Wireshark-bugs: [Wireshark-bugs] [Bug 4214] fuzz testing reports possible dissector bug: H248,
Date: Tue, 2 Mar 2010 05:53:20 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4214

LEGO <luis.ontanon@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |luis.ontanon@xxxxxxxxx
           Severity|Normal                      |Trivial

--- Comment #3 from LEGO <luis.ontanon@xxxxxxxxx> 2010-03-02 05:53:14 PST ---
The H.248 dissector tries to add an IPv4 item made of more than 4 bytes to the
tree, as IPv4 addresses are 4 bytes proto_tree_add_item() fails.

The code that triggers this bug is generated by the ASN.1 compiler after being
instructed to treat the given octestring as an IPv4 (h248.cnf:425).

On the other hand proto_tree_add_item() considers it to be a "dissector bug" to
be passed a number of bytes different than 4 for an IPv4 address, which in this
case (where the supposed IPV4 address actually found in the packet realy isn't)
is at least doubtful and thus should be considered to be a "malformed packet".

To solve this issue asn2wrs generated code should check if the length of the
octetstring being added as a fixed-length FT is consistent and report the
packet as malformed (as it is in our case) instead of having
proto_tree_add_item() blame a dissector bug (which to an extent it is as well).

I'm lowering the importance to "Trivial" as this is a purely cosmetic issue,
maybe a WONTFIX would be the right thing.

I leave that desition to Thomas Kukosa (the author of the asn2wrs compiler)
probably the only one able to come with a real fix for this (IMHO trivial)
issue.

\Luis

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.