Wireshark mailing list archives
[BUG] BJNP protocol (maybe overflow)
From: Ershov Pavel <owner.mad.epa () gmail com>
Date: Sat, 9 Jan 2010 16:06:19 +0300
If you send a packet protocol BJNP (which sends CUPS), then wireshrk displays it incorrectly. When sending multiple identical packets, displaying changes. To reproduce this situation, you can use the following code: #include <pcap.h> int send_packet(unsigned char *data, int len) { char *dev = "eth2"; char *errbuf; pcap_t *open_live = pcap_open_live(dev, 65535, 1, 1000, errbuf); pcap_sendpacket(open_live, data, len); return 0; } int main(int argc, char *argv[]) { unsigned char bjnp_bad[] = "\xff\xff\xff\xff\xff\xff\x0a\x00\x27\x00\x00\x00\x08\x00\x45\x00" "\x00\x2c\x00\x00\x40\x00\x40\x11\x48\x70\xc0\xa8\x38\x01\xc0\xa8" "\x38\xff\x8b\x5a\x21\xa3\x00\x18\xce\xd2\x42\x4a\x4e\x50\x01\x01" "\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"; send_packet(bjnp_bad, sizeof(bjnp_bad)); return 0; } Wireshrk displays them in a way (all packets identical): http://img94.imageshack.us/img94/4608/wireshrk.png Sorry for my bad english. Version 1.2.1 Copyright 1998-2009 Gerald Combs <gerald () wireshark org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.12, with GLib 2.16.6, with libpcap 1.0.0, with libz 1.2.3, with POSIX capabilities (Linux), with libpcre 7.7, without SMI, without c-ares, without ADNS, without Lua, with GnuTLS 2.6.2, with Gcrypt 1.4.0, without Kerberos, with GeoIP, without PortAudio, without AirPcap. Running on Linux 2.6.29.5-smp, with libpcap version 1.0.0, GnuTLS 2.8.4, Gcrypt 1.4.4. Built using gcc 4.2.4. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- [BUG] BJNP protocol (maybe overflow) Ershov Pavel (Jan 09)
- Re: [BUG] BJNP protocol (maybe overflow) Stephen Fisher (Jan 09)
- <Possible follow-ups>
- [BUG] BJNP protocol (maybe overflow) Ershov Pavel (Jan 09)