Re: [Wireshark-dev] DNP3 dissector bug in multi-fragmented messages

2014-07-17 Thread Evan Huus 
Hi Maksym, please file bugs in our bug tracker: 
https://bugs.wireshark.org/bugzilla/

It would also be helpful if you could check if the bug is still present in more 
recent versions (such as the 1.12 release candidate).

Evan

 On Jul 17, 2014, at 3:54, Maksym Galemin maksym.gale...@hydrix.com wrote:
 
 Hi all,
  
 I’d like to report a bug in DNP3 dissector for reassembled multi-fragment 
 DNP3 packets (DNP3 over TCP). In case of TCP retransmissions the DNP3 
 dissector reassembles invalid DNP3 application layer message by copying the 
 retransmitted TCP data straight into the final DNP3 packet without checking 
 if it’s a retransmission or not. As a result the dissector parses DNP3 
 application layer payload incorrectly. Please find a capture file in the 
 attachment: here in packet #18 DNP3 transport layer frame 6 (packet #6) is a 
 retransmission of the frame 1 data (packet #1). Thanks.
  
 --
 Version 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10)
  
 …
  
 Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, 
 with
 GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX 
 capabilities,
 without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without 
 Python,
 with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
 PortAudio V19-devel (built Apr 22 2014), with AirPcap.
  
 Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
 Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, with 2047MB of physical 
 memory.
  
  
 Built using Microsoft Visual C++ 10.0 build 40219
 --
  
  
 Cheers,
  
 Maksym Galemin | Software Engineer
 Hydrix Pty Ltd
 “Our Expertise – Your Competitive Advantage”
 maksym.gale...@hydrix.com |direct +61 3 8573 5231 | mob +61 435 844 500
 www.hydrix.com | fax +61 3 8573 5289 | phone +61 3 8573 5299
  
 DNP3_dissector_issue.zip
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] DNP3 dissector bug in multi-fragmented messages

2014-07-17 Thread Graham Bloice 
Happens in a fairly recent dev build.

For more info on reporting bugs, see http://wiki.wireshark.org/ReportingBugs


On 17 July 2014 13:26, Evan Huus eapa...@gmail.com wrote:

 Hi Maksym, please file bugs in our bug tracker:
 https://bugs.wireshark.org/bugzilla/

 It would also be helpful if you could check if the bug is still present in
 more recent versions (such as the 1.12 release candidate).

 Evan

 On Jul 17, 2014, at 3:54, Maksym Galemin maksym.gale...@hydrix.com
 wrote:

  Hi all,



 I’d like to report a bug in DNP3 dissector for reassembled multi-fragment
 DNP3 packets (DNP3 over TCP). In case of TCP retransmissions the DNP3
 dissector reassembles invalid DNP3 application layer message by copying the
 retransmitted TCP data straight into the final DNP3 packet without checking
 if it’s a retransmission or not. As a result the dissector parses DNP3
 application layer payload incorrectly. Please find a capture file in the
 attachment: here in packet #18 DNP3 transport layer frame 6 (packet #6) is
 a retransmission of the frame 1 data (packet #1). Thanks.




 --

 Version 1.10.7 (v1.10.7-0-g6b931a1 from master-1.10)



 …



 Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1,
 with

 GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX
 capabilities,

 without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without
 Python,

 with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with

 PortAudio V19-devel (built Apr 22 2014), with AirPcap.



 Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap
 version

 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch

 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

 Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, with 2047MB of physical
 memory.





 Built using Microsoft Visual C++ 10.0 build 40219


 --





 Cheers,



 Maksym Galemin | Software Engineer

 Hydrix Pty Ltd

 “*Our Expertise – Your Competitive Advantage”*

 *maksym.gale...@hydrix.com maksym.gale...@hydrix.com* |direct +61 3
 8573 5231 | mob +61 435 844 500

 www.hydrix.com | fax +61 3 8573 5289 | phone +61 3 8573 5299



 DNP3_dissector_issue.zip

 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
 wireshark-dev-requ...@wireshark.org?subject=unsubscribe


 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org
 ?subject=unsubscribe




-- 
Graham Bloice
Software Developer
Trihedral UK Limited
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe