https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10579
Bug ID: 10579
Summary: IP header in ICMP error checksum not checked even
though all header is available
Product: Wireshark
Version: 1.12.1
Hardware: x86-64
OS: Windows 7
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: boaz.brick...@gmail.com
Created attachment 13178
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13178&action=edit
A packet with full IP within ICMP error
Build Information:
Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12)
Copyright 1998-2014 Gerald Combs <ger...@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014),
with
AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Discovered while working on Pcap.Net (http://pcapdot.net).
In the attached pcap file, there is a single IPv4 packet with ICMP Destination
Unreachable message that contains the first 32 bytes of original IPv4 data.
The first 32 bytes of the original IPv4 data contains the full IPv4 header
(since Header Length is 24) but Wireshark still doesn't check whether the
Checksum is good or bad and marks both the "Good" and "Bad" fields as "False".
The checksum is marked with "In ICMP error packet", which is correct, but
doesn't explain why the checksum isn't checked in this case.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
