https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2710
Summary: ERF wiretap mishandles PAD records
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: stephen@xxxxxxxxxx
Stephen Donnelly <stephen@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2005| |review_for_checkin?
Flag| |
Created an attachment (id=2005)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2005)
Correct TYPE_PAD handling
Build Information:
wireshark 1.0.99 (SVN Rev 25732)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.9, with GLib 2.16.3, with libpcap 0.9-PRE-CVS, with
libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.4, without SMI, with
ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.2.4, with MIT Kerberos,
with
PortAudio V19-devel (built Mar 12 2008), without AirPcap.
Running on Linux 2.6.24-12-generic, with libpcap version 0.9-PRE-CVS.
Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7).
--
ERF files can contain records of type TYPE_PAD. These records are not related
to captured packets, have a zero timestamp value and no associated packet data.
Normally TYPE_PAD records are stripped out during capture, but in rare cases
unstripped files may exist.
Previously wiretap/erf.c generated an 'unknown record encapsulation' error when
encountering TYPE_PAD records.
With this patch Wireshark skips over any TYPE_PAD records within ERF traces
files without reporting an error. TYPE_PAD records are not counted, displayed
or decoded.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
