Wireshark mailing list archives
Re: [Wireshark-dev] pcapng, must opt_comment string be 0-terminated?
From: Chris Maynard <Chris.Maynard () gtech com>
Date: Thu, 5 Jan 2012 21:46:25 +0000 (UTC)
Martin Kaiser <lists@...> writes:
It's not that critial we but know the correct length and could do opt_comment = g_strndup(option_content, oh.option_length) instead. If you agree, I can open a bugzilla item with a patch and sample capture that has an unterminated comment.
To avoid the possibility of reading past the end of option_content in the case when oh.option_length > sizeof(option_content), I think it would be safer to do this instead: wblock->data.packet.opt_comment = g_strndup(option_content, MIN(oh.option_length, sizeof(option_content))) Note that this can't happen today because if the option length is greater than sizeof(option_content), then we never get there, but I think the implementation would work better to read as much as will fit into the buffer as possible, in this case the 1st 99 characters of the string (plus the NULL-terminator), rather than skipping it altogether. The comment next to option_content indicates, "XXX - size might need to be increased, if we see longer options", so it's apparently a somewhat arbitrary limit. I think as pcapng sees more and more use, it's only a matter of time before longer and longer strings are added (or desired to be added). Even the examples shown at the end of section 2.5 of the pcapng spec illustrate some strings approaching that limit, and those strings do not seem overly long to me: "This packet is the beginning of all of our problems" / "Packets 17-23 showing a bogus TCP retransmission, as reported in bugzilla entry 1486!" / "Captured at the southern plant" / "I've checked again, now it's working ok" / ... ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- pcapng, must opt_comment string be 0-terminated? Martin Kaiser (Jan 01)
- Re: pcapng, must opt_comment string be 0-terminated? Guy Harris (Jan 01)
- Re: pcapng, must opt_comment string be 0-terminated? Michael Tuexen (Jan 02)
- Re: pcapng, must opt_comment string be 0-terminated? Jose Pedro Oliveira (Jan 02)
- Re: pcapng, must opt_comment string be 0-terminated? Martin Kaiser (Jan 03)
- Re: [Wireshark-dev] pcapng, must opt_comment string be 0-terminated? Chris Maynard (Jan 05)
- Re: [Wireshark-dev] pcapng, must opt_comment string be 0-terminated? Chris Maynard (Jan 05)
- Re: pcapng, must opt_comment string be 0-terminated? Michael Tuexen (Jan 02)
- Re: pcapng, must opt_comment string be 0-terminated? Guy Harris (Jan 01)