ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6950] New: Detecting malformed package dissection disables

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 14 Mar 2012 08:17:14 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6950

           Summary: Detecting malformed package dissection disables
                    dissector for WS session
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: rknall@xxxxxxxxx


Created attachment 8015
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8015
Sample capture demonstrating the behaviour of this bug.

Build Information:
TShark 1.7.1-SVN-41445 (SVN Rev 41445 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.26.1, with WinPcap (4_1_2), with libz 1.2.5,
without POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1,
without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6, without Kerberos, with
GeoIP.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008).

Built using Microsoft Visual C++ 9.0 build 21022
--
I verified this bug with both a Windows build, as well as the current SVN
version under Linux (Ubuntu x64).

1. Open the attached trace, all packages contain openSAFETY data, and for the
first two packages openSAFETY get's dissected correctly.
2. Select the 78th package. It has 192.168.1.17 as it's source, and is
malformed, due to a bug in the openSAFETY dissector (will be fixed soon)
3. No matter what you do next, opensafety will not be present anymore, as long
as you do not close wireshark. Add the display filter opensafety for instance,
no packages will be returned. As well as if you select any other package and
return to that specific package, opensafety will not be present as well.

I get that a malformed dissector can cause harm. But this seems to be very
drastic behaviour, as in the only thing, that will enable the dissector again,
is closing and reopening wireshark.

In my point of view, this is a bug.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube