Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4263] New: eDonkey Protocol Dissected Incorrectly

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 24 Nov 2009 15:54:43 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4263

           Summary: eDonkey Protocol Dissected Incorrectly
           Product: Wireshark
           Version: 1.3.x (Experimental)
          Platform: x86
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ajean@xxxxxxxxxxxxxxxxx



Andrew <ajean@xxxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3993|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3993)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3993)
Corrected eDonkey dissector source

Build Information:
Version 1.3.3 (SVN Rev 31066 from /trunk)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.2, with GLib 2.22.1, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares,
without ADNS, without Lua, without Python, without GnuTLS, with Gcrypt 1.4.4,
with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap, with
new_packet_list.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Darwin 10.0.0 (MacOS 10.6.1), with libpcap version 1.0.0, Gcrypt
1.4.4.

Built using gcc 4.2.1 (Apple Inc. build 5646)
--
When dissecting an eDonkey "Request Parts" message, Wireshark incorrectly reads
3 offset start/end pairs when the actual number can be 1-3 pairs.  A quick
rewrite can fix this, as demonstrated below.  The following is a suggested
change to the function dissect_edonkey_tcp_message found in
trunk/epan/dissectors/packet-edonkey.c line 1746.  The suggested change should
occur around line 1885.

case EDONKEY_MSG_REQUEST_PARTS:  
/* Request Parts: <File hash> <Start offset>(3) <End offset>(3) */
{
  int pairs, count=0;
  offset = dissect_edonkey_file_hash(tvb, pinfo, offset, tree);
  pairs = (msg_end - offset) / 8;

  for(count=0; count < pairs; count++)
  {
    offset = dissect_edonkey_start_offset(tvb, pinfo, offset, tree);
  }
  for(count=0; count < pairs; count++)
  {
    offset = dissect_edonkey_end_offset(tvb, pinfo, offset, tree);
  }
  break;
}

For convenience, I have made this change and attached the file in question.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube