Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6020] Lua pinfo.cols.protocol not holding value in postdis

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 8 Jul 2011 10:58:54 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6020

--- Comment #12 from Brian Douglass <brian.douglass@xxxxxxx> 2011-07-08 10:58:53 PDT ---
I've uploaded a cut down version of my dissector per request, along with a
compressed pcap file that I test with.  What my g2sTrivial.lua post dissector
does above and beyond the Trivial dissector is the following:
1) Pulls in xml.cdata from the xml dissector and transfers to a local variable.
2) Checks to see if local variable is nil inside IF THEN, and exits dissector
if true.
3) Converts local cdata to a string and searches for "gamingstandards.com"
4) IF not found THEN exit dissector.
5) Assign pinfo.cols.protocol="G2S"

So, accessing the xml.cdata, doing 2 IF THEN statements and a string conversion
are about all that is different from the Trivialproto.lua file.  Yet, the
assignment of "G2S" to the pinfo.cols.protocol doesn't hold.  On screen it all
shows up as HTTP/XML except for the first packet.  These are reassembled PDUs.

I've also uploaded Trivialproto2.lua.  I changed the IF THEN statements to
always be true, added assignments to protocol inside and outside the IF
statement, and by commenting out down stream assignments, EVERYTHING WORKS! I
get Trivial4, Trivial6, or Trivial8 displaying on screen depending which is the
last one uncommented.

The original Trivialproto.lua had an IF tcp_src THEN that sometimes was true,
sometime not, this seemed to impact whether Trival2 got overwritten by Trivial4
or not; that even when tcp_src was true, assigning Trivial4 would occasionally
be ignored.

My gut tells me a pointer is being overwritten, or some set of malloced memory
is being written out of bounds and thereby destroying a pointer.  One of my
colleagues attempted to build a development environment and was unsuccessful. 
Maybe when I have more time I'll give it a try and see what's going on from the
backside.  

I do appreciate your time and attention to this matter.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube