Wireshark mailing list archives

Re: malformed packet

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Thu, 28 Feb 2013 09:15:18 +0100

2013/2/28 Hadriel Kaplan <HKaplan () acmepacket com>


Wireshark's SIP dissector is throwing an error on the RAck header field
method name.
It shouldn't, because the message's header is correctly formed, but
there's a bug in packet-sip.c:
for case POS_RACK, when it goes to add the method name, it's using
'(int)linelen-sub_value_offset' for the length argument to
proto_tree_add_item(),
but should be using '(int)value_len-sub_value_offset'.

patch:
Index: epan/dissectors/packet-sip.c
===================================================================
--- epan/dissectors/packet-sip.c        (revision 47899)
+++ epan/dissectors/packet-sip.c        (working copy)
@@ -2734,7 +2734,7 @@
                                                {

proto_tree_add_item(rack_tree, hf_sip_rack_cseq_method, tvb,

  value_offset + sub_value_offset,
-
  (int)linelen-sub_value_offset, ENC_ASCII|ENC_NA);
+
  (int)value_len-sub_value_offset, ENC_ASCII|ENC_NA);
                                                }

                                                break;

Hi Hadriel,


Thanks for the patch! I committed it in revision 47936 and scheduled it for
backport in 1.8.6 and 1.6.14.

Regards,
Pascal.

On Feb 28, 2013, at 1:21 AM, Lohith HS <lohith.hs () globaledgesoft com>
wrote:

Hi ,

   I am getting malformed packet in SIP message(PRACK) in wireshark

1.6.7 version.

   But if i see the same capture in 0.9 version ,  there is no malformed

packet issue.

   Pls can anyone tell me what is the issue.i have attached the capture

file.



Thanks,
Lohith
<sip_prack_malformed.pcap
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org

?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

malformed packet Lohith HS (Feb 27)
- Re: malformed packet Jaap Keuter (Feb 27)
- Re: malformed packet Hadriel Kaplan (Feb 27)
  - Re: malformed packet Pascal Quantin (Feb 28)
    - Re: malformed packet Lohith HS (Feb 28)