[Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12958

--- Comment #19 from Martin Kacer  ---
If I remember correctly, the Elasticsearch accepts the duplicated fields in
JSON generated by -T ek. So for Elasticsearch there is no issue. But the
Elasticsearch does not accept nested fields. So the Elasticsearch json is
therefor flatten.

The issue is that some JSON parsers, for JSON generated by -T json|jsonraw does
not process duplicated fields. (as example, parser which process it, is the
python json package. As example of such parsing see
https://github.com/wireshark/wireshark/blob/master/tools/json2pcap/json2pcap.py)

Solution could be to put into array all the duplicated fields for -T
json|jsonraw output. However it could be quite complex in the code.

Other issue is that wireshark dissect packets and put base protocols into
ordered output but on the same root level. And there is no hierarchy (parent /
child) for these base protocols. E.g. for SCTP it can be difficult to see in
which chunk the upper protocol layer is. And the JSON format is not ordered. So
for such JSON tshark decoding/encoding it is better to keep the order.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13746] Dissectors using Decode As need to account for tunneling

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13746

Michael Mann  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Michael Mann  ---
Although not marked as an enhancement, I still see the fix as such, so I wasn't
intending on backporting it.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13746] Dissectors using Decode As need to account for tunneling

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13746

--- Comment #1 from Gerrit Code Review  ---
Change 21559 merged by Michael Mann:
Fix Decode As for protocols that may use tunneling.

https://code.wireshark.org/review/21559

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13755] New: [oss-fuzz] Allocation too large: 4294967295 > 2147483648 (0xffffffff > 0x80000000)

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755

Bug ID: 13755
   Summary: [oss-fuzz] Allocation too large: 4294967295 >
2147483648 (0x > 0x8000)
   Product: Wireshark
   Version: Git
  Hardware: x86-64
   URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=
2017
OS: Linux (other)
Status: CONFIRMED
  Severity: Major
  Priority: High
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: pe...@lekensteyn.nl
  Target Milestone: ---

Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-3724-g6607be77f3)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.52.2, with zlib 1.2.11, without SMI, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP,
with nghttp2 1.22.0, with LZ4, with Snappy, with libxml2 2.9.4.

Running on Linux 4.10.13-1-ARCH, with Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
(with SSE4.2), with 31996 MB of physical memory, with locale C, with libpcap
version 1.8.1, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with zlib 1.2.11.

Built using clang 4.2.1 Compatible Clang 4.0.0 (tags/RELEASE_400/final).
--
A problem was found by the oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2017

Attached is the sample that triggers this error which can be reproduced with an
ASAN+UBSAN build of Wireshark ("tshark -Vr test.pcap").
--
Allocation too large: 4294967295 > 2147483648 (0x > 0x8000)
#0 0x555a1da8c3e3 in __sanitizer_print_stack_trace (run/tshark+0x1973e3)
#1 0x7f498b08b8c6 in __sanitizer_malloc_hook (libmemlimit.so+0x8c6)
#2 0x555a1d9d08eb in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*) (run/tshark+0xdb8eb)
#3 0x555a1da7f9b4 in malloc (run/tshark+0x18a9b4)
#4 0x7f49722fb0c8 in g_malloc /build/src/glib/glib/gmem.c:94
#5 0x7f4980210dc3 in tvb_generic_clone_offset_len epan/tvbuff.c:390:20
#6 0x7f4980210d3c in tvb_clone_offset_len epan/tvbuff.c:411:9
#7 0x7f4980232936 in subset_clone epan/tvbuff_subset.c:94:9
#8 0x7f4980210d0c in tvb_clone_offset_len epan/tvbuff.c:406:16
#9 0x7f4980232936 in subset_clone epan/tvbuff_subset.c:94:9
#10 0x7f4980210d0c in tvb_clone_offset_len epan/tvbuff.c:406:16
#11 0x7f4980232936 in subset_clone epan/tvbuff_subset.c:94:9
#12 0x7f4980210d0c in tvb_clone_offset_len epan/tvbuff.c:406:16
#13 0x7f498019551e in fragment_add_seq_work epan/reassemble.c:1843:18
#14 0x7f498017a025 in fragment_add_seq_common epan/reassemble.c:1983:6
#15 0x7f498017a87f in fragment_add_seq_check_work epan/reassemble.c:2064:12
#16 0x7f498017a146 in fragment_add_seq_check epan/reassemble.c:2101:9
#17 0x7f497dd21635 in dissect_opensafety_ssdo_message
epan/dissectors/packet-opensafety.c:1284:32
#18 0x7f497dd08279 in dissect_opensafety_message
epan/dissectors/packet-opensafety.c:1894:13
#19 0x7f497dd03e52 in opensafety_package_dissector
epan/dissectors/packet-opensafety.c:2264:18
#20 0x7f497dcff652 in dissect_opensafety_udpdata
epan/dissectors/packet-opensafety.c:2439:14
#21 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#22 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#23 0x7f497ffde8ed in dissector_try_uint_new epan/packet.c:1329:8
#24 0x7f497ffdfe29 in dissector_try_uint epan/packet.c:1353:9
#25 0x7f497e82aa8b in decode_udp_ports epan/dissectors/packet-udp.c:673:7
#26 0x7f497e8405c2 in dissect epan/dissectors/packet-udp.c:1131:5
#27 0x7f497e82f8ef in dissect_udp epan/dissectors/packet-udp.c:1137:3
#28 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#29 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#30 0x7f497ffde8ed in dissector_try_uint_new epan/packet.c:1329:8
#31 0x7f497cf539d2 in dissect_exported_pdu
epan/dissectors/packet-exported_pdu.c:307:17
#32 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#33 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#34 0x7f497ffde8ed in dissector_try_uint_new epan/packet.c:1329:8
#35 0x7f497d073c57 in dissect_frame epan/dissectors/packet-frame.c:521:11
#36 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#37 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#38 0x7f497ffee4e7 in call_dissector_only epan/packet.c:2992:8
#39 0x7f497ffd6694 in call_dissector_with_data epan/packet.c:3005:8
#40

[Wireshark-bugs] [Bug 13755] [oss-fuzz] Allocation too large: 4294967295 > 2147483648 (0xffffffff > 0x80000000)

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755

--- Comment #1 from Peter Wu  ---
Created attachment 15594
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15594=edit
Packet capture file

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13754] MySQL dissector suffers from Malformed Packet syndrome with 100k+ result sets

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13754

--- Comment #1 from Justin C  ---
On a whim, I decided to disable the compressed header check with this patch...

diff --git a/epan/dissectors/packet-mysql.c
b/epan/dissectors/packet-mysql.c
index dc6881bf87..91d07dff00 100644
--- a/epan/dissectors/packet-mysql.c
+++ b/epan/dissectors/packet-mysql.c
@@ -2204,11 +2204,7 @@ get_mysql_pdu_len(packet_info *pinfo _U_, tvbuff_t
*tvb, int offset, void *data
  int tvb_remain= tvb_reported_length_remaining(tvb, offset);
  guint plen= tvb_get_letoh24(tvb, offset);

-   if ((tvb_remain - plen) == 7) {
-   return plen + 7; /* compressed header 3+1+3 (len+id+cmp_len) */
-   } else {
-   return plen + 4; /* regular header 3+1 (len+id) */
-   }
+   return plen + 4; /* regular header 3+1 (len+id) */
}

/* dissector main function: handle one PDU */

...and resolved the 'Malformed Packet', it no longer appears.  It seems the
compressed header check is inadequate, though I'm not sure why it's failing
with three bytes remaining in the [TCP frame?].

I also forgot to mention that when I collected the "pcap with fake data", my
SQL client did not bug out with a "Packet out of order" error, so the
attachment should be a flawless transmission.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13749] EPL dissector (wrongly?) flagging packets as duplicates

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13749

Peter Wu  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED
 CC||pe...@lekensteyn.nl

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13604] Enhance EPL dissection by ObjectMappings and device profiles

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13604

Peter Wu  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|IN_PROGRESS |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13747] [oss-fuzz] UBSAN: division by zero in packet-thread.c:1824:82

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13747

Peter Wu  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13747] [oss-fuzz] UBSAN: division by zero in packet-thread.c:1824:82

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13747

--- Comment #3 from Gerrit Code Review  ---
Change 21878 merged by Peter Wu:
thread: Fix division by zero

https://code.wireshark.org/review/21878

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13749] EPL dissector (wrongly?) flagging packets as duplicates

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13749

--- Comment #2 from Gerrit Code Review  ---
Change 21112 merged by Peter Wu:
packet-epl.c: Enhance dissection by ObjectMappings and device profiles

https://code.wireshark.org/review/21112

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13604] Enhance EPL dissection by ObjectMappings and device profiles

