[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #10 from Gerrit Code Review --- Change 30284 merged by Jaap Keuter: dns: check if name is root before any other check. https://code.wireshark.org/review/30284 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #9 from Gerrit Code Review --- Change 30284 had a related patch set uploaded by Jaap Keuter: dns: check if name is root before any other check. https://code.wireshark.org/review/30284 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 Michael Mann changed: What|Removed |Added Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #8 from Michael Mann --- (In reply to Jaap Keuter from comment #6) > Does this still work with the capture of bug 13289 ?? This still works fine. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #7 from Dario Lombardo --- (In reply to Jaap Keuter from comment #6) > Does this still work with the capture of bug 13289 ?? It should. The new check includes the old. Are you experiencing any issue? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #6 from Jaap Keuter --- Does this still work with the capture of bug 13289 ?? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #5 from Gerrit Code Review --- Change 26695 merged by Anders Broman: dns: check if name is root before any other check. https://code.wireshark.org/review/26695 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #4 from Martin Kaiser --- (In reply to Uli Heilmeier from comment #2) > Martin, I guess you're on the wrong track. > > IMO issue is here that the answer RR contains a pointer to a root name (0xc0 > pointer at offset 17 with offset 0x0c (pointing to offset 12); name at > offset 12 is 0 => ). > Therefore the length of the name field in the answer section is 2 bytes > (0xc00c). > Ok, I started reading RFC 1035. Now I see what you mean. Thanks for the explanation. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 --- Comment #3 from Gerrit Code Review --- Change 26695 had a related patch set uploaded by Dario Lombardo: dns: check if name is root before any other check. https://code.wireshark.org/review/26695 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 Alexis La Goutte changed: What|Removed |Added CC||lom...@gmail.com -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574
Uli Heilmeier changed:
What|Removed |Added
CC||u...@heilmeier.eu
--- Comment #2 from Uli Heilmeier ---
Martin, I guess you're on the wrong track.
IMO issue is here that the answer RR contains a pointer to a root name (0xc0
pointer at offset 17 with offset 0x0c (pointing to offset 12); name at offset
12 is 0 => ).
Therefore the length of the name field in the answer section is 2 bytes
(0xc00c).
For we're currently expecting 1 byte length.
A possible fix would be:
diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c
index 868c48b7db..f38a1e4bfd 100644
--- a/epan/dissectors/packet-dns.c
+++ b/epan/dissectors/packet-dns.c
@@ -1315,7 +1315,7 @@ expand_dns_name(tvbuff_t *tvb, int offset, int max_len,
int dns_data_offset,
if (len < 0) {
len = offset - start_offset;
}
- if ((len < min_len) || (len > min_len && *name_len == 0)) {
+ if ((len < min_len)) {
THROW(ReportedBoundsError);
}
return len;
@@ -1332,7 +1332,7 @@ get_dns_name(tvbuff_t *tvb, int offset, int max_len, int
dns_data_offset,
len = expand_dns_name(tvb, offset, max_len, dns_data_offset, name,
name_len);
/* Zero-length name means "root server" */
- if (**name == '\0' && len == 1) {
+ if (**name == '\0') {
*name="";
*name_len = (guint)strlen(*name);
}
However, I'm not sure if this breaks other requests.
With master-2.2 len is not checked. Check has been introduced with commit
c397adda8a7af8374ba1355f8c221f48abfac42a
--
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 Martin Kaiser changed: What|Removed |Added CC||wiresh...@kaiser.cx --- Comment #1 from Martin Kaiser --- The backtrace points to #0 except_throw (group=group@entry=1, code=code@entry=2, msg=msg@entry=0x0) at ../epan/except.c:278 #1 0x7324a3d1 in expand_dns_name (tvb=tvb@entry=0x58082de0, offset=, offset@entry=17, max_len=max_len@entry=0, dns_data_offset=0, name=name@entry=0x7fffc018, name_len=name_len@entry=0x7fffc008) at ../epan/dissectors/packet-dns.c:1278 which is case 0x80: THROW(ReportedBoundsError); break; in expand_dns_name() https://tools.ietf.org/html/rfc6195#section-3.3.1 seems to be the definition of this field I don't see what 0b10 means here... Even if the label type is invalid, we could try to skip the label rather than throwing an exception. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14574] DNS Response to NS query shows as malformed packet
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14574 Alexis La Goutte changed: What|Removed |Added Status|UNCONFIRMED |CONFIRMED CC||alexis.lagou...@gmail.com Ever confirmed|0 |1 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
