Ethereal-dev: Re: [Ethereal-dev] [PATCH]Dissecting SSH short frames

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 23 Dec 2003 13:24:05 -0800

On Dec 18, 2003, at 12:27 PM, Loïc Minier wrote:


 It turns out that packet-ssh.c loops forever if the first packets
 are short frames (the announced TCP payload is bigger than the real
 captured payload, for example because one forgot to -s 65535 with
 tcpdump :).

 Attached patch replaces the tvb_reported_length_remaining calls with
 tvb_ensure_length_remaining calls,
"tvb_reported_length_remaining()" is what should be used in loops that process all the data in a packet. 

The underlying problem is that
1) we weren't handling the case where "ssh_dissect_protocol()" didn't set "version" 

and
2) "tvb_ensure_length_remaining()" wasn't truly ensuring that there was data remaining - it could return 0 if the offset was just past the end of the tvbuff.
I've checked in fixes for both of those; it now shows packet 4 (and other short frames) of your capture as short frames.