Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-users: [Ethereal-users] ethereal-0.9.5: ppp fcs misread

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Hidetaka OGAWA <ogawa@xxxxxxxxxxxxxxxxxx>
Date: Fri, 2 Aug 2002 20:30:56 +0900
Hi, ethereal users and developers,

Ethereal-0.9.5 has a minor bug that is misread PPP FCS with
the Address-Control-Field (0xff,0x03) preceded packet.
Starting offset and check length are wrong.

[PPP packet sample, Length=n, fcs16]
  7eff03c021010100xx...xx(fcs)7e

[INCORRECT: ethereal-0.9.5]
  7eff03c021010100xx...xx(fcs)7e
        <--------------->         check (n-6) from protocol-field

[CORRECT]
  7eff03c021010100xx...xx(fcs)7e
    <------------------->         check (n-4) octets from flag (0x7e)

As you know, on HDLC like framing, PPP/LCP packet must be set
the Address-Control-Field (0xff,0x03) prior to the Protocol-
Field.

Best regards and thank you,
Hidetaka OGAWA
NEC Software Kyushu, Ltd.

---- cut here ----

diff -uarw ethereal-0.9.5/packet-ppp.c ethereal-0.9.5-ppp-fcs-fix/packet-ppp.c
--- ethereal-0.9.5/packet-ppp.c 2002-05-23 10:52:42.000000000 +0900
+++ ethereal-0.9.5-ppp-fcs-fix/packet-ppp.c     2002-08-02 15:16:24.000000000 +0900
@@ -1295,7 +1295,7 @@
 fcs16(register guint16 fcs, tvbuff_t * tvbuff)
 {
     int offset = 0;
-    guint len = tvb_length(tvbuff);
+    guint len = tvb_length(tvbuff)-2;
     guint8 val;
 
     /* Check for Invalid Length */
@@ -1319,7 +1319,7 @@
 fcs32(guint32 fcs, tvbuff_t * tvbuff)
 {
     int offset = 0;
-    guint len = tvb_length(tvbuff);
+    guint len = tvb_length(tvbuff)-4;
     guint8 val;
 
     /* Check for invalid Length */
@@ -2706,7 +2706,7 @@
        * Compute the FCS and put it into the tree.
        */
       rx_fcs_offset = proto_offset + len;
-      rx_fcs_exp = fcs16(0xFFFF, next_tvb);
+      rx_fcs_exp = fcs16(0xFFFF, tvb);
       rx_fcs_got = tvb_get_letohs(tvb, rx_fcs_offset);
       if (rx_fcs_got != rx_fcs_exp) {
         proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 2,
@@ -2758,7 +2758,7 @@
        * Compute the FCS and put it into the tree.
        */
       rx_fcs_offset = proto_offset + len;
-      rx_fcs_exp = fcs32(0xFFFFFFFF, next_tvb);
+      rx_fcs_exp = fcs32(0xFFFFFFFF, tvb);
       rx_fcs_got = tvb_get_letohl(tvb, rx_fcs_offset);
       if (rx_fcs_got != rx_fcs_exp) {
         proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 4,

---- cut here ----