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13604

--- Comment #18 from Gerrit Code Review  ---
Change 21112 merged by Peter Wu:
packet-epl.c: Enhance dissection by ObjectMappings and device profiles

https://code.wireshark.org/review/21112

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13754] New: MySQL dissector suffers from Malformed Packet syndrome with 100k+ result sets

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13754

Bug ID: 13754
   Summary: MySQL dissector suffers from Malformed Packet syndrome
with 100k+ result sets
   Product: Wireshark
   Version: 2.3.x (Experimental)
  Hardware: x86-64
OS: Linux (other)
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: chare...@gmail.com
  Target Milestone: ---

Created attachment 15593
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15593=edit
pcap with fake data

Build Information:
Wireshark 2.3.0 (v2.3.0rc0-3724-g6607be77f3)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.8.0, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.52.2, with zlib 1.2.11, without SMI, with c-ares
1.12.0, with Lua 5.2.4, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with MIT
Kerberos, with GeoIP, with nghttp2 1.22.0, with LZ4, with Snappy, with libxml2
2.9.4, with QtMultimedia, without AirPcap, with SBC, with SpanDSP.

Running on Linux 4.10.11-1-ARCH, with Intel(R) Core(TM) i7 CPU 950  @
3.07GHz (with SSE4.2), with 24105 MB of physical memory, with locale
LC_CTYPE=en_US.UTF-8, LC_NUMERIC=en_US.UTF-8, LC_TIME=en_US.UTF-8,
LC_COLLATE=C,
LC_MONETARY=en_US.UTF-8, LC_MESSAGES=en_US.UTF-8, LC_PAPER=en_US.UTF-8,
LC_NAME=en_US.UTF-8, LC_ADDRESS=en_US.UTF-8, LC_TELEPHONE=en_US.UTF-8,
LC_MEASUREMENT=en_US.UTF-8, LC_IDENTIFICATION=en_US.UTF-8, with libpcap version
1.8.1, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with zlib 1.2.11.

Built using gcc 6.3.1 20170306.

--
Attached pcap.  I may [misuse/abuse] network terminology; I apologize; this is
unfamiliar territory.

# Problem

I'm trying to dissect the MySQL protocol between a MariaDB server and a client
program I'm writing that suffers from "Packet out of order" errors.

Before I can debug that issue, I'm finding that Wireshark is unable to dissect
the protocol and reports "Malformed Packet" (No. 105 in the pcap attachment).

The malformed packet appears consistently at the end of a [TCP frame?] with
three bytes remaining which appear to be the `Packet Length` of the next MySQL
packet.

Do note that I'm running a query (roughly "select sku, description from
products") that fetches 100k rows.


# MariaDB version

▶ mysql -e 'SHOW VARIABLES LIKE ''%version%'''
+-+-+
| Variable_name   | Value   |
+-+-+
| innodb_version  | 5.6.34-79.1 |
| protocol_version| 10  |
| slave_type_conversions  | |
| version | 10.1.21-MariaDB |
| version_comment | MariaDB Server  |
| version_compile_machine | x86_64  |
| version_compile_os  | Linux   |
| version_malloc_library  | bundled jemalloc|
| version_ssl_library | OpenSSL 1.0.2k  26 Jan 2017 |
| wsrep_patch_version | wsrep_25.16 |
+-+-+

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12958

Christoph Wurm  changed:

   What|Removed |Added

 CC||w...@elastic.co

--- Comment #18 from Christoph Wurm  ---
This is probably related: As I understand it, `tshark -T ek` is supposed to
generate a JSON format that can be directly imported into Elasticsearch.

However, Elasticsearch does not accept duplicate field names and so the import
*will* fail.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13350] "Wireshark has stopped working" every time I quit

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13350

--- Comment #16 from Justin  ---
Will do.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13646] [oss-fuzz] UBSAN: null pointer passed as argument 1, which is declared to never be null in packet-rgmp.c:73:16

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9354

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13675] [oss-fuzz] UBSAN: member access within null pointer of type 'const struct e_in6_addr' in inet_ipv6.h:111:15

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9353

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13599] libfuzzer: BZR dissector loop (get_bzr_pdu_len)

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9352

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13649] [oss-fuzz] Allocation too large: 4294967295 > 2147483648 (0xffffffff > 0x80000000)

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9350

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13609] [oss-fuzz] ASAN: heap-buffer-overflow (run/tshark+0xf751e) in __interceptor_strncmp.part.68

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9351

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13637] [oss-fuzz] UBSAN: null pointer passed as argument 1, which is declared to never be null in wmem_map.c:419:57

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9347

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13685] [oss-fuzz] ==20063==AddressSanitizer: hard rss limit exhausted (2048Mb vs 2056Mb)

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9349

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13608] [oss-fuzz] ASAN: heap-buffer-overflow epan/dissectors/packet-dof.c:3899:32 in OALMarshal_UncompressValue

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9348

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13631] [oss-fuzz] timeout: check_slsk_format epan/dissectors/packet-slsk.c:280:11

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9346

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13633] [oss-fuzz] timeout: expand_dns_name epan/dissectors/packet-dns.c:1158:21

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9345

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13701] [oss-fuzz] UBSAN: division by zero in packet-btl2cap.c:1687:87

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9344

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13725] [oss-fuzz] UBSAN: null pointer passed as argument 1, which is declared to never be null in packet-msnip.c:220:13

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725

Gerald Combs  changed:

   What|Removed |Added

   See Also||http://cve.mitre.org/cgi-bi
   ||n/cvename.cgi?name=CVE-2017
   ||-9343

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13747] [oss-fuzz] UBSAN: division by zero in packet-thread.c:1824:82

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13747

--- Comment #2 from Gerrit Code Review  ---
Change 21878 had a related patch set uploaded by Björn Ruytenberg:
thread: Fix division by zero

https://code.wireshark.org/review/21878

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13751] IEEE 802.15.4: infinite loop when decoding MLME Payload Sub IEs

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13751

Pascal Quantin  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|IN_PROGRESS |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13751] IEEE 802.15.4: infinite loop when decoding MLME Payload Sub IEs

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13751

--- Comment #2 from Gerrit Code Review  ---
Change 21875 merged by Pascal Quantin:
IEEE 802.15.4: add a missing offset increment in
dissect_ieee802154_payload_mlme_sub_ie()

https://code.wireshark.org/review/21875

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13752] SIP response single-line multiple Contact-URIs decoding error

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13752

Alexis La Goutte  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 CC||alexis.lagou...@gmail.com
 Ever confirmed|0   |1

--- Comment #1 from Alexis La Goutte  ---
Get same issue with last 2.3.0 release...

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13753] New: Crash when (re)loading a capture file after renaming a dfilter macro

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13753

Bug ID: 13753
   Summary: Crash when (re)loading a capture file after renaming a
dfilter macro
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: pe...@lekensteyn.nl
  Target Milestone: ---

Build Information:
v2.3.0rc0-3214-g845f8d3067
--
Steps to reproduce:
0. Open a capture file.
1. Open Analyze -> Display Filter Macros
2. Add a new filter, e.g. name "test" and filter "eth.src".
3. Close dialog.
4. Enter display filter "test" and press enter.
5. Open dfilter macros dialog again, rename "test" to "t" and close dialog.
6. Reload capture file (or close capture and open a file).

Expected behavior:
Capture file opens normally. Display filter should be marked pink.

Actual behavior:
Display filter remains green, even after renaming the filter (which made it
invalid). On reloading the capture, the following assertion is visible:

 ERROR:file.c:556:cf_read: assertion failed: (!cf->dfilter || (compiled &&
dfcode))

Other information:
The assertion is here:

  /* Compile the current display filter.
   * We assume this will not fail since cf->dfilter is only set in
   * cf_filter IFF the filter was valid.
   */
  compiled = dfilter_compile(cf->dfilter, , NULL);
  g_assert(!cf->dfilter || (compiled && dfcode));

Maybe dfilters should be invalidated after changing macros (but causing a
reload might be expensive for large files). I also wonder whether this would
also result in trouble when Lua/C dissector plugins are reloaded (which could
possibly result in removal of some fields).

