Wireshark-bugs: [Wireshark-bugs] [Bug 11634] ISIS Hello trigger Error/Malformed Packet length 16
Date: Mon, 26 Oct 2015 12:41:20 +0000

Comment # 2 on bug 11634 from
My analysis is the problem is ultimately with the following from
dissect_hello_checksum_clv():

<snip>
>    checksum = tvb_get_ntohs(tvb, offset);
>
>    /* the check_and_get_checksum() function needs to know how big
>        * the packet is. we can either pass through the pdu-len through several layers
>        * of dissectors and wrappers or extract the PDU length field from the PDU specific header
>        * which is offseted 17 bytes in IIHs (relative to the beginning of the IS-IS packet) */
>    pdu_length = tvb_get_ntohs(tvb, 17);
<snip>

In these two packets from the attached trace the actual pdu_length is at offset
9, not 17.  The value of the ISIS HELLO's PDU Length was previously extracted
as 173 from offset 9, not offset 17.  If we subtract 8 from the value extracted
from offset 9 (the real PDU length) we end up with a cooked pdu_length value
that passes the three tests at the top of check_and_get_checksum().

The quick fix to satisfy the attached trace is to replace the one line above in
dissect_hello_checksum_clv() with

    pdu_length = tvb_get_ntohs(tvb, 9) - 8;

But I'm not certain this is truly the proper fix with investigating the details
of the protocol.  I'm out of time to proceed until later this evening.


You are receiving this mail because:
  • You are watching all bug changes.