> >>> >> Did you mean stdio, stdlib ? If not, give me a hint 'cause I don't see ... >> > > I mean the copyright stuff, like > Ah! ok :) ... it was there but without the mention to the original author Gerald Combs. Sorry! :-p > Furhter question: did you fuzz test this dissector on some real life > roofnet captures? > On the modified version? ... At the time of writing your question ... no. Now, yes! :) 525 passes on 7250 frames for each pass (with the modifications I did now). Is it sufficient? Or have you stronger requisites? Regards, Sebastien Tandel _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
