Wireshark-bugs: [Wireshark-bugs] [Bug 5997] New: Modbus/TCP: Calculating the drop-out criteria f
Date: Mon, 6 Jun 2011 01:33:55 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5997

           Summary: Modbus/TCP: Calculating the drop-out criteria for
                    special data dissection fails.
           Product: Wireshark
           Version: 1.6.0
          Platform: x86-64
        OS/Version: Ubuntu
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=6466)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6466)
Changes the dropout criteria before other dissectors are being called.

Build Information:
TShark 1.7.0 (SVN Rev 37562 from /trunk)

Copyright 1998-2011 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.26.1, with libpcap 1.1.1, with libz 1.2.3.4, with
POSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with c-ares 1.7.3,
with Lua 5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP.

Running on Linux 2.6.35-28-generic, with libpcap version 1.1.1, with libz
1.2.3.4.

Built using gcc 4.4.5.
--
Using ( ( payload_start + payload_len ) > reported_len ) fails, because, that
will be true most of the time, as payload_len, usually is reported_len.

What the function should catch, are wrongly assigned payload_start and if
(payload_start + payload_len) is 0. Both cases happen usually during
fuzz-testing, and do not normally occur in real life.

The dropout if-statement is reduced to check if the payload_len is not equal
the reported_len.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.