| Bug ID |
10109
|
| Summary |
Fix MP2T dissector reassembly
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
Git
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
bugzilla-admin@wireshark.org
|
| Reporter |
gmsoft@tuxicoman.be
|
Created attachment 12762 [details]
Fix MP2T reassembly
Build Information:
Version 1.11.4 (v1.11.4-rc1-407-g2197a08 from master)
--
There are currently a few issues with mp2t reassembly.
When a subpacket is entierly contained in an MP2T packet, the frag_id is not
incremented. The consequence is that the length of the subpacket is not
calculated correctly on the second pass because mp2t_get_packet_length(). This
function will find a fragment when calling fragment_get() and return the wrong
length. The fix is to increment frag_id when we encounter such self-contained
subpacket. This prevents fragment_get() to return an invalid frag.
Secondly, if an MP2T packet contains a full subpacket and a fragment of another
one, it happens that the first subpacket contains an ethernet frame
(encapsulated in DOCSIS). This makes pinfo->{src,dst} contain an address. This
is then re-used to calculate the hash in fragment_add_check().
It is of course invalid and should be reset to NULL.
The macro SET_ADDRESS_HF() was found to be incorrect and fixed as well.
Lastly, the comment about the adaptation field control being invalid for DOCSIS
is wrong. The AFC is only invalid if it's != 1 (which means contains a payload
but no adaptation field).
The attached patch fixes all those issues.
You are receiving this mail because:
- You are watching all bug changes.
