Wireshark-bugs: [Wireshark-bugs] [Bug 11915] New: GIOP traffic appears to crash Wireshark 2.0 GU
Bug ID |
11915
|
Summary |
GIOP traffic appears to crash Wireshark 2.0 GUI, Windows
|
Product |
Wireshark
|
Version |
2.0.0
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Qt UI
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
russelldelong@hotmail.com
|
Build Information:
Version 2.0.0 (v2.0.0-0-g9a73b82 from master-2.0)
Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz (with SSE4.2), with 8097MB of
physical memory.
Built using Microsoft Visual C++ 12.0 build 31101
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The following appears to reliably create a GUI crash scenario in Wireshark 2.0:
- Create a packet capture using dumpcap on a server running Wireshark 1.8.6.
- Ensure that the traffic captured includes some Corba traffic, GIOP protocol
(in my examples, TCP 15000).
- Download the resulting capture file to a laptop running Wireshark 2.0 on
Windows.
- Attempt to read the file, either using GTK/Legacy or Qt, in Windows.
I can also say that the following appear to be true based on testing:
- The packet capture file can be read successfully with Tshark on the laptop
running 2.0.
- The file can be read without crashing in Wireshark 2.0 GUI as soon as I save
it with a '!giop' -Y filter in Tshark into a new file to get rid of any GIOP
traffic.
- The crash happens whether the file is pcap or pcapng file format.
Unfortunetly, I cannot include the packet contents due to confidentiality. It
was GIOP version 1.2 payload, simple request/reply traffic. I can also say that
the scenario appears to be 100% reproduceable in my environment. Also note, I
have NOT tested this in Linux environments.
You are receiving this mail because:
- You are watching all bug changes.