Wireshark-bugs: [Wireshark-bugs] [Bug 10559] New: IPv6 RPL option is read as less bytes than it
Date: Sat, 11 Oct 2014 08:48:10 +0000
Bug ID 10559
Summary IPv6 RPL option is read as less bytes than it is
Product Wireshark
Version 1.12.1
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter boaz.brickner@gmail.com

Created attachment 13159 [details]
IPv6 RPL option with data length of 7 bytes that is read as if it was with data
length of 4 bytes

Build Information:
Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
        Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net)

In the attached pcap file, there's an IPv6 packet with Hop-by-Hop Option
extension header with several option.
The 6th option is an RPL option.
The data length as written and parsed by Wireshark is 7 so the total length of
the option is 9 bytes, and it is marked correctly.
However, the next option is being read only 6 bytes after the RPL option's
start, instead of 9 bytes and is so read incorrectly.
You can see that when clicking on the two options there 3 bytes overlap between
them.


You are receiving this mail because:
  • You are watching all bug changes.