Wireshark-bugs: [Wireshark-bugs] [Bug 10029] New: SAP (Session Announcement Protocol) dissector
Bug ID |
10029
|
Summary |
SAP (Session Announcement Protocol) dissector reads wrong IP version
|
Classification |
Unclassified
|
Product |
Wireshark
|
Version |
unspecified
|
Hardware |
x86
|
OS |
Mac OS X 10.8
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
stefan.doehla@iis.fraunhofer.de
|
Build Information:
TShark 1.11.2 (SVNRev 53411 from /trunk)
Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.36.0, with libpcap, with libz 1.2.3, without
POSIX
capabilities, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.1,
without Python, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with
GeoIP.
Running on Mac OS X 10.8.5, build 12F45 (Darwin 12.5.0), with locale
de_DE.UTF-8, with libpcap version 1.1.1, with libz 1.2.5.
Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz
Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
There's an if statement in the SAP dissector obviously reverted. If it is IPv4
then the dissector tries to read IPv6 origin addresses and vice versa. This
creates a bunch of errors when the data is displayed although it seems to be
correct. Patching the bit to tell it is IPv6 makes the dissector reading an
IPv4 address and the dissection works.
SAP might not be very popular, but it is still odd that nobody spotted this for
so long. The pcap attached to the ISMACryp wiki page nicely demoes the bug.
Here's the code that needs some obvious fixing (if IPv6 then read IPv4?) in
epan / dissectors / packet-sap.c:
170 if (is_ipv6)
171 proto_tree_add_item(sap_tree, hf_sap_originating_source_ipv4, tvb,
offset, addr_len, ENC_BIG_ENDIAN);
172 else
173 proto_tree_add_item(sap_tree, hf_sap_originating_source_ipv6, tvb,
offset, addr_len, ENC_NA);
You are receiving this mail because:
- You are watching all bug changes.