diff options
author | Guy Harris <guy@alum.mit.edu> | 2017-09-23 17:35:54 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-09-24 00:36:28 +0000 |
commit | b13d5eac26db21d3b8682e861575bf5344740f99 (patch) | |
tree | 74eeddbbe3e1842dd7db186df5ce34a0ed8a139e /wiretap | |
parent | a065bb586e2334f5f1f1f4f0a247f309f7a04f46 (diff) |
Don't look at the comment or process table with pre-2.2 files.
NetMon apparently didn't zero out the file header, so those fields have
random values in pre-2.2.
Change-Id: I3aeede6ab273d57ca937a5e18e67223fb4ed18da
Reviewed-on: https://code.wireshark.org/review/23666
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/netmon.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/wiretap/netmon.c b/wiretap/netmon.c index 466c87affc..7015c7669f 100644 --- a/wiretap/netmon.c +++ b/wiretap/netmon.c @@ -352,13 +352,24 @@ wtap_open_return_val netmon_open(wtap *wth, int *err, gchar **err_info) frame_table_offset = pletoh32(&hdr.frametableoffset); /* - * Get the offset and length of the comment index table and - * process info table. + * For NetMon 2.2 format and later, get the offset and length of + * the comment index table and process info table. + * + * For earlier versions, set them to zero; they appear to be + * uninitialized, so they're not necessarily zero. */ - comment_table_offset = pletoh32(&hdr.commentdataoffset); - comment_table_size = pletoh32(&hdr.commentdatalength); - process_info_table_offset = pletoh32(&hdr.processinfooffset); - process_info_table_count = pletoh32(&hdr.processinfocount); + if ((netmon->version_major == 2 && netmon->version_minor >= 2) || + netmon->version_major > 2) { + comment_table_offset = pletoh32(&hdr.commentdataoffset); + comment_table_size = pletoh32(&hdr.commentdatalength); + process_info_table_offset = pletoh32(&hdr.processinfooffset); + process_info_table_count = pletoh32(&hdr.processinfocount); + } else { + comment_table_offset = 0; + comment_table_size = 0; + process_info_table_offset = 0; + process_info_table_count = 0; + } /* * It appears that some NetMon 2.x files don't have the |