Ethereal-dev: [Ethereal-dev] Found a defragmentation "bug" in the DCE RPC dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Tue, 18 Jan 2005 21:37:25 +0100
Hi List!
I think I've found a bug in the DCE-RPC dissector, and I already have a possible bugfix for it.
The problems is caused, as the logic of connection oriented defragmentation is based on the "alloc hint" field. Unfortunately, the spec says this field can simply contain a 0 indicating that the transmitting side doesn't want to give a hint.
This causes the current defragmentation logic (epan/packet-dcerpc.c starting at line 2821) to think that not all fragments are received, and will not defragment it.
A bugfix might be: if the "alloc hint" field is zero, simply append the fragments one by one to the "fragment list" until a last fragment is found. This simple approach is depeding on the right order of the fragments and might fail, if the underlying TCP get's confused about retransmissions or the DCE RPC implementation itself is buggy. 

Someone got a better idea to handle this?

Regards, ULFL