Hi,
You should try to see in packet-giop.c what happens after the output of:
ServiceContextList
Sequence Length: 0
My guess is that a sequence length of zero isn't handled properly. I have little time to look at this currently...
BR
Anders
________________________________
Från: wireshark-dev-bounces@xxxxxxxxxxxxx genom Andy.Ling@xxxxxxxxxxx
Skickat: to 2006-12-07 14:56
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Malformed packets in CORBA protocol plugin
wireshark-dev-bounces@xxxxxxxxxxxxx wrote on 07/12/2006 12:52:43:
> Hi,
> Perhaps a fault in the GIOP dissector. Can you send the text output of
> the failed decoding?
> BR
> Anders
>
I'm not 100% sure which bit you are after, but the packet
bytes look like :-
Frame 199 (130 bytes on wire, 130 bytes captured)
0000 00 01 af 15 fd df 00 30 48 12 04 d4 08 00 45 00 .......0H.....E.
0010 00 74 11 d2 40 00 80 06 9a e6 0a a5 0b 78 0a a5 .t..@........x..
0020 2d 0a 04 87 04 04 20 52 7c 07 0d a9 71 d6 50 18 -..... R|...q.P.
0030 fd bb 8e 33 00 00 47 49 4f 50 01 02 01 00 40 00 ...3..GIOP....@.
0040 00 00 ec 00 00 00 03 00 00 00 00 00 00 00 1b 00 ................
0050 00 00 14 01 0f 00 52 53 54 45 6d a5 36 00 05 98 ......RSTEm.6...
0060 4a 00 00 00 01 00 00 00 01 00 00 00 02 00 0b 00 J...............
0070 00 00 67 65 74 52 65 66 54 69 6d 65 00 00 00 00 ..getRefTime....
0080 00 00 ..
And the decode window above shows:-
General Inter-ORB Protocol Request
Request id: 236
Response flags: SYNC_WITH_TARGET (3)
Reserved: 0 0 0
TargetAddress Discriminant: 0
KeyAddr (object key length): 27
KeyAddr (object key): ....RSTEm.6...J............
Operation length: 11
Request operation: getRefTime
ServiceContextList
Sequence Length: 0
[Malformed Packet: Q_QUENTINV3]
If I turn off our Q_QUENTINV3 protocol then the last line is not printed.
Another bit of information that might help. If I set the filter to giop
then the info in the main window looks like :-
Q_QUENTINV3 GIOP 1.2 Request 236: getRefTime[Malformed Packet]
Without the giop filter the "[Malformed Packet]" string is missing
Regards
Andy Ling
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
<<winmail.dat>>