Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1947] New: VNC dissector does not decode properly non-authenticated VNC sessio

Wireshark-bugs: [Wireshark-bugs] [Bug 1947] New: VNC dissector does not decode properly non-auth

Date: Sat, 27 Oct 2007 20:50:42 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1947

           Summary: VNC dissector does not decode properly non-authenticated
                    VNC sessions
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mykaul@xxxxxxxxx


Build Information:
C:\wireshark\wireshark-gtk2>tshark.exe -v
TShark 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.2, with WinPcap (version unknown), with libz 1.2.3,
with

libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with
Gcrypt 1.2.3, with MIT Kerberos.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5.

Built using Microsoft Visual C++ 8.0 build 50727
--
The dissector is actually written quite badly (no offense). It is looking for
the first 9 packets, disregarding (almost) that there may be different states.
Two examples:
1. No authentication - (this bug) - if there's no authentication, the fifth
packet and on are not dissected properly. The code assumes there's always
authentication.
2. Different authentication methods - there might be other packets in between,
if there is some kind of authentication different than VNC auth.

The first issue is much more annoying and common than the 2nd one.
Anyway, I'd expect the code to be completely different: a client and server
state machine, where the state is saved in the per-conversation data. 
I've tried to change the dissector, but it's actually way too much re-writing,
which I rather not do as it may be incomplete and break more than it'll fix. 

I'd be very happy to test fixes, though!


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Follow-Ups:
- [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1946] eDonkey dissected as DNS
Next by Date: [Wireshark-bugs] [Bug 1897] eDonkey dissector update patch
Previous by thread: [Wireshark-bugs] [Bug 1946] eDonkey dissected as DNS
Next by thread: [Wireshark-bugs] [Bug 1947] VNC dissector does not decode properly non-authenticated VNC sessions
Index(es):
- Date
- Thread