https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7198
Summary: Megaco parser problem with LF in header
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: TShark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: bp245@xxxxxxxxxxx
Created attachment 8321
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8321
Fix for Megaco parser bug if there's an LF in the header
Build Information:
TShark 1.7.2 (SVN Rev 42234 from /trunk)
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.24.2, with libpcap, with libz 1.2.3.4, without
POSIX capabilities, without SMI, without c-ares, without ADNS, without Lua,
without Python, without GnuTLS, without Gcrypt, without Kerberos, without
GeoIP.
Running on Linux 2.6.32-5-amd64, with locale en_US.UTF-8, with libpcap version
1.1.1, with libz 1.2.3.4.
Built using gcc 4.4.5.
--
There is a bug in the Megaco protocol dissector for the Megaco text encoding
(packet-megaco.c).
If the Megaco message header contains a space and a line feed (0x20 0x0a)
combination between the Version and the mId fields, the parser fails.
The H.248.1 ABNF defines:
Message = MegacopToken SLASH Version SEP mId SEP messageBody
The handling of the first SEP is incorrect. A SEP may be any combination of
white spaces incl. line break characters (0x20, 0x09, 0x0a, 0x0d). If the
message starts with MEGACO/2 \r<mid>\rReply... the dissector adds the string
"Sorry, can't understand errorDescriptor / transactionList = <m, can't parse it
pos 10" to the tree.
The bug exists at least in version 1.2.11, 1.6.5 and in SVN. I will attach a
patch to packet-megaco.c that will fix the issue.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
