https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5469
Summary: fix for malformed VNC handshake
Product: Wireshark
Version: 1.4.2
Platform: Other
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: bunzel@xxxxxxxxx
Created an attachment (id=5578)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5578)
most straightforward patch fixing the issue for me
Build Information:
wireshark 1.4.2, built from source
--
I have come across a .pcap file containing VNC traffic where the dissector
output stops right after the first packet, which is the server initializing the
handshake.
Viewing the traffic in a hex editor, it appears that the client violated the
RFB specification by ending its handshake with 0x00 instead of 0x0a. The server
didn't mind, though, and resumed the session normally. I must admit that I do
not know which client was used in this session, but I could try to find out if
you require this information.
It's up to you whether wireshark will support this deviation from the spec or
this issue is a WONTFIX, but IMHO there should at least be a diagnostic message
when this occurs.
I've attached a very simple patch against 1.4.2 that fixes the issue for me.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
