Wireshark mailing list archives
Re: malformed packet
From: Lohith HS <lohith.hs () globaledgesoft com>
Date: Thu, 28 Feb 2013 14:14:28 +0530
Hi Hadriel, Thanks for your reply.I will apply your patch. Thanks, Lohith On Thursday 28 February 2013 01:45 PM, Pascal Quantin wrote:
2013/2/28 Hadriel Kaplan <HKaplan () acmepacket com <mailto:HKaplan () acmepacket com>>Wireshark's SIP dissector is throwing an error on the RAck header field method name. It shouldn't, because the message's header is correctly formed, but there's a bug in packet-sip.c: for case POS_RACK, when it goes to add the method name, it's using '(int)linelen-sub_value_offset' for the length argument to proto_tree_add_item(), but should be using '(int)value_len-sub_value_offset'. patch: Index: epan/dissectors/packet-sip.c =================================================================== --- epan/dissectors/packet-sip.c (revision 47899) +++ epan/dissectors/packet-sip.c (working copy) @@ -2734,7 +2734,7 @@ {proto_tree_add_item(rack_tree, hf_sip_rack_cseq_method, tvb, value_offset + sub_value_offset, - (int)linelen-sub_value_offset, ENC_ASCII|ENC_NA); + (int)value_len-sub_value_offset, ENC_ASCII|ENC_NA);} break; Hi Hadriel,Thanks for the patch! I committed it in revision 47936 and scheduled it for backport in 1.8.6 and 1.6.14.Regards, Pascal. On Feb 28, 2013, at 1:21 AM, Lohith HS <lohith.hs () globaledgesoft com <mailto:lohith.hs () globaledgesoft com>> wrote: > Hi , > > I am getting malformed packet in SIP message(PRACK) in wireshark 1.6.7 version. > But if i see the same capture in 0.9 version , there is no malformed packet issue. > Pls can anyone tell me what is the issue.i have attached the capture file. > > > Thanks, > Lohith > <sip_prack_malformed.pcap >___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request () wireshark org <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org <mailto:wireshark-dev () wireshark org>> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org <mailto:wireshark-dev-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list<wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- malformed packet Lohith HS (Feb 27)
- Re: malformed packet Jaap Keuter (Feb 27)
- Re: malformed packet Hadriel Kaplan (Feb 27)
- Re: malformed packet Pascal Quantin (Feb 28)
- Re: malformed packet Lohith HS (Feb 28)
- Re: malformed packet Pascal Quantin (Feb 28)