patchs for wireshark dissection
Matthieu Patou
mat+Informatique.Samba at matws.net
Mon Jul 13 03:14:31 MDT 2009
On 07/13/2009 10:15 AM, Andrew Bartlett wrote:
> On Mon, 2009-07-13 at 08:10 +0200, Stefan (metze) Metzmacher wrote:
>
>> Matthieu Patou schrieb:
>>
>>> On 07/12/2009 08:37 PM, Stefan (metze) Metzmacher wrote:
>>>
>>>> I need to revert parts of the patches, to prevent a crash
>>>> (in the string handling code...)
>>>>
>>>> http://gitweb.samba.org/?p=metze/wireshark/wip.git;a=commitdiff;h=c9dbf6ad8c7c3320800bf9158b718c6c98a602f5
>>>>
>>>>
>>>>
>>>>
>>> Metze can you send me the capture that makes a crash ?
>>>
>> http://samba.org/~metze/ads/rpc-netlogon-lsa-string-is-fine-01.pcap
>>
>> But also just from looking at the code, it seems to be just wrong.
>> The length of the array has nothing to do with the max count!
>> There is no magic string terminator that we need to autodetect,
>> if there're following (zero or uninitialized) bytes then they're
>> just padding!
>>
>
> Perhaps I'm missing something, but wasn't this whole area meant to be
> overtaken by PIDL generated dissectors?
>
Netlogon is not for the moment PIDL generated. I completed manually in
order to do the decrypt and correct uncomplete dissection.
I contacted ronnie and we can eventually move to PIDL generated dissector.
Matthieu.
More information about the samba-technical
mailing list