| Bug ID |
12508
|
| Summary |
Wireshark writes Enhanced Packet Blocks without Option field termination
|
| Product |
Wireshark
|
| Version |
2.0.4
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 14634 [details]
Trace file showing the problem.
Build Information:
Version 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz (with SSE4.2), with 8082MB of physical
memory.
--
Wireshark writes PCAP-NG files using Enhanced Packet Blocks (EPBs). At the end
of the EPB, just before the trailing Block Total Length, is an Options block.
If there are no options, the Option Block should have a single entry referred
to as opt_endofeopt. This entry should comprise 4 bytes of 0x00.
Wireshark does not add the opt_endofopt bytes to the EPB.
If another program writes EPBs with the opt_endofopt Option entry, Wireshark
misreads the blocks causing unpredictable errors.
You are receiving this mail because:
- You are watching all bug changes.
