On Thu, Jan 12, 2017 at 3:24 PM, Richard Sharpe <[email protected]> wrote: > On Thu, Jan 12, 2017 at 3:13 PM, Guy Harris <[email protected]> wrote: >> On Jan 12, 2017, at 3:00 PM, Richard Sharpe <[email protected]> >> wrote: >> >>> In packet-rpc.c we see this: >>> >>> /* >>> * Don't call any subdissector if we have no more date to dissect. >>> */ >>> if (tvb_reported_length_remaining(tvb, offset) == 0) { >>> return TRUE; >>> } >>> >>> However, this is wrong, IMO. >>> >>> One of the things that our dissector functions does is insert items >>> like "PROCNAME Reply" etc against the procedure etc, but I would also >>> like to add text like "void" for void parameters etc. >>> >>> Indeed, dissection of the NULL procedure doesn't show much useful ... >>> >>> Does anyone see a problem with changing it to call the sub-dissector >>> even when there is no more data to dissect? >> >> If it reintroduces the "malformed packet" problem mentioned in bug 1392: >> >> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1392 >> >> then it'd be a problem, as that check was added in >> >> commit 1984f23e28a19333fa4b3ae7e8e1aba7971fe2ab >> Author: Sake Blok <[email protected]> >> Date: Tue Apr 15 22:53:34 2008 +0000 >> >> Fix for the "Malformed packet: RPC" that is encountered in bug >> 1392: >> >> Don't call a RPC subdissector if there is no more data in the >> packet. > > Thanks for that. I agree it would be a problem if that was > reintroduced, so I will test with that capture file ...
Hmmm, I followed the steps indicated in the bug and filtered and unfiltered etc, and I do not see the bug. I will prepare a patch and submit it ... -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
