Steve,
> Attached is a patch to fix bug #1163: "Dissector bug. ISO8073 COTP
> protocol." The SES dissector was incorrectly believing it had PDUs
> within the COTP PDUs. I added an additional heuristic check
> to see if
> the length of the SES PDU is 0, then return false since it
> can't be zero length.
This patch (r19733) breaks the dissection of X.400 and X.500 protocols, and
probably other things besides.
I think that the heuristic is incorrect.
Have a look at frame 20 in:
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=p77
2-transfer-success.pcap
There is a "Give Tokens PDU" which has a parameter length of 0 and then a
"DATA TRANSFER (DT) PDU", also with a parameter length of 0. Note the length
indicates the length of the parameter, not the session PDU.
A quick look at the standard for the content of a GIVE TOKENS SPDU (as an
example) says
"the parameter shall not be present if either:
1) Protocol Version 1 is selected; or
2) the GIVE TOKENS SPDU is being used to introduce a concatentated sequence
of SPDUs"
In this case both are true, so the parameter cannot be present and therefore
a length of 0 is perfectly valid.
If you want me to dig any deeper, let me know.
Thanks,
Graeme
