Wireshark · Ethereal-dev: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9

Ethereal-dev: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Mon, 07 Mar 2005 12:08:01 -0800

Abhijit Menon-Sen wrote:

The protocol message that code is decoding contains a four byte signed
integer field. A positive value indicates a number of bytes to follow,
and the special value -1 is used to indicate an SQL NULL value (and no
bytes follow in that case).

What do other negative values indicate? Should they be consideredprotocol errors? If so, then simply checking for "l < 0" is an error -it should check both for "l == -1" (meaning "null value") and, if thattest fails, test for "l < 0" (meaning "the packet is invalid").

It seems to me, then, that the "right fix" would be to make
proto_tree_add_item not segfault on very large values rather than
introducing arbitrary tests here and there to compensate for its
failings.


It *doesn't* segfault on very large values.

However, the length value to "proto_tree_add_item()" (and many otherroutines) is signed, not unsigned, because "-1" is a special valuemeaning "to the end of the packet".

Therefore, the largest length value that can be passed to it is 2^31 -1. Larger unsigned values are treated as negative values, so a value of0xFFFFFFFE, for example, is interpreted as -2, not 4294967294, and isthus *not* a very large value. (And it doesn't segfault on negativevalues; it used to call abort(), and now it puts a "dissector bug"notification in the protocol tree.)

Perhaps the length field could be made unsigned, with the maximumunsigned integer value meaning "to the end of the packet", but thatwould still mean that a length value of 0xFFFFFFFF wouldn't be handledcorrectly - it wouldn't throw a dissector exception, it'd just go to theend of the packet.

Or perhaps the special -1/"max unsigned int" value could be eliminated,with a tvb_length_remaining() call being required, but that increasesthe number of tvb_length_remaining() calls, which I'd prefer not to do,as many such calls are inappropriate - it *doesn't* return the amount ofdata left in the packet, it returns the amount of *captured* data leftin the packet, which isn't what dissectors should be using in most cases- and would involve a lot of changes to existing code (especially ifit's eliminated throughout Ethereal).

Follow-Ups:
- Re: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9
  - From: Guy Harris

References:
- Re: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9
  - From: Guy Harris
- [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9
  - From: Abhijit Menon-Sen

Prev by Date: Re: [Ethereal-dev] Alternate techniques for building register.c
Next by Date: Re: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9
Previous by thread: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9
Next by thread: Re: [Ethereal-dev] Re: packet-pgsql.c changes in 0.10.9
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$