Wireshark-bugs: [Wireshark-bugs] [Bug 10536] New: smtp decoder can dump binary data to terminal
Bug ID |
10536
|
Summary |
smtp decoder can dump binary data to terminal in tshark
|
Product |
Wireshark
|
Version |
1.12.1
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
jadevree@mtu.edu
|
Created attachment 13136 [details]
SMTP TLS partial capture
Build Information:
TShark 1.12.1 (Git Rev Unknown from unknown)
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.40.0, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with
Lua
5.2, without Python, with GnuTLS 3.3.7, with Gcrypt 1.6.2, with MIT Kerberos,
with GeoIP.
Running on Linux 3.16-2-amd64, with locale en_US.UTF-8, with libpcap version
1.6.2, with libz 1.2.8.
Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Built using gcc 4.9.1.
--
If the SMTP decoder misses the STARTTLS part of the protocol, it can dump
binary data to the terminal which can mess it up.
Attached is a single frame from an SMTP TLS transaction on my mailserver that
reproduces the issue cleanly. I can also attach the full SMTP TLS transaction,
but tshark handles that just fine.
$ tshark -n -r smtptls.pcap
1 0.000000 2600:3c03::f03c:91ff:fe96:b31a -> 2001:470:1f11:7b5::14 SMTP
1359 C: ��?����X6�B�x�6�(�����>��d|�:5CIs�`�r��5�������W (it keeps going, no
reason to paste it all)
It varies a little bit sometimes it looks more like this:
$ tshark -n -r smtptls.pcap
1 0.000000 2600:3c03::f03c:91ff:fe96:b31a -> 2001:470:1f11:7b5::14 SMTP
1359 C: ô?¿¬íX6Bäxæ6(¤ë枵>d|Ö:5CIs¡`½ré×5û¶¯ôW
tshark 1.10.7, 1.10.10, and 1.12.1 are all affected. I'm not really sure where
it started, but FWIW tshark 0.99.5 handled it fine:
# tshark -n -r smtptls.pcap
1 0.000000 2600:3c03::f03c:91ff:fe96:b31a -> 2001:470:1f11:7b5::14 SMTP
Message Body
You are receiving this mail because:
- You are watching all bug changes.