On 2012-01-02 08:16, Michael Tuexen wrote:
> On Jan 2, 2012, at 3:53 AM, Guy Harris wrote:
>
>>
>> On Jan 1, 2012, at 3:00 PM, Martin Kaiser wrote:
>>
>>> In a pcapng file, does the string stored in an opt_comment option have
>>> to be 0-terminated? I couldn't find anything explicit about this in the
>>> specification. Pcapng options have a length field, therefore I'd guess
>>> the 0 termination is not required. What do you think?
>>
>> The Wireshark code to read pcap-NG files uses g_strndup() to make copies of
>> the various "UTF-8 string[s]", so the strings in the file don't have to be
>> null-terminated, and I would read the *lack* of any mention of
>> null-termination in the spec as an indication that
> I think g_strndup() is for being secure. Even if the spec requires the string
> to be 0 terminated, you never
> know if the file you read conforms to the spec. Since the option has a length
> field, using g_strndup() is the way to go.
>> they don't have to be null-terminated.
>>
>> I'll send the spec maintainers a note asking about this, and suggesting that
>> the spec indicate that all strings are counted (but shouldn't contain a null
>> byte).
> Hmm, I wouldn't mind if they are 0-terminiated, I even thought they are.
> However, it would be great
> if it would be described explicitly in the spec.
The NTAR library [1] code expects the strings to be NUL terminated,
at least the NUL char is counted as a valid char (option length)
when written to file:
NTAR source file: option_writers.c
----------
...
int write_option_string(ntar_option *option, void* buffer,size_t
*buffer_size)
...
/* +1 is used for the trailing \0 */
string_len = strlen(option->data) + 1;
...
opt.option_length = (u_int16)(string_len);
...
memcpy(buffer_char, option->data, string_len);
buffer_char += string_len;
if (align_bytes > 0)
memset(buffer_char, 0, align_bytes);
...
----------
Regards,
jpo
[1] - http://www.winpcap.org/ntar/
written by one of the PCAP-NG spec maintainers.
--
José Pedro Oliveira
* mailto:[email protected] *
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
