Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2505] New: RTP header extensions with length> 4 bytes diss

Date: Sun, 27 Apr 2008 01:25:45 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2505

           Summary: RTP header extensions with length>4 bytes dissected
                    incorrectly
           Product: Wireshark
           Version: 1.0.0
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: alon@xxxxxxxxxxx


Created an attachment (id=1743)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1743)
RTP packet with 32-byte RTP header extension

Build Information:
Version 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Overview: RTP header extensions that are longer than 4 bytes (rtp.ext.len > 1)
get dissected incorrectly. The first 4 bytes of the header extension are
repeated rtp.ext.len times, and the remaining bytes are ignored.

Steps to reproduce:
1) Open the attached PCAP file (rtp-hdr-ext-8.pcap).
2) Select the ANALYZE -> DECODE AS... menu.
3) On the TRANSPORT tab, select "RTP" and click OK.
4) In the protocol tree, "Real-Time Transport Protocol" field, expand the
"Header extensions" node.

Actual results:
All 8 header extensions display the same value (4369, or 0x0011).

Expected results:
Each header extension node should display a different value. Extension 1 should
be 0x0011, extension 2 should be 0x2233, and so on, until extension 8, which
should be 0xeeff.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.