Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4701] New: X11 ChangeProperty reports bogus "Malformed Pac

Date: Tue, 20 Apr 2010 10:54:16 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4701

           Summary: X11 ChangeProperty reports bogus "Malformed Packet"
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: peter.harris@xxxxxxxxxxxxxxx


Created an attachment (id=4547)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4547)
Fix dissection of X11 ChangeProperty "data" field

Build Information:
wireshark 1.3.5 (SVN Rev 32523 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.12, with GLib 2.16.6, with libpcap 0.9.8, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, with ADNS, with Lua 5.1, without Python, with GnuTLS 2.4.2, with Gcrypt
1.4.1, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap,
with new_packet_list.

Running on Linux 2.6.32-3-686, with libpcap version 0.9.8, with libz 1.2.3.3,
GnuTLS 2.4.2, Gcrypt 1.4.1.

Built using gcc 4.3.2.

--
The ChangeProperty request always calls LISTofBYTE, which always tries to
dissect at least one byte, even when the request is empty. This causes
Wireshark to put a big, red, scary "Malformed Packet" entry in the dissection.

Also, ChangeProperty only dissects (data_length) bytes. data_length is "number
of units", and units may be 16 or 32-bit entities. In this case, the dissected
data will be truncated.

First reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4481#c10

The attached patch fixes these two bugs.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.