Wireshark-bugs: [Wireshark-bugs] [Bug 2585] New: Problem with packet-ifcp dissector not calculat
Date: Mon, 2 Jun 2008 12:52:46 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2585

           Summary: Problem with packet-ifcp dissector not calculating PDU
                    length correctly
           Product: Wireshark
           Version: 1.0.0
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fschorr@xxxxxxxxxxx


Build Information:
Version 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804
--
roblem with packet-ifcp dissector not calculating PDU length correctly.

The get_ifcp_pdu_len() call used for the tcp_dissect_pdus() call does not mask
off the frame length properly.  The result is that the "Flags" field
incorrectly becomes the high order part of the Frame Length.

The call/function before the change:

static guint
get_ifcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
{
        guint pdu_len;

        if(!ifcp_header_test(tvb, offset)){
                return 0;
        }

        pdu_len=tvb_get_ntohs(tvb, offset+12)*4;
        return pdu_len;
}

The call/function after the change.

static guint
get_ifcp_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
{
        guint pdu_len;

        if(!ifcp_header_test(tvb, offset)){
                return 0;
        }

        /* added &x03ff to the following line to mask out the frame length to
get the proper frame length
           btw:  the frame length is in 4 byte words.  The result needs
multiplied by 4 to get the PDU 
                  length in bytes - Frank Schorr */

        pdu_len=(tvb_get_ntohs(tvb, offset+12)&0x03FF)*4;
        return pdu_len;
}

Interesting the Frame Length field is handled properly elsewhere in the
dissector so it appears this was just an oversight.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.