Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6367] New: Correct IPv6 packet reported as malformed

Date: Tue, 20 Sep 2011 15:12:59 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6367

           Summary: Correct IPv6 packet reported as malformed
           Product: Wireshark
           Version: 1.6.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: eapache@xxxxxxxxx


Created an attachment (id=7060)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7060)
Dump file which reproduces the problem.

Build Information:
Version 1.6.1 (SVN Rev Unknown from unknown)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.5, with GLib 2.29.14, with libpcap 1.1.1, with
libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS 2.10.5, with
Gcrypt
1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 27
2011 11:30:44), without AirPcap.

Running on Linux 3.0.0-11-generic, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.10.5, Gcrypt 1.5.0.

Built using gcc 4.6.1.
--
If an IPv6 packet uses a protocol that is unknown to wireshark wireshark will
make guesses about the format of the packet and report the packet as malformed
if the incorrectly deduced fields contain unexpected values.

For every unknown protocol number wireshark guesses that it is an IPv6
extension header in which the first two bytes are a next header field and a
length field.

If the first byte of this unknown header happens to match a protocol number
that wireshark does know, it will proceed parsing data as if that protocol is
what it should have been parsing. In effect if the first guess was incorrect
wireshark will use a randomly chosen parser to parse at a random offset within
a packet of an unknown format.

Originally reported in Ubuntu by Kasper Dupont at:
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/854683

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.