Wireshark's SIP dissector is throwing an error on the RAck header field method name.
It shouldn't, because the message's header is correctly formed, but there's a bug in packet-sip.c:
for case POS_RACK, when it goes to add the method name, it's using '(int)linelen-sub_value_offset' for the length argument to proto_tree_add_item(),
but should be using '(int)value_len-sub_value_offset'.
patch:
Index: epan/dissectors/packet-sip.c
===================================================================
--- epan/dissectors/packet-sip.c (revision 47899)
+++ epan/dissectors/packet-sip.c (working copy)
@@ -2734,7 +2734,7 @@
{
proto_tree_add_item(rack_tree, hf_sip_rack_cseq_method, tvb,
value_offset + sub_value_offset,
- (int)linelen-sub_value_offset, ENC_ASCII|ENC_NA);
+ (int)value_len-sub_value_offset, ENC_ASCII|ENC_NA);
}
break;
-hadriel
On Feb 28, 2013, at 1:21 AM, Lohith HS <lohith.hs@xxxxxxxxxxxxxxxxxx> wrote:
> Hi ,
>
> I am getting malformed packet in SIP message(PRACK) in wireshark 1.6.7 version.
> But if i see the same capture in 0.9 version , there is no malformed packet issue.
> Pls can anyone tell me what is the issue.i have attached the capture file.
>
>
> Thanks,
> Lohith
> <sip_prack_malformed.pcap >___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