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13751] IEEE 802.15.4: infinite loop when decoding MLME Payload Sub IEs

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13751

--- Comment #1 from Gerrit Code Review  ---
Change 21875 had a related patch set uploaded by Pascal Quantin:
IEEE 802.15.4: add a missing offset increment in
dissect_ieee802154_payload_mlme_sub_ie()

https://code.wireshark.org/review/21875

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13752] New: SIP response single-line multiple Contact-URIs decoding error

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13752

Bug ID: 13752
   Summary: SIP response single-line multiple Contact-URIs
decoding error
   Product: Wireshark
   Version: 2.2.6
  Hardware: x86-64
OS: Windows 7
Status: UNCONFIRMED
  Severity: Minor
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: stefan.li...@gmx.net
  Target Milestone: ---

Created attachment 15592
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15592=edit
SIP responses with and without params

Build Information:
Version 2.2.6 (v2.2.6-0-g32dac6a)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
German_Austria.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980),
based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15,
with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz (with SSE4.2), with 8117MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Wireshark fails to properly parse a SIP response Contact-header if multiple
contacts are contained on one line and no URI parameter is given. 
If two URIs are contained and the first URI does _not_ have a parameter the
second URI is ignored. Only if the first URI is followed by a parameter (q,
expires) the second URI is recognized.

Example from the attachment:
Contact: , 
Contact URI: sip:justatest@10.40.50.15:5070

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13751] IEEE 802.15.4: infinite loop when decoding MLME Payload Sub IEs

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13751

Pascal Quantin  changed:

   What|Removed |Added

 CC||pascal.quan...@gmail.com
 Ever confirmed|0   |1
Summary|Tshark/wireshark hanging|IEEE 802.15.4: infinite
   |with this pcap file |loop when decoding MLME
   ||Payload Sub IEs
 Status|UNCONFIRMED |IN_PROGRESS

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13751] New: Tshark/wireshark hanging with this pcap file

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13751

Bug ID: 13751
   Summary: Tshark/wireshark hanging with this pcap file
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: remy.le...@gmail.com
  Target Milestone: ---

Created attachment 15591
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15591=edit
This pcap file makes my upstream wireshark crash

Build Information:
$ upstream_tshark -v
TShark (Wireshark) 2.3.0 (v2.3.0rc0-3708-g012f657)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.48.2, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP,
with nghttp2 1.7.1, with LZ4, with Snappy, with libxml2 2.9.3.

Running on Linux 4.4.0-77-generic, with Intel(R) Core(TM) i7-5600U CPU @
2.60GHz
(with SSE4.2), with 15922 MB of physical memory, with locale fr_FR.UTF-8, with
libpcap version 1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with zlib 1.2.8.

Built using gcc 5.4.0 20160609.

--
This PCAP file makes wireshark and tshark hang and crash.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13750] New: Installation of vcredist not checked

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13750

Bug ID: 13750
   Summary: Installation of vcredist not checked
   Product: Wireshark
   Version: 2.2.6
  Hardware: x86-64
OS: Windows 7
Status: UNCONFIRMED
  Severity: Minor
  Priority: Low
 Component: Build process
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: philipp+wiresh...@marek.priv.at
  Target Milestone: ---

Build Information:
Installer from wireshark site,
https://1.eu.dl.wireshark.org/win64/Wireshark-win64-2.2.6.exe
--
After installing wireshark, it wouldn't run: "MSVCP120.DLL not found".

Trying
https://support.microsoft.com/en-us/help/3179560/update-for-visual-c-2013-and-visual-c-redistributable-package
aborted with "error 2203".
I could trace it down to %TEMP% being writable _only_ for the current user, not
for "Administrators" or "System"; after changing the ACL on that one
installation of 3179560 went through normally.

So, my guess is that the included MSVC runtime installation broke because of
that ACL; but as the installation was silent, I didn't even notice that it
didn't work.

How about checking for the required DLLs after the redist installation step?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13150] Issue on tshark json/ek output. Keys duplicated

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13150

conall.prenderg...@anam.com changed:

   What|Removed |Added

 CC||conall.prenderg...@anam.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12958] Wrong JSON format returned by new -T json feature

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12958

conall.prenderg...@anam.com changed:

   What|Removed |Added

 CC||conall.prenderg...@anam.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13531] GTPv2 Information Element Name not shown

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13531

--- Comment #3 from Gerrit Code Review  ---
Change 21872 merged by Anders Broman:
[GTPv2] Add "name" to IEs with Generic names in some cases.

https://code.wireshark.org/review/21872

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13749] EPL dissector (wrongly?) flagging packets as duplicates

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13749

Roland Knall  changed:

   What|Removed |Added

 CC||christoph.schlosser@yahoo.d
   ||e
 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

--- Comment #1 from Roland Knall  ---
Marking this as a duplicate is an error. The new behavior should be kept.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12303] ERF metadata support

