Wireshark-bugs: [Wireshark-bugs] [Bug 3626] DNP 3.0 dissector can re-assemble application layer
Date: Sat, 27 Jun 2009 23:48:03 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3626





--- Comment #2 from Kelvin Proctor <kelvin.proctor@xxxxxxxxxxxxxxxxxxxxxxxxx>  2009-06-27 23:47:59 PDT ---
The attached file bug_3626.pcap illustrates the problem.

Packet 137 has been re-assembled from packets 101, 115, 131 and 137. 
Unfortunatley not all of the DNP 3.0 source and destination addresses match. 
They are as follows:

  Packet   Src. Addr.   Dst. Addr.   Sequence No.
   101       1161         30000         63
   115       1198         30000         24
   131       1161         30000         0
   137       1198         30000         25

Incorrectly re-assembling the packet fragments causes the application layer
frame to appear to be invalid (and causes a CPU lockup for 10-30 seconds) as
the dissector believes the packet contains 16440 points.

As a side note the DNP 3.0 dissector does not use the sequence number in the
fragment re-assembly process so is susceptible to duplicated packets
(especially on UDP), but I'll raise that as a separate bug at some point in the
future.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.