Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5464] New: AIM dissector has some endian issues

Date: Fri, 3 Dec 2010 00:47:04 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5464

           Summary: AIM dissector has some endian issues
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: All
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: Trivial
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mscdex@xxxxxxxxxx


Build Information:
Version 1.5.0-SVN-35105 (SVN Rev 35105 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.16.6, with GLib 2.24.2, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, without Kerberos, with GeoIP, with PortAudio V19-devel (built Dec 
2 2010), with AirPcap.

Running on Windows XP Professional x64 Edition Service Pack 2, build 3790, with
WinPcap version 4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version
1.0 branch 1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
There is an endian issue when "AIM Messaging, Parameter Info" (family 0x0004,
subtype 0x0005) and "AIM Messaging, Set ICBM Parameter" (family 0x0004, subtype
0x0002) details are added to the packet info in the bottom pane.

For example: when clicking on the channel value tree item, the correct value is
highlighted in the hex dump (say 00 04), but the tree item says, "Channel:
Unknown (0x0400)" which is an invalid channel number for this type of response.
The same issue exists for the "Max SNAC Size", "Max sender warn level", "max
receiver warn level", and "Minimum message interval (milliseconds)" fields in
that same section.

Also, the "Message Flags" field seems to be shown correctly for "Parameter
Info" but not for "Set ICBM Parameter" messages.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.