Wireshark-dev: [Wireshark-dev] Lua stringz
From: "Maynard, Christopher" <Christopher.Maynard@xxxxxxx>
Date: Fri, 29 Jan 2021 21:00:18 +0000
Hi list,
I was successfully using tvbrange:stringz() to retrieve a NULL-terminated
string from a tvb, that is until I recently encountered a string containing extended-ASCII characters, at which point things starting failing because the length of the string returned was too long. To work around the problem,
I switched to using tvbrange:strsize() instead.
To help illustrate the problem, I’ve attached a simple Lua dissector and pcap file. The Lua dissector has a preference for switching between using stringz() or strsize().
I’ve also attached the exported textual representations, both with "use_stringz" enabled and with it disabled (so it’s using strsize()
instead).
Is this expected, or is this perhaps a bug? Has anyone else encountered something like this?
Thanks.
- Chris
Ref:
11.8.3.21. tvbrange:stringz([encoding])
11.8.3.22. tvbrange:strsize([encoding])
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the
use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
No. Interface id AbsTime Epoch Time Time DeltaT SrcPort DstPort Protocol Length Stream index Device name Message ID Syserr Info No. 1 2013-09-17 14:40:32.225559 1379443232.225559000 0.000000 0.000000 33333 33333 FOO 69 Ping: Hello � World� 1 Frame 1: 69 bytes on wire (552 bits), 69 bytes captured (552 bits) Ethernet II, Src: Riverbed_00:00:01 (00:0e:b6:00:00:01), Dst: Riverbed_00:00:02 (00:0e:b6:00:00:02) Internet Protocol Version 4, Src: 192.0.2.101 (192.0.2.101), Dst: 192.0.2.102 (192.0.2.102) User Datagram Protocol, Src Port: 33333 (33333), Dst Port: 33333 (33333) FOO Protocol Foo Header: aabbccdd00010013 Magic: 0xaabbccdd Type: Ping (1) Length: 19 [Message Length: 19] Message: Hello �\177\nWorld�\177!2 0000 00 0e b6 00 00 02 00 0e b6 00 00 01 08 00 45 00 ..............E. 0010 00 37 00 00 40 00 40 11 b5 ea c0 00 02 65 c0 00 .7..@.@......e.. 0020 02 66 82 35 82 35 00 23 cb eb aa bb cc dd 00 01 .f.5.5.#........ 0030 00 13 48 65 6c 6c 6f 20 fa 7f 0a 57 6f 72 6c 64 ..Hello ...World 0040 fa 7f 21 32 00 ..!2.
No. Interface id AbsTime Epoch Time Time DeltaT SrcPort DstPort Protocol Length Stream index Device name Message ID Syserr Info No. 1 2013-09-17 14:40:32.225559 1379443232.225559000 0.000000 0.000000 33333 33333 FOO 69 Ping 1 Frame 1: 69 bytes on wire (552 bits), 69 bytes captured (552 bits) Ethernet II, Src: Riverbed_00:00:01 (00:0e:b6:00:00:01), Dst: Riverbed_00:00:02 (00:0e:b6:00:00:02) Internet Protocol Version 4, Src: 192.0.2.101 (192.0.2.101), Dst: 192.0.2.102 (192.0.2.102) User Datagram Protocol, Src Port: 33333 (33333), Dst Port: 33333 (33333) FOO Protocol Foo Header: aabbccdd00010013 Magic: 0xaabbccdd Type: Ping (1) Length: 19 [Message Length: 23] Lua Error: C:\Users\cmaynard\AppData\Roaming\Wireshark\plugins\foo.lua:64: Range is out of bounds
Attachment:
foo.lua
Description: foo.lua
Attachment:
foo_stringz.pcap
Description: foo_stringz.pcap
- Prev by Date: [Wireshark-dev] Wireshark 3.4.3 is now available
- Next by Date: [Wireshark-dev] Wireshark 3.4.3 on macOS crash
- Previous by thread: [Wireshark-dev] Wireshark 3.4.3 is now available
- Next by thread: [Wireshark-dev] Wireshark 3.4.3 on macOS crash
- Index(es):