Wireshark-commits: [Wireshark-commits] rev 19952: /trunk/epan/dissectors/ /trunk/epan/dissectors/:
Date: Tue, 21 Nov 2006 21:11:20 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=19952

User: sahlberg
Date: 2006/11/21 09:11 PM

Log:
 fix for bug 1226:
 reported by Benjamin Meyer  
 
 WireShark marks DCE RPC FACKs as "malformed" if they do not have a body.
 According to DCE RPC Spec. 1.1 FACKs "may contain" a body PTU.
 
 I am unable to build WireShark (lack of time to install all neccessary stuff)
 but I looked at the SourceCode. I think, at least this has to be fixed:
 
 file: epan/dissectors/packet-dcerpc.c
 function: static gboolean dissect_dcerpc_dg (tvbuff_t *tvb, packet_info *pinfo,
 proto_tree *tree)
 
 *snip*
 case PDU_FACK
 dissect_dcerpc_dg_fack (tvb, offset, pinfo, dcerpc_tree, &hdr); 
 break;
 *snap*
 
 I guess, it should look like "case PDU_NOCALL:" directly above.

Directory: /trunk/epan/dissectors/
  Changes    Path               Action
  +4 -1      packet-dcerpc.c    Modified