Wireshark-bugs: [Wireshark-bugs] [Bug 10519] Wireshark doesn't properly handle packets with an I
Date: Wed, 01 Oct 2014 18:16:36 +0000

changed bug 10519


What Removed Added
Summary tcp.len zero for bad frame length Wireshark doesn't properly handle packets with an IPv4 total length too large for the underlying frame size

Comment # 1 on bug 10519 from
If:

    for an IPv4 packet, the frame length (as determined from the on-the-network
size of the packet; this isn't the captured length), minus the lengths of the
link-layer header and any metadata headers, is not >= the value of the total
length field in the IPv4 header;

    for an IPv6 packet, the frame length (as determined from the on-the-network
size of the packet; this isn't the captured length), minus the lengths of the
link-layer header, any metadata headers, and the IPv6 header (just the regular
header, not the extension headers), is not >= the value of the payload length
in the IPv6 header;

the packet is badly malformed, and there's no possible correct value for any
lengths in the IP or TCP headers.  The IP dissector should arguably not even
try handing the packet to the TCP/UDP/SCTP/etc. dissector.

(BTW, please don't use Microsoft Office documents as a way of uploading
pictures; not everybody following the bug list has tools capable of reading
Microsoft Office documents.)


You are receiving this mail because:
  • You are watching all bug changes.