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12303

--- Comment #9 from Gerrit Code Review  ---
Change 21873 had a related patch set uploaded by Anthony Coddington:
ERF_TYPE_META write and comment support

https://code.wireshark.org/review/21873

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13745] RADIUS dictionary: BEGIN-VENDOR does not support format=Extended-Vendor-Specific-*

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13745

--- Comment #4 from João Valverde  ---
Unless there is a bug in the dissector code (quite possible) I edited the title
to be more descriptive.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13745] RADIUS dictionary: BEGIN-VENDOR does not support format=Extended-Vendor-Specific-*

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13745

João Valverde  changed:

   What|Removed |Added

Summary|RADIUS: Vendor-Specific |RADIUS dictionary:
   |Extended Attributes (RFC|BEGIN-VENDOR does not
   |6929) are not correctly |support
   |decoded |format=Extended-Vendor-Spec
   ||ific-*

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13749] EPL dissector (wrongly?) flagging packets as duplicates

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13749

Ahmad Fatoum  changed:

   What|Removed |Added

Summary|EPL dissectors (wrongly?)   |EPL dissector (wrongly?)
   |flagging packets as |flagging packets as
   |duplicates  |duplicates

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13749] New: EPL dissectors (wrongly?) flagging packets as duplicates

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13749

Bug ID: 13749
   Summary: EPL dissectors (wrongly?) flagging packets as
duplicates
   Product: Wireshark
   Version: Git
  Hardware: All
   URL: https://code.wireshark.org/review/#/c/21112/
OS: All
Status: UNCONFIRMED
  Severity: Normal
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: ah...@a3f.at
CC: rkn...@gmail.com
  Target Milestone: ---

Created attachment 15590
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15590=edit
Capture file with alleged duplicates

Build Information:
Version 2.3.0 (v2.3.0rc0-3692-gc3e0b73cb5)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.8.0, with libpcap, without POSIX capabilities, with
GLib 2.52.0, with zlib 1.2.8, without SMI, with c-ares 1.12.0, without Lua,
with
GnuTLS 3.5.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, without
nghttp2, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, without
AirPcap, without SBC, without SpanDSP.

Running on Mac OS X 10.12.4, build 16E195 (Darwin 16.5.0), with Intel(R)
Core(TM) i5-4278U CPU @ 2.60GHz (with SSE4.2), with 16384 MB of physical
memory,
with locale en_US.UTF-8, with libpcap version 1.8.1 -- Apple version 67.50.2,
with GnuTLS 3.5.11, with Gcrypt 1.7.6, with zlib 1.2.8.

Built using clang 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42).
--
Load attached capture
Goto packet 32252

Observation:
EPL dissector's Expert Info reports that packet 32252 is a duplicate of packet
32243, owing to them both sharing the same ReceiveSequenceNumber and
SendSequenceNumber (18).

But they each go into the different direction!
32243 is 192.168.100.240 => 192.168.100.4 (MN => CN)
while
32252 is 192.168.100.4   => 192.168.100.240 (CN => MN)

Is it correct to call this a duplicate?

I've inadvertently (un?)broken this behavior in Change
#Ic33ff0be8f2eae7c24fe5877ad9258d1e550c227, by always taking the MN and CN node
IDs into consideration.

Mainline packet-epl.c reads CN and MN node IDs from the packet payload, but
those are 0x00 for UDP packets. Proper node IDs for UDP packets can be got by
taking the last octet of the IP address.

Patchset patch set 26 of aforementioned change now replicates current mainline
behavior. Please advise if I should revert.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13531] GTPv2 Information Element Name not shown

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13531

--- Comment #2 from Gerrit Code Review  ---
Change 21872 had a related patch set uploaded by Anders Broman:
[GTPv2] Add "name" to IEs with Generic names in some cases.

https://code.wireshark.org/review/21872

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 11131] Wrong color scheme for packet filter

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11131

--- Comment #14 from Gerrit Code Review  ---
Change 21827 merged by Anders Broman:
Qt+prefs: Add a dark theme check and default colors.

https://code.wireshark.org/review/21827

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13738] text in filter box not readable on dark theme

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13738

--- Comment #8 from Gerrit Code Review  ---
Change 21827 merged by Anders Broman:
Qt+prefs: Add a dark theme check and default colors.

https://code.wireshark.org/review/21827

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13745] RADIUS: Vendor-Specific Extended Attributes (RFC 6929) are not correctly decoded

2017-06-01 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13745

--- Comment #3 from Marius Paliga  ---
Created attachment 15589
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15589=edit
pcap with extended attributes

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe