https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4982
Summary: omapi dissector fails to parse combined initialization
messages
Product: Wireshark
Version: 1.0.2
Platform: x86
OS/Version: Debian
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: h.grohne@xxxxxxxxxxxxxxxxx
Build Information:
Used Debian build 1.0.2-3+lenny9. Bug applies to SVN too as can be seen by
reading the source.
--
While establishing an omapi connection the startup message can be combined with
a subsequent message in one packet. However the omapi dissector determines the
presence of a startup message on the size of the packet. If the packet is
combined the dissection is garbled, because it the packet is dissected as a
normal omapi message, but the omapi message is really offset by another 8
bytes.
Proposed solution:
In addition to checking the size of the packet a heuristic could be used. For
instance with the current parsing the opcode is 0, because the authid is 0 (it
is always 0 at the start of a connection) and so is the handle. So opcode = 0
is a little indicator for this case.
The content for an example packet can be seen here:
v the omapi message really starts here
0000 00 00 00 64 00 00 00 18 00 00 00 00 00 00 00 00 ...d............
0010 00 00 00 01 00 00 00 00 6b 8b 45 67 00 00 00 00 ........k.Eg....
0020 00 04 74 79 70 65 00 00 00 0d 61 75 74 68 65 6e ..type....authen
0030 74 69 63 61 74 6f 72 00 00 00 04 6e 61 6d 65 00 ticator....name.
0040 00 00 08 64 65 66 6f 6d 61 70 69 00 09 61 6c 67 ...defomapi..alg
0050 6f 72 69 74 68 6d 00 00 00 19 68 6d 61 63 2d 6d orithm....hmac-m
0060 64 35 2e 53 49 47 2d 41 4c 47 2e 52 45 47 2e 49 d5.SIG-ALG.REG.I
0070 4e 54 2e 00 00 NT...
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
