Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6898] RTMPT OutOfMemory - Buildbot crash output: fuzz-2012

Date: Thu, 12 Apr 2012 15:28:06 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6898

--- Comment #6 from Guy Harris <guy@xxxxxxxxxxxx> 2012-04-12 15:28:05 PDT ---
(In reply to comment #4)
> Since RTMPT is a TCP protocol, does it make sense to have it use
> tcp_dissect_pdus() rather than have its own packet reassembly (where presumably
> the large memory allocation happens)?  I think tcp_dissect_pdus may be smarter
> with the memory usage, although I don't know RTMPT, so I'm not sure if it makes
> sense for the protocol.

At least according to

    http://osflash.org/documentation/rtmp

the initial handshake messages have fixed lengths (1537 bytes - one byte of
0x03 followed by 1536 bytes - for the initial client->server message; 3073
bytes - one byte of 0x03 followed by two 1536-byte blobs - for the
server->client response; 1536 bytes for the final client->server message).

Following that, all messages are in the same format; the first byte of the
packet gives the header length, and, for 8-byte or 12-byte headers, the next 7
bytes include the object body length.  For shorter headers, the body length "is
the same size as the last AMF sent with the same AMF number".

So this isn't *quite* what tcp_dissect_pdu() was written to handle - the
minimum packet length is 1 byte, but once you've determined the header length
from that, you might not have the full packet length, and might have to get the
next 6 bytes before you have that.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.