Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2946] New: Fixes for two bugs dealing with adaption fields

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 8 Oct 2008 15:16:10 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2946

           Summary: Fixes for two bugs dealing with adaption fields in MPEG2
                    Transport Streams (packet-mp2t.c)
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mkazmier@xxxxxxxxx



Mike Kazmier <mkazmier@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2326|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=2326)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2326)
Diff file which pataches against r26328 for both issues.

Build Information:
wireshark 1.1.2 (SVN Rev 26328)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.11, with GLib 2.16.5, with libpcap 0.9.8, with libz
1.2.3, with POSIX capabilities (Linux), with libpcre 7.7, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.4.0,
without
Kerberos, with PortAudio <= V18, without AirPcap.

Running on Linux 2.6.25-gentoo-r7, with libpcap version 0.9.8.

Built using gcc 4.1.2 (Gentoo 4.1.2 p1.1).

--
In using wireshark to dissect MPEG2 Transport Streams from various encoding
vendors, we ran across a number of packets that were being labeled as
"malformed" when indeed the transport stream structure was in tact.  I was able
to find and correct these problems.

The first problem stemmed from when an Adaptation Field did not consume the
entire packet (ie, mixed with normal payload) and there were 3 or less bytes of
payload.  This caused a broken IF compare which stopped dissecting the packet.

The second problem is with packets that have an Adaptation Field Length of 0. 
While uncommon, it is possible.  In a capture of 50,000 packets from one
encoding vendor, there were two of these such packets.  Per the spec
(referenced in the comment in the patch) this is legal, so I added logic to
handle this situation.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube