Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2180] New: RTCP frame length error indication in RTCP with

Date: Wed, 9 Jan 2008 10:33:50 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2180

           Summary: RTCP frame length error indication in RTCP with a Bye
                    chunk
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: hduarte@xxxxxxxxxxx


Build Information:
Version 0.99.6 (SVN Rev 22249)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When the RTCP packet has a BYE chunk included, there is an expert message "RTCP
frame length check: wrong", but the number of octets is correct.

That string isn't NULL terminated, but the code expects it to be. See
packet-rtcp.c:dissect_rtcp_bye(). It even counts that NULL byte, which doesn't
exist. Then the BYE message is expected to be padded out to fit word size.
Counting the non existing NULL byte makes it pad 3 more bytes to it, making it
invent the 4 bytes it misses from the expected length.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.