Wireshark-dev: [Wireshark-dev] Issue about tvb_reported_length_remaining() and tvb_captured_len
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "qiangxiong.huang" <qiangxiong.huang@xxxxxx>
Date: Sat, 27 Mar 2021 18:47:21 +0800

Hi, 

I reproduced this issue (https://gitlab.com/wireshark/wireshark/-/issues/17255) in windows. It report error like this:

User Datagram Protocol, Src Port: 54046, Dst Port: 8129
Tutorial AddressBook Encapsulated With CRC
    Magic: ADDR
    Data Length: 157
    CRC: 2831742514 -- Actually, this field is after the tutorial.AddressBook field
    Payload tutorial.AddressBook (real: 157 bytes, reported: 161 bytes, remaining:  161 bytes)
    Protocol Buffers: tutorial.AddressBook -- 157 bytes
[Packet size limited during capture: ProtoBuf truncated] --**actually, only 157 bytes in tvb, but reported_length(_remaining) is 161 bytes**

Problem will disappear if I replace the tvb_reported_length_remaining in https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-protobuf.c#L1427 with tvb_captured_length_remaining.

But I'm not sure if the bug is in the code about Lua or packet-protobu.c. Because I think the captured_length of the sub tvb passed from lua to protobuf dissector should equal to reported_length if there's no truncate data in UDP packet.

The UDP data format of frame No.11 of https://gitlab.com/wireshark/wireshark/uploads/690b015d92e14b48a06591e298210eae/addrbook_simple.pcap is:

|<- 4 bytes ->|<--- 4 bytes ---->|<------ 157 bytes ------>|<- 4 bytes ->| 
--------------------------------------------------------------------------
| Magic: ADDR | Data Length: 157 | Payload (Protobuf Data) |     CRC     |
--------------------------------------------------------------------------

Lua call protobuf dissector by code:

    local req_len = tvb(4,4):uint()
    -- req_len is 157
    local payload = tvb(4+4,req_len)
    local payload_tvb = payload:tvb()
    pcall(Dissector.call, protobuf_dissector, payload_tvb, pinfo, subtree)

Try to print in lua:

  • payload_tvb:len() is 157 bytes
  • payload_tvb:reported_len() is 161 bytes
  • payload_tvb:reported_length_remaining() 161 bytes (**I think reported_len() and remaining reported length (from offset 0) must equal to len() here**)

Try to print in protobuf:

  • tvb_captured_length(tvb) is 157 bytes
  • tvb_reported_length_remaining(tvb, 0) is 161 bytes (**that cause the parsing failure**).

Where is the bug? If it a bug belongs to packet-protobuf.c, I can submit a merge for it. But If it belongs to wslua_tvb.c, who familiar with the code wslua_tvb.c may help fix.