http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2509
Summary: SCCP dissector - assoc->calling_ssn or assoc->called_ssn
leaks to next packets
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: j.pedro.fonseca@xxxxxxxxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Hi,
The SCCP dissector uses a global variable "assoc" to keep state information
about the packet being dissected. The fields "calling_ssn" and "called_ssn" are
used to make the decision on what subdissector to call next (for example,
ssn=142 means that the RANAP dissector must be used)
It appears that, in some cases, the assoc variable isn't cleared before
dissecting the next packet. This way, the calling_ssn or called_ssn fields keep
the values from the previous packet, and the wrong dissector is called.
The problem can be fixed by changing the lines:
if (called && assoc)
assoc->called_ssn = ssn;
else if (assoc)
assoc->calling_ssn = ssn;
to
if (called && assoc) {
assoc->called_ssn = ssn;
assoc->calling_ssn = INVALID_SSN;
} else if (assoc) {
assoc->calling_ssn = ssn;
assoc->called_ssn = INVALID_SSN;
}
Note that there are two instances of the above lines on the source code. Both
must be fixed.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
