https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6846
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Incompatible pcapng file |Pcap-NG files with SHB
|formats between wireshark |options longer than 100
|1.7.1-svn-4xxxx and |bytes aren't recognized as
|previous versions |pcap-NG files
--- Comment #4 from Guy Harris <guy@xxxxxxxxxxxx> 2012-02-15 22:37:03 PST ---
The problem is that the old code to read Section Header Blocks had a
fixed-length 100-byte buffer for options, and attempts to read SHBs with
options larger than 100 bytes fail - in a fashion that causes pcapng_open() to
fail, so the file is not recognized as a pcap-NG file.
The current dumpcap writes out SHBs with options larger than 100 bytes.
There are two problems here:
1) options larger than 100 bytes are valid according to the pcap-NG spec,
and the code to read pcap-NG files should handle them;
2) nothing short of an I/O error trying to read an SHB should cause a file
not to be recognized as a pcap-NG file as long as the first block has the block
type of an SHB and has a valid "byte order" field.
I'll backport the changes from the trunk to 1.6.x (and schedule it for 1.4.x)
to fix 1); I'll look at fixing 2) as well.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
